aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp
diff options
context:
space:
mode:
Diffstat (limited to 'rules/regexp')
-rw-r--r--rules/regexp/compromised_hosts.lua1
-rw-r--r--rules/regexp/headers.lua15
-rw-r--r--rules/regexp/misc.lua2
3 files changed, 12 insertions, 6 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index 0a9a9f0aa..cfd560bc2 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -211,4 +211,3 @@ reconf['WWW_DOT_DOMAIN'] = {
score = 0.5,
group = "compromised_hosts"
}
-
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index e493a663e..a2b95c2c7 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -439,7 +439,7 @@ reconf['FORGED_MUA_OPERA_MSGID'] = {
-- Detect forged Mozilla Mail/Thunderbird/Seamonkey/Postbox headers
-- Mozilla based X-Mailer
local user_agent_mozilla5 = 'User-Agent=/^\\s*Mozilla\\/5\\.0/H'
-local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Icedove)\\/)/H'
+local user_agent_thunderbird = 'User-Agent=/^\\s*(Thunderbird|Mozilla Thunderbird|Mozilla\\/.*Gecko\\/.*(Thunderbird|Betterbird|Icedove)\\/)/H'
local user_agent_seamonkey = 'User-Agent=/^\\s*Mozilla\\/5\\.0\\s.+\\sSeaMonkey\\/\\d+\\.\\d+/H'
local user_agent_postbox = [[User-Agent=/^\s*Mozilla\/5\.0\s\([^)]+\)\sGecko\/\d+\sPostboxApp\/\d+(?:\.\d+){2,3}$/H]]
local user_agent_mozilla = string.format('(%s) & !(%s) & !(%s) & !(%s)', user_agent_mozilla5, user_agent_thunderbird, user_agent_seamonkey, user_agent_postbox)
@@ -908,14 +908,21 @@ reconf['HAS_LIST_UNSUB'] = {
reconf['HAS_GUC_PROXY_URI'] = {
re = '/\\.googleusercontent\\.com\\/proxy/{url}i',
- description = 'Has googleusercontent.com proxy URI',
- score = 0.01,
- group = 'experimental'
+ description = 'Has googleusercontent.com proxy URL',
+ score = 1.0,
+ group = 'url'
}
reconf['HAS_GOOGLE_REDIR'] = {
re = '/\\.google\\.com\\/url\\?/{url}i',
description = 'Has google.com/url redirection',
+ score = 1.0,
+ group = 'url'
+}
+
+reconf['HAS_GOOGLE_FIREBASE_URL'] = {
+ re = '/\\.firebasestorage\\.googleapis\\.com\\//{url}i',
+ description = 'Contains firebasestorage.googleapis.com URL',
score = 0.01,
group = 'experimental'
}
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index a5e5cfc44..0e660e358 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -99,4 +99,4 @@ reconf['LEAKED_PASSWORD_SCAM_RE'] = {
group = 'scams'
}
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') \ No newline at end of file
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')