twesterhever
c599cb599e
[Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
These are frequently abused for distributing malware via non-HTTP
protocols, such as public Samba servers. file:// URLs may also be abused
for including files from the victims' machine in a message. Either way,
a legitimate usecase is unlikely.
Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
3 месяцев назад
twesterhever
608a080d11
[Minor] Add rule for messages missing both X-Mailer and User-Agent header
7 месяцев назад
Andrew Lewis
c17ffcd4e5
[Rules] Blank spam detection
8 месяцев назад
Andrew Lewis
f66bd5ac03
[Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)
9 месяцев назад
Vsevolod Stakhov
662145d055
[Minor] Reformat all Lua code, no functional changes
10 месяцев назад
twesterhever
d47473f553
[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
10 месяцев назад
Dmitriy Alekseev
876a834378
Adjust apple_x_mailer regex
11 месяцев назад
Dmitriy Alekseev
7bed05f8f6
[Minor] A bit better apple_x_mailer regex
11 месяцев назад
Dmitriy Alekseev
7ff31bdb95
Optimize apple_ios_x_mailer regex
11 месяцев назад
Dmitriy Alekseev
a0d7e03366
Support regex rules to detect Apple Mail
11 месяцев назад
twesterhever
472537fc83
[Minor] Remove superfluous '|' in regular expression
1 год назад
twesterhever
be4c99d32e
[Minor] Simplify regular expression for HAS_GOOGLE_REDIR
https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815
1 год назад
Vsevolod Stakhov
5ae23df139
Apply suggestions from code review
1 год назад
twesterhever
bc833035ff
[Minor] Fix description of MIME_HTML_ONLY
Thanks, @moisseev!
1 год назад
twesterhever
68d9f76dc1
[Minor] Improve various rule descriptions
1 год назад
twesterhever
2fb6b9a2aa
[Enhancement] Improve detection of Google redirection URLs
The list is derived from Firefox' static HPKP entires, retrieved from:
https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
1 год назад
twesterhever
433dc0e2d7
[Minor] Move HAS_ONION_URI from "experimental" to "url" group
1 год назад
twesterhever
ba414d6c0b
[Enhancement] Make Google Firebase rule productive
1 год назад
Vsevolod Stakhov
cac6696192
[Feature] Add controller endpoint to get fuzzy hashes from messages
Sample usage:
```
curl -XPOST 'http://localhost:11334/plugins/fuzzy/hashes?flag=1 ' --data-binary '@-' < file
```
Sample output:
```json
{
"hashes": {
"local": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
"rspamd.com": [
"24b6e7de2f489778d828c827079c48bacb086f816d0a7acabbe42e8d0da703b89b913176ad67eefaf5b54fa59f5e0ecfc7015846c4043fcfb0c7a4ed7a235025",
"72789777cbec926f4143de4c08c87acc3fbf3b909b5c39f1edcf82ed12e2d8bc2f56be8d68ee681feccf44ca04e3eca5b8ec039cb84a0d40e22258c370a10cbb"
],
},
"success": true
}
```
Issue: #4489
1 год назад
Anton Yuzhaninov
84b0676210
[Minor] Account for one more undisclosed-recipients address variant
1 год назад
georglauterbach
c18f0561bf
add Betterbird to `user_agent_thunderbird`
See https://github.com/Betterbird/thunderbird-patches/issues/125 for
reference.
This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to
mails sent perfectly find with Betterbird. Betterbird
(<https://www.betterbird.eu/ >) is an adjusted version of Thunderbird,
fixing many bugs and adding long-wanted features. It is a common and
well-known alternative to Thunderbird, so I think the addition is
justified.
1 год назад
twesterhever
08ce184740
[Enhancement] Add rule to detect Google Firebase URLs
1 год назад
twesterhever
fd6ebc9f80
[Enhancement] Make Google URL redirection rules productive
1 год назад
twesterhever
e39879962f
[Minor] Fix some whitespace issues
1 год назад
dpetrov67
4028247ac6
Fix pcall() argument in rspamd.lua
1 год назад
Kako, Chang
6d5db1e04e
[Fix] received: filtering of artificial header
1 год назад
Vsevolod Stakhov
038ed3f012
[Rules] Mid: Add MID_END_EQ_FROM_USER_PART rule
Issue: #4299
1 год назад
twesterhever
2a9abee4cb
[Minor] Regexp is case-insensitive, omit redundant characters
1 год назад
twesterhever
b1781565e2
[Minor] Fix rule comment
1 год назад
twesterhever
1f78100963
[Minor] Limit CIDv1 detection to 128 bytes
As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107 , try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
1 год назад
twesterhever
ac6d1a6566
[Minor] Implement multibase prefixes for IPFS gateway URL rule
1 год назад
twesterhever
9ac1a75132
[Minor] Clarify that IPFS *gateway* URLs are likely considered malicious
1 год назад
Vsevolod Stakhov
4ae8a27cb1
[Minor] Use unicode property for currency detection
Issue: #4320
1 год назад
Vsevolod Stakhov
1803e71558
[Rules] Reduce score of HTTP_TO_HTTPS - subject to remove completely
1 год назад
twesterhever
39aeb394c8
[Enhancement] Add IPFS URL heuristic
1 год назад
Vsevolod Stakhov
05fd471df5
[Rework] Reiterate on priorities
1 год назад
Vsevolod Stakhov
79417a5f81
[Minor] Update more copyright years/email
2 лет назад
Vsevolod Stakhov
2fa0e126c7
[Minor] Update my email and the copyright year
2 лет назад
Vsevolod Stakhov
968d318a0c
[Rules] Slightly reduce MULTIPLE_FROM score
2 лет назад
Josh Soref
2b8e6958f4
Spelling (#4086)
[Rework] Massive spelling fix from @jsoref
2 лет назад
Vsevolod Stakhov
e834cdb26d
[Minor] Oops, fix foldl call
2 лет назад
Vsevolod Stakhov
c6f7b897d4
[Minor] Fix some issues in URI_COUNT_ODD rule
Issue: #4037
2 лет назад
Vsevolod Stakhov
c23d728d75
[Minor] Fix rule
2 лет назад
Vsevolod Stakhov
c1b3e4821a
[Rules] Remove ancient and inefficient rules
2 лет назад
Vsevolod Stakhov
13dd78c687
[Rules] Fix old rules to stop global functions usage
2 лет назад
Andrew Lewis
b7e3440024
[Feature] JSON endpoint for querying maps
2 лет назад
Anton Yuzhaninov
98b205709f
[Minor] Skip bitcoin address check for very long words
Exclude very long words (which can be extracted e. g. from some text
attachments) from bitcoin address check to avoid excessive resource
usage.
2 лет назад
Vsevolod Stakhov
d2ca787313
[Rules] Improve zero font rule
2 лет назад
Sebastian Lipponer
44d83209e2
[Minor] Regexp: Extend upstream spam filter regexp
2 лет назад
Anton Yuzhaninov
0248bd6615
[Rules] Micro-optimize X_PHP_EVAL
Remove /i flag from regexp string "eval()'d code" is always in
lower case. While here use long string format for readability.
2 лет назад