diff options
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/misc.lua | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index a5e5cfc44..c7876567f 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -99,4 +99,19 @@ reconf['LEAKED_PASSWORD_SCAM_RE'] = { group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') + +-- Heurististic for detecting InterPlanetary File System (IPFS) gateway URLs: +-- These contain "ipfs" somewhere (either in the FQDN or the URL path) and a +-- content identifier (CID), comprising of either "qm", followed by 46 alphanumerical +-- characters (CIDv0), or a CIDv1 of an alphanumerical string of unspecified length, +-- depending on the hash algorithm used. +local ipfs_cid = '/(qm[a-z0-9]{44}|[a-z0-9]{45,256})/{url}i' +local ipfs_string = '/ipfs(\\.|-|_|\\/|\\?)/{url}i' +reconf['HAS_IPFS_URL'] = { + description = 'Message contains InterPlanetary File System (IPFS) URL, likely malicious', + re = string.format('(%s & %s)', ipfs_cid, ipfs_string), + score = 6.0, + one_shot = true, + group = 'url', +} |