diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-04-12 15:58:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-12 15:58:21 +0100 |
commit | afa5ae306469b785eb11758eb6eecfbbd906b1f1 (patch) | |
tree | 5f759df4997319807b310c029a5b29ffc67010b5 | |
parent | 249183c0b56d8cbb56fbb70e88406def3b688100 (diff) | |
parent | 9aa169e092def662ec521adb6a07c04e46375fa0 (diff) | |
download | rspamd-afa5ae306469b785eb11758eb6eecfbbd906b1f1.tar.gz rspamd-afa5ae306469b785eb11758eb6eecfbbd906b1f1.zip |
Merge pull request #1586 from smfreegard/rules_20170411
New rules
-rw-r--r-- | rules/headers_checks.lua | 17 | ||||
-rw-r--r-- | rules/html.lua | 70 | ||||
-rw-r--r-- | rules/regexp/headers.lua | 11 |
3 files changed, 97 insertions, 1 deletions
diff --git a/rules/headers_checks.lua b/rules/headers_checks.lua index 1ff27ce2f..02b177c37 100644 --- a/rules/headers_checks.lua +++ b/rules/headers_checks.lua @@ -901,3 +901,20 @@ rspamd_config.CTYPE_MISSING_DISPOSITION = { score = 4.0, group = 'header' } + +rspamd_config.CTYPE_MIXED_BOGUS = { + callback = function(task) + local ct = task:get_header('Content-Type') + if (not ct) then return false end + local parts = task:get_parts() + if (not parts) then return false end + if (ct:lower():match('^multipart/mixed') ~= nil and #parts < 3) + then + return true, tostring(#parts) + end + return false + end, + description = 'multipart/mixed with less than 3 total parts', + score = 2.0, + group = 'headers' +} diff --git a/rules/html.lua b/rules/html.lua index 142cb293c..2c28e85d8 100644 --- a/rules/html.lua +++ b/rules/html.lua @@ -263,4 +263,72 @@ rspamd_config.EXT_CSS = { score = 1.0, group = 'html', description = 'Message contains external CSS reference' -}
\ No newline at end of file +} + +rspamd_config.HTTP_TO_HTTPS = { + callback = function(task) + local tp = task:get_text_parts() + if (not tp) then return false end + for _,p in ipairs(tp) do + if p:is_html() then + local hc = p:get_html() + local found = false + hc:foreach_tag('a', function (tag, length) + -- Skip this loop if we already have a match + if (found) then return true end + local c = tag:get_content() + if (c) then + c = tostring(c):lower() + if (not c:match('^http')) then return false end + local u = tag:get_extra() + if (not u) then return false end + u = tostring(u):lower() + if (not u:match('^http')) then return false end + if ((c:match('^http:') and u:match('^https:')) or + (c:match('^https:') and u:match('^http:'))) + then + found = true + return true + end + end + return false + end) + if (found) then return true end + return false + end + end + return false + end, + description = 'Anchor text contains different scheme to target URL', + score = 2.0, + group = 'html' +} + +rspamd_config.HTTP_TO_IP = { + callback = function(task) + local tp = task:get_text_parts() + if (not tp) then return false end + for _,p in ipairs(tp) do + if p:is_html() then + local hc = p:get_html() + local found = false + hc:foreach_tag('a', function (tag, length) + if (found) then return true end + local u = tag:get_extra() + if (u) then + u = tostring(u):lower() + if (u:match('^https?://%d+%.%d+%.%d+%.%d+')) then + found = true + end + end + return false + end) + if found then return true end + return false + end + end + end, + description = 'Anchor points to an IP address', + score = 1.0, + group = 'html' +} diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index af63d7131..68e540aee 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -905,3 +905,14 @@ reconf['HAS_XOIP'] = { score = 0.0, group = 'headers' } + +reconf['MIME_BASE64_TEXT'] = { + re = string.format('(%s && %s) || (%s && %s)', + 'Content-Type=/^text/Hi', + 'Content-Transfer-Encoding=/^base64/Hi', + 'Content-Type=/^text/Bi', + 'Content-Transfer-Encoding=/^base64/Bi'), + description = 'Message text disguised using base64 encoding', + score = 0.0, + group = 'headers' +} |