diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2021-01-04 13:41:04 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2021-01-04 13:41:04 +0200 |
| commit | 7679fd1222d6e7b6bbead83aa0ea7c2a5effdc21 (patch) | |
| tree | 2fe1d93a49bd0b12b347934dff05cf2799e8f2f3 /lualib/lua_magic/heuristics.lua | |
| parent | a40cab36960c258f45ff3ee6053a8af78e9c493d (diff) | |
| download | rspamd-7679fd1222d6e7b6bbead83aa0ea7c2a5effdc21.tar.gz rspamd-7679fd1222d6e7b6bbead83aa0ea7c2a5effdc21.zip | |
[Minor] Magic: try avoid false positive exe detection
Diffstat (limited to 'lualib/lua_magic/heuristics.lua')
| -rw-r--r-- | lualib/lua_magic/heuristics.lua | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lualib/lua_magic/heuristics.lua b/lualib/lua_magic/heuristics.lua index d9a7702a4..fb0a4b7c2 100644 --- a/lualib/lua_magic/heuristics.lua +++ b/lualib/lua_magic/heuristics.lua @@ -471,4 +471,22 @@ exports.pdf_format_heuristic = function(input, log_obj, pos, part) return 'pdf',weight end +exports.pe_part_heuristic = function(input, log_obj, pos, part) + if not input then + return + end + + local pe_ptr_bin = input:sub(60, 64) + if #pe_ptr_bin ~= 4 then + return + end + + local pe_ptr = rspamd_util.unpack("<H", pe_ptr_bin) + if pe_ptr ~= pos then + return + end + + return 'exe',15 +end + return exports |