diff options
author | Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> | 2024-06-26 16:21:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-26 15:21:57 +0100 |
commit | 7b3fd1688c8d6634b67acced10f770792c928a91 (patch) | |
tree | 419784d75b7a46411d1c9a8f568709df8a770e7f /conf | |
parent | ec1b9b8affaa66dd78f25f712040b3a1bb62fc39 (diff) | |
download | rspamd-7b3fd1688c8d6634b67acced10f770792c928a91.tar.gz rspamd-7b3fd1688c8d6634b67acced10f770792c928a91.zip |
Exclude MIME_BAD_UNICODE false positive (#5030)
* Update composites.conf
* Update composites.conf
* Update composites.conf
* Update composites.conf
* Update mime_types_group.conf
* Update mime_types_group.conf
* Update composites.conf
Diffstat (limited to 'conf')
-rw-r--r-- | conf/composites.conf | 12 | ||||
-rw-r--r-- | conf/scores.d/mime_types_group.conf | 4 |
2 files changed, 14 insertions, 2 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index b1bff1c1a..4fb97588f 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -203,6 +203,18 @@ composites { policy = "leave"; description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL"; } + MIME_BAD_EXT_IN_OBFUSCATED_ARCHIVE { + expression = "MIME_BAD_EXTENSION and MIME_OBFUSCATED_ARCHIVE"; + score = 8.0; + policy = leave; + description = "Attachment with bad extension and archive that has filename with clear obfuscation signs"; + } + MIME_BAD_EXT_WITH_BAD_UNICODE { + expression = "MIME_BAD_EXTENSION and MIME_BAD_UNICODE"; + score = 8.0; + policy = leave; + description = "Attachment with bad extension and filename that has known obscured unicode characters"; + } .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf index 268709ee9..13778fe91 100644 --- a/conf/scores.d/mime_types_group.conf +++ b/conf/scores.d/mime_types_group.conf @@ -46,7 +46,7 @@ symbols = { one_shot = true; } "MIME_OBFUSCATED_ARCHIVE" { - weight = 8.0; + weight = 2.0; description = "Archive has files with clear obfuscation signs"; one_shot = true; } @@ -71,7 +71,7 @@ symbols = { one_shot = true; } "MIME_BAD_UNICODE" { - weight = 8.0; + weight = 2.0; description = "Filename with known obscured unicode characters"; one_shot = true; } |