mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6536 Commits
29 Branches
Tree: 3e1b2d44a1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3e1b2d44a1'
${ noResults }
rspamd/rules/html.lua

html.lua 4.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. -- Licensed to the Apache Software Foundation (ASF) under one or more

  2. -- contributor license agreements.  See the NOTICE file distributed with

  3. -- this work for additional information regarding copyright ownership.

  4. -- The ASF licenses this file to you under the Apache License, Version 2.0

  5. -- (the "License"); you may not use this file except in compliance with

  6. -- the License.  You may obtain a copy of the License at:

  7. --

  8. --     http://www.apache.org/licenses/LICENSE-2.0

  9. --

  10. -- Unless required by applicable law or agreed to in writing, software

  11. -- distributed under the License is distributed on an "AS IS" BASIS,

  12. -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. -- See the License for the specific language governing permissions and

  14. -- limitations under the License.

  15. 

  16. local reconf = config['regexp']

  17. local rspamd_regexp = require "rspamd_regexp"

  18. local rspamd_logger = require "rspamd_logger"

  19. 

  20. -- Messages that have only HTML part

  21. reconf['MIME_HTML_ONLY'] = 'has_only_html_part()'

  22. 

  23. local function check_html_image(task, min, max)

  24.   local tp = task:get_text_parts()

  25. 

  26.   for _,p in ipairs(tp) do

  27.     if p:is_html() then

  28.       local hc = p:get_html()

  29.       local len = p:get_length()

  30. 

  31. 

  32.       if hc and len >= min and len < max then

  33.         local images = hc:get_images()

  34.         if images then

  35.           for _,i in ipairs(images) do

  36.             local tag = i['tag']

  37.             if tag then

  38.               local parent = tag:get_parent()

  39.               if parent then

  40.                 if parent:get_type() == 'a' then

  41.                   -- do not trigger on small and unknown size images

  42.                   if i['height'] + i['width'] >= 210 then

  43.                     return true

  44.                   end

  45.                 end

  46.               end

  47.             end

  48.           end

  49.         end

  50.       end

  51.     end

  52.   end

  53. end

  54. 

  55. rspamd_config.HTML_SHORT_LINK_IMG_1 = {

  56.   callback = function(task)

  57.     return check_html_image(task, 0, 1024)

  58.   end,

  59.   score = 3.0,

  60.   group = 'html',

  61.   description = 'Short html part (0..1K) with a link to an image'

  62. }

  63. 

  64. rspamd_config.HTML_SHORT_LINK_IMG_2 = {

  65.   callback = function(task)

  66.     return check_html_image(task, 1024, 1536)

  67.   end,

  68.   score = 1.0,

  69.   group = 'html',

  70.   description = 'Short html part (1K..1.5K) with a link to an image'

  71. }

  72. 

  73. rspamd_config.HTML_SHORT_LINK_IMG_3 = {

  74.   callback = function(task)

  75.     return check_html_image(task, 1536, 2048)

  76.   end,

  77.   score = 0.5,

  78.   group = 'html',

  79.   description = 'Short html part (1.5K..2K) with a link to an image'

  80. }

  81. rspamd_config.R_EMPTY_IMAGE = {

  82.   callback = function(task)

  83.     local tp = task:get_text_parts() -- get text parts in a message

  84. 

  85.     for _,p in ipairs(tp) do -- iterate over text parts array using `ipairs`

  86.       if p:is_html() then -- if the current part is html part

  87.         local hc = p:get_html() -- we get HTML context

  88.         local len = p:get_length() -- and part's length

  89. 

  90.         if hc and len < 50 then -- if we have a part that has less than 50 bytes of text

  91.           local images = hc:get_images() -- then we check for HTML images

  92. 

  93.           if images then -- if there are images

  94.             for _,i in ipairs(images) do -- then iterate over images in the part

  95.               if i['height'] + i['width'] >= 400 then -- if we have a large image

  96.                 local tag = i['tag']

  97.                 if tag then

  98.                   local parent = tag:get_parent()

  99.                   if parent then

  100.                     if parent:get_type() ~= 'a' then

  101.                       return true

  102.                     end

  103.                   end

  104.                 end

  105.               end

  106.             end

  107.           end

  108.         end

  109.       end

  110.     end

  111.   end,

  112. 

  113.   score = 2.0,

  114.   group = 'html',

  115.   description = 'Message contains empty parts and image'

  116. }

  117. 

  118. rspamd_config.R_SUSPICIOUS_IMAGES = {

  119.   callback = function(task)

  120.     local tp = task:get_text_parts() -- get text parts in a message

  121. 

  122.     for _, p in ipairs(tp) do

  123.       local h = p:get_html()

  124. 

  125.       if h then

  126.         local l = p:get_words_count()

  127.         local img = h:get_images()

  128.         local pic_words = 0

  129. 

  130.         if img then

  131.           for _, i in ipairs(img) do

  132.             local dim = i['width'] + i['height']

  133.             local tag = i['tag']

  134. 

  135.             if tag then

  136.               local parent = tag:get_parent()

  137.               if parent then

  138.                 if parent:get_type() == 'a' then

  139.                   -- do not trigger on small and large images

  140.                   if dim > 100 and dim < 3000 then

  141.                     -- We assume that a single picture 100x200 contains approx 3 words of text

  142.                     pic_words = pic_words + dim / 100

  143.                   end

  144.                 end

  145.               end

  146.             end

  147.           end

  148.         end

  149. 

  150.         if l + pic_words > 0 then

  151.           local rel = pic_words / (l + pic_words)

  152. 

  153.           if rel > 0.5 then

  154.             return true, (rel - 0.5) * 2

  155.           end

  156.         end

  157.       end

  158.     end

  159. 

  160.     return false

  161.   end,

  162. 

  163.   score = 5.0,

  164.   group = 'html',

  165.   description = 'Message contains many suspicious messages'

  166. }