[Minor] Add rules that observes limits in pdf files

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2020-05-22 13:02:32 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2020-05-22 13:02:32 +0100
commit: 2fa03199e4bcf3d323d5c94ec7a16bb2890e0354 (patch)
tree: 0d9a6b89da87a23d8283fb14cb42ca3b43d79f5d /rules/content.lua
parent: e6db532ad5c6bab2480bd6bea6bf91e6ef1cc555 (diff)
download: rspamd-2fa03199e4bcf3d323d5c94ec7a16bb2890e0354.tar.gz
rspamd-2fa03199e4bcf3d323d5c94ec7a16bb2890e0354.zip
1 files changed, 24 insertions, 3 deletions
diff --git a/rules/content.lua b/rules/content.lua
index 1f591c2d7..5bdc46c25 100644
--- a/rules/content.lua
+++ b/rules/content.lua
@@ -17,7 +17,7 @@ limitations under the License.
 local function process_pdf_specific(task, part, specific)
   local suspicious_factor = 0
   if specific.encrypted then
-    task:insert_result('PDF_ENCRYPTED', 1.0, part:get_filename())
+    task:insert_result('PDF_ENCRYPTED', 1.0, part:get_filename() or 'unknown')
     suspicious_factor = suspicious_factor + 0.1
     if specific.openaction then
       suspicious_factor = suspicious_factor + 0.5
@@ -25,7 +25,7 @@ local function process_pdf_specific(task, part, specific)
   end
 
   if specific.scripts then
-    task:insert_result('PDF_JAVASCRIPT', 1.0, part:get_filename())
+    task:insert_result('PDF_JAVASCRIPT', 1.0, part:get_filename() or 'unknown')
     suspicious_factor = suspicious_factor + 0.1
   end
 
@@ -35,7 +35,16 @@ local function process_pdf_specific(task, part, specific)
 
   if suspicious_factor > 0.5 then
     if suspicious_factor > 1.0 then suspicious_factor = 1.0 end
-    task:insert_result('PDF_SUSPICIOUS', suspicious_factor, part:get_filename())
+    task:insert_result('PDF_SUSPICIOUS', suspicious_factor, part:get_filename() or 'unknown')
+  end
+
+  if specific.long_trailer then
+    task:insert_result('PDF_LONG_TRAILER', 1.0, string.format('%s:%d',
+        part:get_filename() or 'unknown', specific.long_trailer))
+  end
+  if specific.many_objects then
+    task:insert_result('PDF_MANY_OBJECTS', 1.0, string.format('%s:%d',
+        part:get_filename() or 'unknown', specific.many_objects))
   end
 end
 
@@ -83,3 +92,15 @@ rspamd_config:register_symbol{
   parent = id,
   groups = {"content", "pdf"},
 }
+rspamd_config:register_symbol{
+  type = 'virtual',
+  name = 'PDF_LONG_TRAILER',
+  parent = id,
+  groups = {"content", "pdf"},
+}
+rspamd_config:register_symbol{
+  type = 'virtual',
+  name = 'PDF_MANY_OBJECTS',
+  parent = id,
+  groups = {"content", "pdf"},
+}
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2020-05-22 13:02:32 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2020-05-22 13:02:32 +0100
commit	2fa03199e4bcf3d323d5c94ec7a16bb2890e0354 (patch)
tree	0d9a6b89da87a23d8283fb14cb42ca3b43d79f5d /rules/content.lua
parent	e6db532ad5c6bab2480bd6bea6bf91e6ef1cc555 (diff)
download	rspamd-2fa03199e4bcf3d323d5c94ec7a16bb2890e0354.tar.gz rspamd-2fa03199e4bcf3d323d5c94ec7a16bb2890e0354.zip