diff options
| -rw-r--r-- | rules/archives.lua | 38 | ||||
| -rw-r--r-- | src/plugins/lua/arc.lua | 12 | ||||
| -rw-r--r-- | src/plugins/lua/gpt.lua | 4 | ||||
| -rw-r--r-- | src/plugins/lua/known_senders.lua | 3 |
4 files changed, 34 insertions, 23 deletions
diff --git a/rules/archives.lua b/rules/archives.lua index 83ac27df8..c582b93bd 100644 --- a/rules/archives.lua +++ b/rules/archives.lua @@ -2,19 +2,19 @@ local rspamd_regexp = require "rspamd_regexp" local lua_maps = require "lua_maps" local clickbait_map = lua_maps.map_add_from_ucl( - { - string.format('%s/maps.d/%s', rspamd_paths.CONFDIR, 'exe_clickbait.inc'), - string.format('%s/local.d/maps.d/%s', rspamd_paths.LOCAL_CONFDIR, 'exe_clickbait.inc') - }, - 'regexp', - 'Inappropriate descriptions for executables' + { + string.format('%s/maps.d/%s', rspamd_paths.CONFDIR, 'exe_clickbait.inc'), + string.format('%s/local.d/maps.d/%s', rspamd_paths.LOCAL_CONFDIR, 'exe_clickbait.inc') + }, + 'regexp', + 'Inappropriate descriptions for executables' ) local exe_re = rspamd_regexp.create_cached([[/\.exe$|\.com$/i]]) local img_re = rspamd_regexp.create_cached([[/\.img$/i]]) local rar_re = rspamd_regexp.create_cached([[/\.rar$|\.r[0-9]{2}$/i]]) -local id = rspamd_config:register_symbol{ +local id = rspamd_config:register_symbol { callback = function(task) local num_checked = 0 local have_subject_clickbait = false @@ -52,7 +52,7 @@ local id = rspamd_config:register_symbol{ local name = info.name if img_re:match(name) then - local ratio = info.uncompressed_size/info.compressed_size + local ratio = info.uncompressed_size / info.compressed_size if ratio >= 500 then task:insert_result('UDF_COMPRESSION_500PLUS', 1.0) end @@ -86,7 +86,7 @@ local id = rspamd_config:register_symbol{ type = 'callback', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'exe file in archive with clickbait filename', group = 'malware', name = 'EXE_ARCHIVE_CLICKBAIT_FILENAME', @@ -96,7 +96,7 @@ rspamd_config:register_symbol{ type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'exe file in archive with clickbait subject', group = 'malware', name = 'EXE_ARCHIVE_CLICKBAIT_SUBJECT', @@ -106,47 +106,47 @@ rspamd_config:register_symbol{ type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'exe file in archive', group = 'malware', name = 'EXE_IN_ARCHIVE', one_shot = true, parent = id, - score = 0.5, + score = 1.5, type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'rar with wrong extension containing exe file', group = 'malware', name = 'EXE_IN_MISIDENTIFIED_RAR', one_shot = true, parent = id, - score = 2.0, + score = 5.0, type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'rar with wrong extension', group = 'malware', name = 'MISIDENTIFIED_RAR', one_shot = true, parent = id, - score = 2.0, + score = 4.0, type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'single file container bearing executable', group = 'malware', name = 'SINGLE_FILE_ARCHIVE_WITH_EXE', one_shot = true, parent = id, - score = 1.0, + score = 5.0, type = 'virtual', } -rspamd_config:register_symbol{ +rspamd_config:register_symbol { description = 'very well compressed img file in archive', name = 'UDF_COMPRESSION_500PLUS', one_shot = true, diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index ff19aef4c..90e254e78 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -635,11 +635,21 @@ local function prepare_arc_selector(task, sel) end end + local function arc_result_from_ar(ar_header) + ar_header = ar_header or "" + for k, v in string.gmatch(ar_header, "(%w+)=(%w+)") do + if k == 'arc' then + return v + end + end + return nil + end + if settings.reuse_auth_results then local ar_header = task:get_header('Authentication-Results') if ar_header then - local arc_match = string.match(ar_header, 'arc=(%w+)') + local arc_match = arc_result_from_ar(ar_header) if arc_match then if arc_match == 'none' or arc_match == 'pass' then diff --git a/src/plugins/lua/gpt.lua b/src/plugins/lua/gpt.lua index 61217cbf8..823dbd045 100644 --- a/src/plugins/lua/gpt.lua +++ b/src/plugins/lua/gpt.lua @@ -94,11 +94,11 @@ local function default_condition(task) local action = result.action if action == 'reject' and result.npositive > 1 then - return true, 'already decided as spam' + return false, 'already decided as spam' end if action == 'no action' and score < 0 then - return true, 'negative score, already decided as ham' + return false, 'negative score, already decided as ham' end end -- We also exclude some symbols diff --git a/src/plugins/lua/known_senders.lua b/src/plugins/lua/known_senders.lua index 6d57acea3..5cb2ddcf5 100644 --- a/src/plugins/lua/known_senders.lua +++ b/src/plugins/lua/known_senders.lua @@ -18,6 +18,7 @@ limitations under the License. local rspamd_logger = require "rspamd_logger" local N = 'known_senders' +local E = {} local lua_util = require "lua_util" local lua_redis = require "lua_redis" local lua_maps = require "lua_maps" @@ -258,7 +259,7 @@ local function verify_local_replies_set(task) return nil end - local replies_recipients = task:get_recipients('mime') + local replies_recipients = task:get_recipients('mime') or E local replies_sender_string = lua_util.maybe_obfuscate_string(tostring(replies_sender), settings, settings.sender_prefix) |