aboutsummaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorDmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>2024-06-26 16:21:57 +0200
committerGitHub <noreply@github.com>2024-06-26 15:21:57 +0100
commit7b3fd1688c8d6634b67acced10f770792c928a91 (patch)
tree419784d75b7a46411d1c9a8f568709df8a770e7f /conf
parentec1b9b8affaa66dd78f25f712040b3a1bb62fc39 (diff)
downloadrspamd-7b3fd1688c8d6634b67acced10f770792c928a91.tar.gz
rspamd-7b3fd1688c8d6634b67acced10f770792c928a91.zip
Exclude MIME_BAD_UNICODE false positive (#5030)
* Update composites.conf * Update composites.conf * Update composites.conf * Update composites.conf * Update mime_types_group.conf * Update mime_types_group.conf * Update composites.conf
Diffstat (limited to 'conf')
-rw-r--r--conf/composites.conf12
-rw-r--r--conf/scores.d/mime_types_group.conf4
2 files changed, 14 insertions, 2 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index b1bff1c1a..4fb97588f 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -203,6 +203,18 @@ composites {
policy = "leave";
description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
}
+ MIME_BAD_EXT_IN_OBFUSCATED_ARCHIVE {
+ expression = "MIME_BAD_EXTENSION and MIME_OBFUSCATED_ARCHIVE";
+ score = 8.0;
+ policy = leave;
+ description = "Attachment with bad extension and archive that has filename with clear obfuscation signs";
+ }
+ MIME_BAD_EXT_WITH_BAD_UNICODE {
+ expression = "MIME_BAD_EXTENSION and MIME_BAD_UNICODE";
+ score = 8.0;
+ policy = leave;
+ description = "Attachment with bad extension and filename that has known obscured unicode characters";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
index 268709ee9..13778fe91 100644
--- a/conf/scores.d/mime_types_group.conf
+++ b/conf/scores.d/mime_types_group.conf
@@ -46,7 +46,7 @@ symbols = {
one_shot = true;
}
"MIME_OBFUSCATED_ARCHIVE" {
- weight = 8.0;
+ weight = 2.0;
description = "Archive has files with clear obfuscation signs";
one_shot = true;
}
@@ -71,7 +71,7 @@ symbols = {
one_shot = true;
}
"MIME_BAD_UNICODE" {
- weight = 8.0;
+ weight = 2.0;
description = "Filename with known obscured unicode characters";
one_shot = true;
}