twesterhever
c599cb599e
[Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
These are frequently abused for distributing malware via non-HTTP
protocols, such as public Samba servers. file:// URLs may also be abused
for including files from the victims' machine in a message. Either way,
a legitimate usecase is unlikely.
Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
3 mesi fa
twesterhever
608a080d11
[Minor] Add rule for messages missing both X-Mailer and User-Agent header
7 mesi fa
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
8 mesi fa
Andrew Lewis
f66bd5ac03
[Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)
9 mesi fa
Vsevolod Stakhov
662145d055
[Minor] Reformat all Lua code, no functional changes
10 mesi fa
twesterhever
d47473f553
[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
10 mesi fa
Dmitriy Alekseev
876a834378
Adjust apple_x_mailer regex
11 mesi fa
Dmitriy Alekseev
7bed05f8f6
[Minor] A bit better apple_x_mailer regex
11 mesi fa
Dmitriy Alekseev
7ff31bdb95
Optimize apple_ios_x_mailer regex
11 mesi fa
Dmitriy Alekseev
a0d7e03366
Support regex rules to detect Apple Mail
11 mesi fa
twesterhever
472537fc83
[Minor] Remove superfluous '|' in regular expression
1 anno fa
twesterhever
be4c99d32e
[Minor] Simplify regular expression for HAS_GOOGLE_REDIR
https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815
1 anno fa
Vsevolod Stakhov
5ae23df139
Apply suggestions from code review
1 anno fa
twesterhever
bc833035ff
[Minor] Fix description of MIME_HTML_ONLY
Thanks, @moisseev!
1 anno fa
twesterhever
68d9f76dc1
[Minor] Improve various rule descriptions
1 anno fa
twesterhever
2fb6b9a2aa
[Enhancement] Improve detection of Google redirection URLs
The list is derived from Firefox' static HPKP entires, retrieved from:
https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
1 anno fa
twesterhever
433dc0e2d7
[Minor] Move HAS_ONION_URI from "experimental" to "url" group
1 anno fa
twesterhever
ba414d6c0b
[Enhancement] Make Google Firebase rule productive
1 anno fa
Vsevolod Stakhov
cac6696192
[Feature] Add controller endpoint to get fuzzy hashes from messages
Sample usage:
```
curl -XPOST 'http://localhost:11334/plugins/fuzzy/hashes?flag=1 ' --data-binary '@-' < file
```
Sample output:
```json
{
"hashes": {
"local": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
"rspamd.com": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
},
"success": true
}
```
Issue: #4489
1 anno fa
Anton Yuzhaninov
84b0676210
[Minor] Account for one more undisclosed-recipients address variant
1 anno fa
georglauterbach
c18f0561bf
add Betterbird to `user_agent_thunderbird`
See https://github.com/Betterbird/thunderbird-patches/issues/125 for
reference.
This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to
mails sent perfectly find with Betterbird. Betterbird
(<https://www.betterbird.eu/ >) is an adjusted version of Thunderbird,
fixing many bugs and adding long-wanted features. It is a common and
well-known alternative to Thunderbird, so I think the addition is
justified.
1 anno fa
twesterhever
08ce184740
[Enhancement] Add rule to detect Google Firebase URLs
1 anno fa
twesterhever
fd6ebc9f80
[Enhancement] Make Google URL redirection rules productive
1 anno fa
twesterhever
e39879962f
[Minor] Fix some whitespace issues
1 anno fa
dpetrov67
4028247ac6
Fix pcall() argument in rspamd.lua
1 anno fa
Kako, Chang
6d5db1e04e
[Fix] received: filtering of artificial header
1 anno fa
Vsevolod Stakhov
038ed3f012
[Rules] Mid: Add MID_END_EQ_FROM_USER_PART rule
Issue: #4299
1 anno fa
twesterhever
2a9abee4cb
[Minor] Regexp is case-insensitive, omit redundant characters
1 anno fa
twesterhever
b1781565e2
[Minor] Fix rule comment
1 anno fa
twesterhever
1f78100963
[Minor] Limit CIDv1 detection to 128 bytes
As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107 , try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
1 anno fa
twesterhever
ac6d1a6566
[Minor] Implement multibase prefixes for IPFS gateway URL rule
1 anno fa
twesterhever
9ac1a75132
[Minor] Clarify that IPFS *gateway* URLs are likely considered malicious
1 anno fa
Vsevolod Stakhov
4ae8a27cb1
[Minor] Use unicode property for currency detection
Issue: #4320
1 anno fa
Vsevolod Stakhov
1803e71558
[Rules] Reduce score of HTTP_TO_HTTPS - subject to remove completely
1 anno fa
twesterhever
39aeb394c8
[Enhancement] Add IPFS URL heuristic
1 anno fa
Vsevolod Stakhov
05fd471df5
[Rework] Reiterate on priorities
1 anno fa
Vsevolod Stakhov
79417a5f81
[Minor] Update more copyright years/email
2 anni fa
Vsevolod Stakhov
2fa0e126c7
[Minor] Update my email and the copyright year
2 anni fa
Vsevolod Stakhov
968d318a0c
[Rules] Slightly reduce MULTIPLE_FROM score
2 anni fa
Josh Soref
2b8e6958f4
Spelling (#4086)
[Rework] Massive spelling fix from @jsoref
2 anni fa
Vsevolod Stakhov
e834cdb26d
[Minor] Oops, fix foldl call
2 anni fa
Vsevolod Stakhov
c6f7b897d4
[Minor] Fix some issues in URI_COUNT_ODD rule
Issue: #4037
2 anni fa
Vsevolod Stakhov
c23d728d75
[Minor] Fix rule
2 anni fa
Vsevolod Stakhov
c1b3e4821a
[Rules] Remove ancient and inefficient rules
2 anni fa
Vsevolod Stakhov
13dd78c687
[Rules] Fix old rules to stop global functions usage
2 anni fa
Andrew Lewis
b7e3440024
[Feature] JSON endpoint for querying maps
2 anni fa
Anton Yuzhaninov
98b205709f
[Minor] Skip bitcoin address check for very long words
Exclude very long words (which can be extracted e. g. from some text
attachments) from bitcoin address check to avoid excessive resource
usage.
2 anni fa
Vsevolod Stakhov
d2ca787313
[Rules] Improve zero font rule
2 anni fa
Sebastian Lipponer
44d83209e2
[Minor] Regexp: Extend upstream spam filter regexp
2 anni fa
Anton Yuzhaninov
0248bd6615
[Rules] Micro-optimize X_PHP_EVAL
Remove /i flag from regexp string "eval()'d code" is always in
lower case. While here use long string format for readability.
2 anni fa