Anton Yuzhaninov
98b205709f
[Minor] Skip bitcoin address check for very long words
Exclude very long words (which can be extracted e. g. from some text
attachments) from bitcoin address check to avoid excessive resource
usage.
2 years ago
Vsevolod Stakhov
d2ca787313
[Rules] Improve zero font rule
2 years ago
Sebastian Lipponer
44d83209e2
[Minor] Regexp: Extend upstream spam filter regexp
2 years ago
Anton Yuzhaninov
0248bd6615
[Rules] Micro-optimize X_PHP_EVAL
Remove /i flag from regexp string "eval()'d code" is always in
lower case. While here use long string format for readability.
2 years ago
Vsevolod Stakhov
dde092ef09
[Minor] Fix checks safety
2 years ago
Vsevolod Stakhov
7a181b1fe6
[Minor] Add safety guards
2 years ago
Andrew Lewis
8d22202dc9
[Fix] Fix an edge case in BITCOIN_ADDR rule
- when using PCRE
- and different address types are present
3 years ago
Vsevolod Stakhov
f1f2f27585
[Minor] Pet luacheck
3 years ago
Vsevolod Stakhov
ea35232b98
[Project] Rework html visibility rule
3 years ago
Vsevolod Stakhov
3e5cc9ef2d
[Rules] Fix zerofont rule (partially)
3 years ago
Anton Yuzhaninov
a4cfe5e270
[Rules] Extend OLD_X_MAILER
Add more old iPhone/iPad Mail versions to the regexp.
3 years ago
Anton Yuzhaninov
7c00342f85
[Rules] Extend FORGED_X_MAILER
Match in FORGED_X_MAILER fake iPhone Mail header with a random string in
place of iOS build number, e. g. iPhone Mail (WKN0M)
3 years ago
Vsevolod Stakhov
e40213cb54
[Rules] Fix CTYPE_MIXED_BOGUS for text attachments
Issue: #3748
3 years ago
Vsevolod Stakhov
0b88d35b45
[Minor] Fix bit operations logic
3 years ago
Vsevolod Stakhov
0604bcc851
[Minor] Filter urls for R_SUSPICIOUS_URL check
Suggested by: @citrin
3 years ago
Vsevolod Stakhov
deda62a64f
[Minor] Use numeric bit and for checking flags
3 years ago
Andrew Lewis
8a2ba3a5c3
[Minor] Fix REPLYTO_ADDR_EQ_FROM for normalised addresses
3 years ago
Anton Yuzhaninov
8a5448883e
[Rules] Add raw addresses to MULTIPLE_FROM options
It is confusing to have MULTIPLE_FROM with a single address in options,
which happens if one of addresses is empty - usually because of
misplaces <>. While here simplify condition.
3 years ago
Anton Yuzhaninov
b3d5173446
[Minor] Make HAS_PHPMAILER_SIG regexps more specific
Use stricter regexp to avoid false matches.
3 years ago
Vsevolod Stakhov
01c729e15e
[Rules] Fix FPs for CTYPE_MIXED_BOGUS
3 years ago
Vsevolod Stakhov
017d5a8d6a
[Rules] Fix HTTP_TO_HTTPS rule
3 years ago
Vsevolod Stakhov
8e9cde0829
[Rules] Do not trigger HTML_SHORT_LINK_IMG on external images
3 years ago
Kako, Chang
b48c6fbdbf
Fix typos in code comments
3 years ago
Vsevolod Stakhov
c9e91f011a
[Minor] Bitcoin: Another fix for bleach32 regexp
3 years ago
Richard Schwab
7f7d408876
[Minor] fix typo: obfusicated -> obfuscated
3 years ago
Vsevolod Stakhov
028e4ecefe
[Rules] Another fix to HTTP_TO_HTTPS rule
3 years ago
Vsevolod Stakhov
e2d44157b3
[Rules] Fix HTTP_TO_HTTPS rule
3 years ago
Vsevolod Stakhov
99c27fc7be
[Rules] Reduce default weight for R_MISSING_CHARSET
3 years ago
Vsevolod Stakhov
ba5b6773e2
[Minor] Fix OMOGRAPH_URL for the changes in the phished flag
3 years ago
Vsevolod Stakhov
cd151c848a
[Minor] Properly use task:set_recipients
3 years ago
Alexander Moisseev
4aebb2b5de
[Fix] Fix Mozilla Message-ID detection
The left part of the Mozilla Message-ID is a hexadecimal timestamp. The regexp was mistakenly limited to 2021-01-14.
