summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-08-06 20:39:56 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-08-06 20:39:56 +0100
commit8faea84e51a980e4f8a5ec351cb5e3b050feac2e (patch)
treecf50428549c4044ea5406ccf8a0bed63ef508eea /src
parent3028e8571abd3ca3112d36710776b66c1009051c (diff)
downloadrspamd-8faea84e51a980e4f8a5ec351cb5e3b050feac2e.tar.gz
rspamd-8faea84e51a980e4f8a5ec351cb5e3b050feac2e.zip
[Rework] Move phishtank to a DNS based service
Diffstat (limited to 'src')
-rw-r--r--src/plugins/lua/phishing.lua101
1 files changed, 47 insertions, 54 deletions
diff --git a/src/plugins/lua/phishing.lua b/src/plugins/lua/phishing.lua
index a34ad55b2..cc6a259bd 100644
--- a/src/plugins/lua/phishing.lua
+++ b/src/plugins/lua/phishing.lua
@@ -32,15 +32,14 @@ local strict_domains = {}
local redirector_domains = {}
local generic_service_map = nil
local openphish_map = 'https://www.openphish.com/feed.txt'
-local phishtank_map = 'http://data.phishtank.com/data/online-valid.json'
+local phishtank_suffix = 'phishtank.rspamd.com'
-- Not enabled by default as their feed is quite large
local openphish_premium = false
+local phishtank_enabled = false
local generic_service_hash
local openphish_hash
-local phishtank_hash
local generic_service_data = {}
local openphish_data = {}
-local phishtank_data = {}
local rspamd_logger = require "rspamd_logger"
local util = require "rspamd_util"
local opts = rspamd_config:get_all_opt(N)
@@ -125,6 +124,45 @@ local function phishing_cb(task)
end
end
+ local function check_phishing_dns(dns_suffix, url, phish_symbol)
+ local function compose_dns_query(elts)
+ local cr = require "rspamd_cryptobox_hash"
+ local h = cr.create()
+ for _,elt in ipairs(elts) do h:update(elt) end
+ return string.format("%s.%s", h:base32():sub(1, 32), dns_suffix)
+ end
+ local r = task:get_resolver()
+ local host = url:get_host()
+ local path = url:get_path()
+ local query = url:get_query()
+
+ if host and path then
+ local function host_host_path_cb(_, _, results, err)
+ if not err and results then
+ task:insert_result(phish_symbol, 0.3, results)
+ end
+ end
+ r:resolve_a({
+ task = task,
+ name = compose_dns_query({host, path}),
+ callback = host_host_path_cb})
+
+
+ if query then
+ local function host_host_path_query_cb(_, _, results, err)
+ if not err and results then
+ task:insert_result(phish_symbol, 1.0, results)
+ end
+ end
+ r:resolve_a({
+ task = task,
+ name = compose_dns_query({host, path, query}),
+ callback = host_host_path_query_cb})
+ end
+
+ end
+ end
+
local urls = task:get_urls()
if urls then
@@ -137,8 +175,8 @@ local function phishing_cb(task)
check_phishing_map(openphish_data, url, openphish_symbol)
end
- if phishtank_hash then
- check_phishing_map(phishtank_data, url, phishtank_symbol)
+ if phishtank_enabled then
+ check_phishing_dns(phishtank_suffix, url, phishtank_symbol)
end
if url:is_phished() and not url:is_redirected() then
@@ -388,42 +426,6 @@ local function openphish_plain_cb(string)
pool:destroy()
end
-local function phishtank_json_cb(string)
- local ucl = require "ucl"
- local nelts = 0
- local new_data = {}
- local valid = true
- local parser = ucl.parser()
- local res,err = parser:parse_string(string)
- local rspamd_mempool = require "rspamd_mempool"
- local pool = rspamd_mempool.create()
-
- if not res then
- valid = false
- rspamd_logger.warnx(phishtank_hash, 'cannot parse phishtank map: ' .. err)
- else
- local obj = parser:get_object()
-
- for _,elt in ipairs(obj) do
- if elt['url'] then
- if insert_url_from_string(pool, new_data, elt['url'],
- elt['phish_detail_url']) then
- nelts = nelts + 1
- end
- end
- end
- end
-
- if valid then
- phishtank_data = new_data
- rspamd_logger.infox(phishtank_hash, "parsed %s elements from phishtank feed",
- nelts)
- end
-
-
- pool:destroy()
-end
-
if opts then
local id
if opts['symbol'] then
@@ -485,20 +487,11 @@ if opts then
end
end
- if opts['phishtank_map'] then
- phishtank_map = opts['phishtank_map']
- end
- if opts['phishtank_url'] then
- phishtank_map = opts['phishtank_url']
- end
-
if opts['phishtank_enabled'] then
- phishtank_hash = rspamd_config:add_map({
- type = 'callback',
- url = phishtank_map,
- callback = phishtank_json_cb,
- description = 'Phishtank feed (see https://www.phishtank.com for details)'
- })
+ phishtank_enabled = true
+ if opts['phishtank_suffix'] then
+ phishtank_suffix = opts['phishtank_suffix']
+ end
end
rspamd_config:register_symbol({