diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-11-09 18:08:43 +0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-09 18:08:43 +0400 |
commit | 8067edf7cc504a81cfdf2fa534a618c2dc592357 (patch) | |
tree | 376b6b61b4a83950ceecc7c1272b719c5299b467 | |
parent | 1e11007cf4fcccc21792d9cd917b3d31aeccfeab (diff) | |
parent | 137b08a00bf67f186f4903d70fd28fff2c5676e9 (diff) | |
download | rspamd-8067edf7cc504a81cfdf2fa534a618c2dc592357.tar.gz rspamd-8067edf7cc504a81cfdf2fa534a618c2dc592357.zip |
Merge pull request #1114 from fatalbanana/rules
[Feature] Rule to detect some obvious X-PHP-Originating-Script forgeries
-rw-r--r-- | rules/regexp/headers.lua | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 6b43c2f05..56f710650 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -790,6 +790,13 @@ reconf['X_PHP_EVAL'] = { group = 'header' } +reconf['X_PHP_FORGED_0X'] = { + re = "X-PHP-Originating-Script=/^0\\d/X", + score = 4.0, + description = "X-PHP-Originating-Script header appears forged", + group = 'header' +} + reconf['GOOGLE_FORWARDING_MID_MISSING'] = { re = "Message-ID=/SMTPIN_ADDED_MISSING\\@mx\\.google\\.com>$/X", score = 2.5, |