aboutsummaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2015-11-20 13:52:20 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2015-11-20 13:52:20 +0000
commit5a12f23f9004cba869c13ecf2974ff9f74a7908c (patch)
treeea3fab34e55e53eabe84225211b3c1838f9ead7c /rules
parent2cd0e1c61cced7f9fdfde4f6e11dda296969e663 (diff)
downloadrspamd-5a12f23f9004cba869c13ecf2974ff9f74a7908c.tar.gz
rspamd-5a12f23f9004cba869c13ecf2974ff9f74a7908c.zip
Add R_SUSPICIOUS_URL rule that detects obfusicated URL's
Diffstat (limited to 'rules')
-rw-r--r--rules/misc.lua19
1 files changed, 19 insertions, 0 deletions
diff --git a/rules/misc.lua b/rules/misc.lua
index cbcdff0fc..f423d014e 100644
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -90,3 +90,22 @@ rspamd_config.DATE_IN_PAST = function(task)
return false
end
+
+rspamd_config.R_SUSPICIOUS_URL = {
+ callback = function(task)
+ local urls = task:get_urls()
+
+ if urls then
+ for i,u in ipairs(urls) do
+ if u:is_obscured() then
+ return true
+ end
+ end
+ end
+ return false
+ end,
+ score = 6.0,
+ group = 'url',
+ one_shot = true,
+ description = 'Obfusicated or suspicious URL has been found in a message'
+}