# Content matching rules # # Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine # parameters defined on the top level # # You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add # parameters defined on the top level # # For specific modules or configuration you can also modify # '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults # '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults # # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Content rules"; symbols = { "PDF_ENCRYPTED" { weight = 0.3; description = "There is an encrypted PDF in the message"; one_shot = true; } "PDF_JAVASCRIPT" { weight = 0.1; description = "There is an PDF with JavaScript in the message"; one_shot = true; } "PDF_SUSPICIOUS" { weight = 4.5; description = "There is an PDF with suspicious properties in the message"; one_shot = true; } "PDF_LONG_TRAILER" { weight = 0.2; description = "There is an PDF with a long trailer"; one_shot = true; } "PDF_MANY_OBJECTS" { weight = 0; description = "There is a PDF file with too many objects"; one_shot = true; } "PDF_TIMEOUT" { weight = 0; description = "There is a PDF file that caused timeout in processing"; one_shot = true; } }