diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-04-30 16:22:58 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-04-30 16:22:58 +0100 |
| commit | de05eea118e89faf09db1a9fd3d91cc8917f4d7e (patch) | |
| tree | f5a2994305b9cc2323147f63b8652d6ceae7785b /rules/misc.lua | |
| parent | d594c736dbddd7120ee3a612bbbdc3b48efdcd1e (diff) | |
| download | rspamd-de05eea118e89faf09db1a9fd3d91cc8917f4d7e.tar.gz rspamd-de05eea118e89faf09db1a9fd3d91cc8917f4d7e.zip | |
[Feature] Improve omograph phishing detection
Diffstat (limited to 'rules/misc.lua')
| -rw-r--r-- | rules/misc.lua | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/rules/misc.lua b/rules/misc.lua index ab4a87508..fff5d04cc 100644 --- a/rules/misc.lua +++ b/rules/misc.lua @@ -341,22 +341,36 @@ rspamd_config.OMOGRAPH_URL = { if urls then local bad_omographs = 0 + local single_bad_omograps = 0 local bad_urls = {} fun.each(function(u) - local h1 = u:get_host() - local h2 = u:get_phished():get_host() - if h1 and h2 then - if util.is_utf_spoofed(h1, h2) then - table.insert(bad_urls, string.format('%s->%s', h1, h2)) - bad_omographs = bad_omographs + 1 + if u:is_phished() then + local h1 = u:get_host() + local h2 = u:get_phished():get_host() + if h1 and h2 then + if util.is_utf_spoofed(h1, h2) then + table.insert(bad_urls, string.format('%s->%s', h1, h2)) + bad_omographs = bad_omographs + 1 + end + end + end + if not u:is_html_displayed() then + local h = u:get_tld() + + if h then + if util.is_utf_spoofed(h) then + table.insert(bad_urls, string.format('%s', h)) + single_bad_omograps = single_bad_omograps + 1 + end end end - end, fun.filter(function(u) return u:is_phished() end, urls)) + end, urls) if bad_omographs > 0 then - if bad_omographs > 1 then bad_omographs = 1.0 end - return true, bad_omographs, bad_urls + return true, 1.0, bad_urls + elseif single_bad_omograps > 0 then + return true, 0.5, bad_urls end end |