diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-05-15 12:34:30 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-05-15 12:34:30 +0100 |
| commit | 7f5ca7ae3db6da0939e42ae88db375aa9b63fe76 (patch) | |
| tree | e01049fa023acf37b444c200e8eb67cf3f88c451 /rules/misc.lua | |
| parent | 5cc8d34451974d69d87e7c86a57476197bb192ef (diff) | |
| download | rspamd-7f5ca7ae3db6da0939e42ae88db375aa9b63fe76.tar.gz rspamd-7f5ca7ae3db6da0939e42ae88db375aa9b63fe76.zip | |
[Feature] Add rule to block mixed text and encrypted parts
Diffstat (limited to 'rules/misc.lua')
| -rw-r--r-- | rules/misc.lua | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/rules/misc.lua b/rules/misc.lua index 62fa7f92a..c70e90bbc 100644 --- a/rules/misc.lua +++ b/rules/misc.lua @@ -639,3 +639,100 @@ rspamd_config.R_BAD_CTE_7BIT = { description = 'Detects bad content-transfer-encoding for text parts', group = 'headers' } + + +local check_encrypted_name = rspamd_config:register_symbol{ + name = 'BOGUS_ENCRYPTED_AND_TEXT', + callback = function(task) + local parts = task:get_parts() or {} + local seen_encrypted, seen_text + local opts = {} + + local function check_part(part) + if part:is_multipart() then + local children = part:get_children() or {} + + for _,cld in ipairs(children) do + if cld:is_multipart() then + check_part(cld) + elseif cld:is_text() then + seen_text = true + else + local type,subtype,attrs = cld:get_type_full() + + if type:lower() == 'application' then + if string.find(subtype:lower(), 'pkcs7%-mime') then + -- S/MIME encrypted part + seen_encrypted = true + table.insert(opts, 'smime part') + task:insert_result('ENCRYPTED_SMIME', 1.0) + elseif string.find(subtype:lower(), 'pkcs7%-signature') then + task:insert_result('SIGNED_SMIME', 1.0) + elseif string.find(subtype:lower(), 'pgp%-encrypted') then + -- PGP/GnuPG encrypted part + seen_encrypted = true + table.insert(opts, 'pgp part') + task:insert_result('ENCRYPTED_PGP', 1.0) + elseif string.find(subtype:lower(), 'pgp%-signature') then + task:insert_result('SIGNED_PGP', 1.0) + end + end + end + end + end + end + + for _,part in ipairs(parts) do + check_part(part) + end + + if seen_text and seen_encrypted then + return true, 1.0, opts + end + + return false + end, + score = 10.0, + description = 'Bogus mix of encrypted and text/html payloads', + group = 'mime_types' +} + +rspamd_config:register_symbol{ + type = 'virtual', + parent = check_encrypted_name, + name = 'ENCRYPTED_PGP', + description = 'Message is encrypted with pgp', + group = 'mime_types', + score = -0.5, + one_shot = true +} + +rspamd_config:register_symbol{ + type = 'virtual', + parent = check_encrypted_name, + name = 'ENCRYPTED_SMIME', + description = 'Message is encrypted with smime', + group = 'mime_types', + score = -0.5, + one_shot = true +} + +rspamd_config:register_symbol{ + type = 'virtual', + parent = check_encrypted_name, + name = 'SIGNED_PGP', + description = 'Message is signed with pgp', + group = 'mime_types', + score = -2.0, + one_shot = true +} + +rspamd_config:register_symbol{ + type = 'virtual', + parent = check_encrypted_name, + name = 'SIGNED_SMIME', + description = 'Message is signed with smime', + group = 'mime_types', + score = -2.0, + one_shot = true +}
\ No newline at end of file |