diff options
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/groups.conf | 6 | ||||
| -rw-r--r-- | conf/scores.d/content_group.conf | 37 |
2 files changed, 43 insertions, 0 deletions
diff --git a/conf/groups.conf b/conf/groups.conf index bf783cc2f..dcea1bcd0 100644 --- a/conf/groups.conf +++ b/conf/groups.conf @@ -116,5 +116,11 @@ group "external_services" { .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/external_services_group.conf" } +group "content" { + .include "$CONFDIR/scores.d/content_group.conf" + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/content_group.conf" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/content_group.conf" +} + .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/groups.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/groups.conf" diff --git a/conf/scores.d/content_group.conf b/conf/scores.d/content_group.conf new file mode 100644 index 000000000..b53ec31d0 --- /dev/null +++ b/conf/scores.d/content_group.conf @@ -0,0 +1,37 @@ +# Content matching rules +# +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine +# parameters defined on the top level +# +# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add +# parameters defined on the top level +# +# For specific modules or configuration you can also modify +# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults +# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults +# +# See https://rspamd.com/doc/tutorials/writing_rules.html for details + +description = "Content rules"; + +symbols = { + "PDF_ENCRYPTED" { + weight = 0.3; + description = "There is an encrypted PDF in the message"; + one_shot = true; + } + "PDF_JAVASCRIPT" { + weight = 0.1; + description = "There is an PDF with JavaScript in the message"; + one_shot = true; + } + "PDF_SUSPICIOUS" { + weight = 4.5; + description = "There is an PDF with suspicious properties in the message"; + one_shot = true; + } +} + |