diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-11-20 13:52:20 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-11-20 13:52:20 +0000 |
commit | 5a12f23f9004cba869c13ecf2974ff9f74a7908c (patch) | |
tree | ea3fab34e55e53eabe84225211b3c1838f9ead7c /rules | |
parent | 2cd0e1c61cced7f9fdfde4f6e11dda296969e663 (diff) | |
download | rspamd-5a12f23f9004cba869c13ecf2974ff9f74a7908c.tar.gz rspamd-5a12f23f9004cba869c13ecf2974ff9f74a7908c.zip |
Add R_SUSPICIOUS_URL rule that detects obfusicated URL's
Diffstat (limited to 'rules')
-rw-r--r-- | rules/misc.lua | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/rules/misc.lua b/rules/misc.lua index cbcdff0fc..f423d014e 100644 --- a/rules/misc.lua +++ b/rules/misc.lua @@ -90,3 +90,22 @@ rspamd_config.DATE_IN_PAST = function(task) return false end + +rspamd_config.R_SUSPICIOUS_URL = { + callback = function(task) + local urls = task:get_urls() + + if urls then + for i,u in ipairs(urls) do + if u:is_obscured() then + return true + end + end + end + return false + end, + score = 6.0, + group = 'url', + one_shot = true, + description = 'Obfusicated or suspicious URL has been found in a message' +} |