diff options
| -rw-r--r-- | rules/regexp/compromised_hosts.lua | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua index f6427a7cd..37fef0dd7 100644 --- a/rules/regexp/compromised_hosts.lua +++ b/rules/regexp/compromised_hosts.lua @@ -138,12 +138,24 @@ reconf['HIDDEN_SOURCE_OBJ'] = { group = "compromised_hosts" } -reconf['URI_HIDDEN_PATH'] = { - re = "/\\/\\..+/U", - description = "URL contains a UNIX hidden file/directory", +rspamd_config.URI_HIDDEN_PATH = { + callback = function (task) + local urls = task:get_urls(false) + if (urls) then + for _, url in ipairs(urls) do + if (not (url:is_subject() and url:is_html_displayed())) then + local path = url:get_path() + if (hidden_uri_re:match(path)) then + -- TODO: need url:is_schemeless() to improve this + return true, 1.0, url:get_text() + end + end + end + end + end, + description = 'Message contains URI with a hidden path', score = 1.0, - one_shot = true, - group = "compromised_hosts" + group = 'compromised_hosts', } reconf['MID_RHS_WWW'] = { |