aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp/compromised_hosts.lua
diff options
context:
space:
mode:
authorSteve Freegard <steve@stevefreegard.com>2018-03-19 11:58:45 +0000
committerSteve Freegard <steve@stevefreegard.com>2018-03-19 11:58:45 +0000
commitb79129d61d36f5b95e32732c0a2e68c1533f2af5 (patch)
treefe6eb83996cfd8d673da665524dc0c3c02c1ebda /rules/regexp/compromised_hosts.lua
parent208ef50997462a0f3b7c21d2f8bc96bf0b1f2a01 (diff)
downloadrspamd-b79129d61d36f5b95e32732c0a2e68c1533f2af5.tar.gz
rspamd-b79129d61d36f5b95e32732c0a2e68c1533f2af5.zip
Improve URI_HIDDEN_PATH based on corpus testing
Diffstat (limited to 'rules/regexp/compromised_hosts.lua')
-rw-r--r--rules/regexp/compromised_hosts.lua22
1 files changed, 17 insertions, 5 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index f6427a7cd..37fef0dd7 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -138,12 +138,24 @@ reconf['HIDDEN_SOURCE_OBJ'] = {
group = "compromised_hosts"
}
-reconf['URI_HIDDEN_PATH'] = {
- re = "/\\/\\..+/U",
- description = "URL contains a UNIX hidden file/directory",
+rspamd_config.URI_HIDDEN_PATH = {
+ callback = function (task)
+ local urls = task:get_urls(false)
+ if (urls) then
+ for _, url in ipairs(urls) do
+ if (not (url:is_subject() and url:is_html_displayed())) then
+ local path = url:get_path()
+ if (hidden_uri_re:match(path)) then
+ -- TODO: need url:is_schemeless() to improve this
+ return true, 1.0, url:get_text()
+ end
+ end
+ end
+ end
+ end,
+ description = 'Message contains URI with a hidden path',
score = 1.0,
- one_shot = true,
- group = "compromised_hosts"
+ group = 'compromised_hosts',
}
reconf['MID_RHS_WWW'] = {