These are frequently abused for distributing malware via non-HTTP protocols, such as public Samba servers. file:// URLs may also be abused for including files from the victims' machine in a message. Either way, a legitimate usecase is unlikely. Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>pull/4846/head
@@ -938,6 +938,13 @@ reconf['HAS_GOOGLE_FIREBASE_URL'] = { | |||
group = 'url' | |||
} | |||
reconf['HAS_FILE_URL'] = { | |||
re = '/^file:\\/\\//{url}i', | |||
description = 'Contains file:// URL', | |||
score = 2.0, | |||
group = 'url' | |||
} | |||
reconf['XM_UA_NO_VERSION'] = { | |||
re = string.format('(!%s && !%s) && (%s || %s)', | |||
'X-Mailer=/https?:/H', |