aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp
Commit message (Collapse)AuthorAgeFilesLines
* [Minor] Simplify condition and add them merely when mime utf is enabledVsevolod Stakhov2024-07-171-9/+13
|
* [Rules] Fix some old rulesVsevolod Stakhov2024-07-161-7/+10
|
* correct headers.luaishisora2024-05-211-1/+1
|
* [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSIONgami2024-05-141-1/+1
|
* [Minor] Exclude User-Agent: Mozilla Thunderbird from XM_UA_NO_VERSIONgami2024-05-141-2/+3
|
* [Minor] Constrain Content-Description regexptwesterhever2024-05-011-1/+1
|
* [Minor] Remove superflous "string.format()"twesterhever2024-05-011-1/+1
|
* [Enhancement] Catch "Mail message body" Content-Descriptiontwesterhever2024-04-281-0/+7
| | | | This header frequently surfaces in spam, mostly advance fee fraud.
* [Minor] Add rule for presence of Content-Description headertwesterhever2024-04-281-0/+7
|
* [Minor] Add rule for localhost HELOs in Received headerstwesterhever2024-03-241-0/+7
|
* [Minor] Add HAS_FILE_URL rule for messages containing a file:// URLtwesterhever2024-02-291-0/+7
| | | | | | | | | These are frequently abused for distributing malware via non-HTTP protocols, such as public Samba servers. file:// URLs may also be abused for including files from the victims' machine in a message. Either way, a legitimate usecase is unlikely. Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
* [Minor] Add rule for messages missing both X-Mailer and User-Agent headertwesterhever2023-11-031-0/+10
|
* [Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561)Andrew Lewis2023-09-141-2/+4
|
* [Minor] Reformat all Lua code, no functional changesVsevolod Stakhov2023-08-074-67/+88
|
* [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as welltwesterhever2023-08-021-1/+1
| | | | Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
* Adjust apple_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* [Minor] A bit better apple_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* Optimize apple_ios_x_mailer regexDmitriy Alekseev2023-07-121-1/+1
|
* Support regex rules to detect Apple MailDmitriy Alekseev2023-07-111-3/+20
|
* Merge pull request #4497 from twesterhever/temp-improve-has-google-redirVsevolod Stakhov2023-06-221-2/+2
|\ | | | | [Enhancement] Improve detection of Google redirection URLs
| * [Minor] Remove superfluous '|' in regular expressiontwesterhever2023-06-221-1/+1
| |
| * [Minor] Simplify regular expression for HAS_GOOGLE_REDIRtwesterhever2023-06-221-1/+1
| | | | | | | | https://github.com/rspamd/rspamd/pull/4497#issuecomment-1586265815
| * [Enhancement] Improve detection of Google redirection URLstwesterhever2023-05-261-2/+2
| | | | | | | | | | The list is derived from Firefox' static HPKP entires, retrieved from: https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
* | Merge pull request #4494 from twesterhever/temp-arm-google-firebaseVsevolod Stakhov2023-06-111-2/+2
|\ \ | | | | | | [Rules] Make Google Firebase rule productive
| * | [Enhancement] Make Google Firebase rule productivetwesterhever2023-05-261-2/+2
| |/
* | Merge pull request #4495 from twesterhever/temp-onoin-urlVsevolod Stakhov2023-06-041-1/+1
|\ \ | | | | | | [Minor] Move HAS_ONION_URI from "experimental" to "url" group
| * | [Minor] Move HAS_ONION_URI from "experimental" to "url" grouptwesterhever2023-05-261-1/+1
| |/
* / [Minor] Improve various rule descriptionstwesterhever2023-05-261-50/+47
|/
* [Minor] Account for one more undisclosed-recipients address variantAnton Yuzhaninov2023-02-251-1/+2
|
* Merge branch 'master' into temp-add-ipfs-heuristicsVsevolod Stakhov2023-02-202-6/+12
|\
| * add Betterbird to `user_agent_thunderbird`georglauterbach2023-02-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | See https://github.com/Betterbird/thunderbird-patches/issues/125 for reference. This way, Rspamd will not add `FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN` to mails sent perfectly find with Betterbird. Betterbird (<https://www.betterbird.eu/>) is an adjusted version of Thunderbird, fixing many bugs and adding long-wanted features. It is a common and well-known alternative to Thunderbird, so I think the addition is justified.
| * Merge pull request #4397 from twesterhever/temp-misc-cleanups-and-housekeepingVsevolod Stakhov2023-02-172-2/+1
| |\ | | | | | | [Minor] Assorted cleanup and housekeeping of configuration files
| | * [Minor] Fix some whitespace issuestwesterhever2023-02-172-2/+1
| | |
| * | Merge pull request #4401 from twesterhever/temp-google-firebaseVsevolod Stakhov2023-02-171-0/+7
| |\ \ | | | | | | | | [Enhancement] Add rule to detect Google Firebase URLs
| | * | [Enhancement] Add rule to detect Google Firebase URLstwesterhever2023-02-171-0/+7
| | |/
| * / [Enhancement] Make Google URL redirection rules productivetwesterhever2023-02-171-5/+5
| |/
| * [Minor] Use unicode property for currency detectionVsevolod Stakhov2022-10-291-1/+1
| | | | | | | | Issue: #4320
* | [Minor] Regexp is case-insensitive, omit redundant characterstwesterhever2022-11-061-1/+1
| |
* | [Minor] Fix rule commenttwesterhever2022-11-061-1/+1
| |
* | [Minor] Limit CIDv1 detection to 128 bytestwesterhever2022-11-061-1/+1
| | | | | | As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107, try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
* | [Minor] Implement multibase prefixes for IPFS gateway URL ruletwesterhever2022-11-061-2/+2
| |
* | [Minor] Clarify that IPFS *gateway* URLs are likely considered malicioustwesterhever2022-11-061-2/+2
| |
* | [Enhancement] Add IPFS URL heuristictwesterhever2022-10-151-1/+16
|/
* [Minor] Update more copyright years/emailVsevolod Stakhov2022-03-272-2/+2
|
* Spelling (#4086)Josh Soref2022-02-221-4/+4
| | | [Rework] Massive spelling fix from @jsoref
* [Minor] Fix ruleVsevolod Stakhov2021-11-301-1/+1
|
* [Rules] Remove ancient and inefficient rulesVsevolod Stakhov2021-11-291-43/+0
|
* [Rules] Fix old rules to stop global functions usageVsevolod Stakhov2021-11-291-46/+72
|
* [Minor] Regexp: Extend upstream spam filter regexpSebastian Lipponer2021-08-211-1/+3
|
* [Rules] Micro-optimize X_PHP_EVALAnton Yuzhaninov2021-08-051-1/+1
| | | | | Remove /i flag from regexp string "eval()'d code" is always in lower case. While here use long string format for readability.