@@ -101,25 +101,41 @@ rspamd_config.DATE_IN_PAST = { | |||
type = 'mime', | |||
} | |||
rspamd_config.R_SUSPICIOUS_URL = { | |||
local obscured_id = rspamd_config:register_symbol{ | |||
callback = function(task) | |||
local urls = task:get_urls() | |||
if urls then | |||
for _,u in ipairs(urls) do | |||
if u:is_obscured() then | |||
local fl = u:get_flags() | |||
if fl.obscured then | |||
task:insert_result('R_SUSPICIOUS_URL', 1.0, u:get_host()) | |||
end | |||
if fl.zw_spaces then | |||
task:insert_result('ZERO_WIDTH_SPACE_URL', 1.0, u:get_host()) | |||
end | |||
end | |||
end | |||
return false | |||
end, | |||
name = 'R_SUSPICIOUS_URL', | |||
score = 5.0, | |||
one_shot = true, | |||
description = 'Obfusicated or suspicious URL has been found in a message', | |||
group = 'url' | |||
} | |||
rspamd_config:register_symbol{ | |||
type = 'virtual', | |||
name = 'ZERO_WIDTH_SPACE_URL', | |||
score = 7.0, | |||
one_shot = true, | |||
description = 'Zero width space in url', | |||
group = 'url', | |||
parent = obscured_id, | |||
} | |||
rspamd_config.ENVFROM_PRVS = { | |||
callback = function (task) |
@@ -1351,6 +1351,10 @@ rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len, | |||
if (norm_res & (RSPAMD_UNICODE_NORM_ZERO_SPACES|RSPAMD_UNICODE_NORM_ERROR)) { | |||
saved_flags |= RSPAMD_URL_FLAG_OBSCURED; | |||
if (norm_res & RSPAMD_UNICODE_NORM_ZERO_SPACES) { | |||
saved_flags |= RSPAMD_URL_FLAG_ZW_SPACES; | |||
} | |||
} | |||
rc = rspamd_url_parse (url, decoded, dlen, pool, RSPAMD_URL_PARSE_HREF); |
@@ -27,6 +27,7 @@ enum rspamd_url_flags { | |||
RSPAMD_URL_FLAG_HAS_USER = 1 << 14, | |||
RSPAMD_URL_FLAG_SCHEMALESS = 1 << 15, | |||
RSPAMD_URL_FLAG_UNNORMALISED = 1 << 16, | |||
RSPAMD_URL_FLAG_ZW_SPACES = 1 << 17, | |||
}; | |||
struct rspamd_url_tag { |
@@ -875,6 +875,7 @@ lua_url_all (lua_State *L) | |||
* - `has_user`: URL has user part | |||
* - `schemaless`: URL has no schema | |||
* - `unnormalised`: URL has some unicode unnormalities | |||
* - `zw_spaces`: URL has some zero width spaces | |||
* @return {table} URL flags | |||
*/ | |||
#define PUSH_FLAG(fl, name) do { \ | |||
@@ -914,6 +915,7 @@ lua_url_get_flags (lua_State *L) | |||
PUSH_FLAG (RSPAMD_URL_FLAG_HAS_USER, "has_user"); | |||
PUSH_FLAG (RSPAMD_URL_FLAG_SCHEMALESS, "schemaless"); | |||
PUSH_FLAG (RSPAMD_URL_FLAG_UNNORMALISED, "unnormalised"); | |||
PUSH_FLAG (RSPAMD_URL_FLAG_ZW_SPACES, "zw_spaces"); | |||
} | |||
else { | |||
return luaL_error (L, "invalid arguments"); |