# Mime types rules scores # # Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine # parameters defined on the top level # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add # parameters defined on the top level # # For specific modules or configuration you can also modify # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults # # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Mime attachments rules"; symbols = { "MIME_GOOD" { weight = -0.1; description = "Known content-type"; one_shot = true; } "MIME_BAD" { weight = 1.0; description = "Known bad content-type"; one_shot = true; } "MIME_UNKNOWN" { weight = 0.1; description = "Missing or unknown content-type"; one_shot = true; } "MIME_BAD_ATTACHMENT" { weight = 4.0; description = "Invalid attachment mime type"; one_shot = true; } "MIME_ENCRYPTED_ARCHIVE" { weight = 2.0; description = "Encrypted archive in a message"; one_shot = true; } "MIME_OBFUSCATED_ARCHIVE" { weight = 8.0; description = "Archive has files with clear obfuscation signs"; one_shot = true; } "MIME_EXE_IN_GEN_SPLIT_RAR" { weight = 5.0; description = "EXE file in RAR archive with generic split extension (e.g. .001)"; one_shot = true; } "MIME_ARCHIVE_IN_ARCHIVE" { weight = 5.0; description = "Archive within another archive"; one_shot = true; } "MIME_DOUBLE_BAD_EXTENSION" { weight = 3.0; # This rule has dynamic weight up to 4.0 description = "Bad extension cloaking"; one_shot = true; } "MIME_BAD_EXTENSION" { weight = 2.0; # This rule has dynamic weight up to 4.0 description = "Bad extension"; one_shot = true; } "MIME_BAD_UNICODE" { weight = 8.0; description = "Filename with known obscured unicode characters"; one_shot = true; } }