diff options
| author | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2022-10-15 11:48:02 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-15 11:48:02 +0000 |
| commit | 39aeb394c8dc6a4f05b2e6daf4c94dae1a6e4659 (patch) | |
| tree | 26f9544b5e3463cd18178fbed70b7df6d41816f0 /rules | |
| parent | 5209f8541be49ddc3ca736cb336a5117bb32a971 (diff) | |
| download | rspamd-39aeb394c8dc6a4f05b2e6daf4c94dae1a6e4659.tar.gz rspamd-39aeb394c8dc6a4f05b2e6daf4c94dae1a6e4659.zip | |
[Enhancement] Add IPFS URL heuristic
Diffstat (limited to 'rules')
| -rw-r--r-- | rules/regexp/misc.lua | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index a5e5cfc44..c7876567f 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -99,4 +99,19 @@ reconf['LEAKED_PASSWORD_SCAM_RE'] = { group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') + +-- Heurististic for detecting InterPlanetary File System (IPFS) gateway URLs: +-- These contain "ipfs" somewhere (either in the FQDN or the URL path) and a +-- content identifier (CID), comprising of either "qm", followed by 46 alphanumerical +-- characters (CIDv0), or a CIDv1 of an alphanumerical string of unspecified length, +-- depending on the hash algorithm used. +local ipfs_cid = '/(qm[a-z0-9]{44}|[a-z0-9]{45,256})/{url}i' +local ipfs_string = '/ipfs(\\.|-|_|\\/|\\?)/{url}i' +reconf['HAS_IPFS_URL'] = { + description = 'Message contains InterPlanetary File System (IPFS) URL, likely malicious', + re = string.format('(%s & %s)', ipfs_cid, ipfs_string), + score = 6.0, + one_shot = true, + group = 'url', +} |