[Rules] Add PDF related rules

1 files changed, 37 insertions, 0 deletions

diff --git a/conf/scores.d/content_group.conf b/conf/scores.d/content_group.conf
new file mode 100644
index 000000000..b53ec31d0
--- /dev/null
+++ b/conf/scores.d/content_group.conf
@@ -0,0 +1,37 @@
+# Content matching rules
+#
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+description = "Content rules";
+
+symbols = {
+    "PDF_ENCRYPTED" {
+        weight = 0.3;
+        description = "There is an encrypted PDF in the message";
+        one_shot = true;
+    }
+    "PDF_JAVASCRIPT" {
+        weight = 0.1;
+        description = "There is an PDF with JavaScript in the message";
+        one_shot = true;
+    }
+    "PDF_SUSPICIOUS" {
+        weight = 4.5;
+        description = "There is an PDF with suspicious properties in the message";
+        one_shot = true;
+    }
+}
+