3 years ago
Andrew Lewis
794bb6c241
[Fix] Avoid reinitialising neural settings
3 years ago
Vsevolod Stakhov
1daf44c4b1
[Minor] Add another bounce re
3 years ago
Pavel Rochnyack
4ea3250be3
Fix typos in code comments
3 years ago
Vsevolod Stakhov
2ce745e592
[Minor] Fix missing comma
3 years ago
Anton Yuzhaninov
38d347e23e
[Minor] Add rule for forged X-Mailer: Internet Mail Service
3 years ago
Anton Yuzhaninov
badadf5051
[Minor] Add {header} for header regexps
3 years ago
Anton Yuzhaninov
a9e9703a89
[Minor] Use task:has_header instead of task:get_header
Use task:has_header() to check if header is exists.
3 years ago
Anton Yuzhaninov
027453fe4a
[Minor] Remove R_SAJDING and SUSPICIOUS_OPERA_10W_MSGID
These rules are no longer relevant.
3 years ago
Anton Yuzhaninov
689c49dd1a
[Minor] Add FORGED_X_MAILER rule for X-Mailer used by spamboots
3 years ago
Andrew Lewis
5104d145d7
[Minor] Move http_headers to plugin
- Support multiple DKIM results
- Insert DKIM trace symbols
- Always disable callbacks if we got a header
- Make the plugin default-disabled
- Disable callbacks instead of virtual symbols
3 years ago
Andrew Lewis
960b608d35
[Feature] Add controller endpoint for training neural
- Move neural functions to library
- Parameterise spawn_train
- neural plugin: Fix store_pool_only when autotrain is true
- neural plugin: Use cache_set instead of mempool
- Add test
3 years ago
Anton Yuzhaninov
c31d5ddde3
[Minor] Update regexp for R_UNDISC_RCPT
Match more variations for undisclosed-recipients, but don't match when
it is used as a lame real name.
3 years ago
Anton Yuzhaninov
5d6b526c6b
[Minor] Add rule for old MUA version
These versions are rarely used by real uses nowadays, but can be found
in spam.
3 years ago
Anton Yuzhaninov
a7aa9adc0c
[Minor] Remove FAKE_REPLY_C and move FAKE_REPLY rule to regexp module
FAKE_REPLY_C rule no longer works because MUA it used are no longer used
(and ones which are used changed headers they add). In theory one can
test all popular modern MUA and see which add only References, which
only In-Reply-To and which add both headers. But it will be a lot of
work to maintain such rule up to date. It still has a small number of
hits, but mostly because some spammers use old X-Mailer headers. This
should be addressed separately.
While here re-create FAKE_REPLY as a regexp module rule - this way it
should be more efficient.
3 years ago
Anton Yuzhaninov
df5e7c7fb3
[Minor] Remove AOL_SPAM rule
Mail from AOL not longer have X-AOL-Global-Disposition header and this
rule no longer works. AOL messages now have X-YMail-OSG header (like
yahoo.com), but it is encrypted/obfuscated and cannot be used here.
3 years ago
Vsevolod Stakhov
37c8503032
[Minor] Use rspamd_parsers directly
3 years ago
Vsevolod Stakhov
c0d8b18d5b
[Rules] Remove broken rule
Pointed by: @citrin
3 years ago
Lionel
2cb15c8db9
fix util name
3 years ago
Anton Yuzhaninov
ce9394561d
[Minor] Add option for DATE_IN_PAST/DATE_IN_FUTURE symbols
Value for an option is the number of full hours the date of the message
is in the past or future.
3 years ago