diff options
| author | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-08-02 13:32:13 +0000 |
|---|---|---|
| committer | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-08-02 13:32:13 +0000 |
| commit | d47473f55375db0de222fc1d2f31be7a8dbacb90 (patch) | |
| tree | 0115bf466216a18661a9056af2c8f987c1e5e77b /rules | |
| parent | e1b653d22441860199b7eba5304ecb56afd6fa8d (diff) | |
| download | rspamd-d47473f55375db0de222fc1d2f31be7a8dbacb90.tar.gz rspamd-d47473f55375db0de222fc1d2f31be7a8dbacb90.zip | |
[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
Diffstat (limited to 'rules')
| -rw-r--r-- | rules/regexp/headers.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index b6b5e10d4..42c08ca3f 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -912,7 +912,7 @@ reconf['HAS_GUC_PROXY_URI'] = { } reconf['HAS_GOOGLE_REDIR'] = { - re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/url\\?/{url}i', + re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/(amp\\/s\\/|url\\?)/{url}i', description = 'Has google.com/url or alike Google redirection URL', score = 1.0, group = 'url' |