aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/lua/phishing.lua
blob: 4d72ff806a34097eef624d6552539c8cf1c539fb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
-- Phishing detection interface for selecting phished urls and inserting corresponding symbol
--
--
local symbol = 'PHISHED_URL'
local domains = nil
local strict_domains = {}

function phishing_cb (task)
	local urls = task:get_urls();

	if urls then
		for _,url in ipairs(urls) do
			if url:is_phished() then
				local found = false
				local purl = url:get_phished()
				if table.maxn(strict_domains) > 0 then
					local _,_,tld = string.find(purl:get_host(), '([a-zA-Z0-9%-]+\.[a-zA-Z0-9%-]+)$')
					if tld then
						for _,rule in ipairs(strict_domains) do
							if rule['map']:get_key(tld) then
								task:insert_result(rule['symbol'], 1, purl:get_host())
								found = true
							end
						end
					end
				end
				if not found then
					if domains then
						local _,_,tld = string.find(purl:get_host(), '([a-zA-Z0-9%-]+\.[a-zA-Z0-9%-]+)$')
						if tld then
							if domains:get_key(tld) then
								task:insert_result(symbol, 1, purl:get_host())
							end
						end
					else		
						task:insert_result(symbol, 1, purl:get_host())
					end
				end
			end
		end
	end
end

-- Registration
if type(rspamd_config.get_api_version) ~= 'nil' then
	if rspamd_config:get_api_version() >= 1 then
		rspamd_config:register_module_option('phishing', 'symbol', 'string')
		rspamd_config:register_module_option('phishing', 'domains', 'map')
		rspamd_config:register_module_option('phishing', 'strict_domains', 'string')
	end
end

local opts = rspamd_config:get_all_opt('phishing')
if opts then
    if opts['symbol'] then
        symbol = opts['symbol']
        
        -- Register symbol's callback
        rspamd_config:register_symbol(symbol, 1.0, 'phishing_cb')
    end
	if opts['domains'] and type(opt['domains']) == 'string' then
		domains = rspamd_config:add_hash_map (opts['domains'])
	end
	if opts['strict_domains'] then
		local sd = {}
		if type(opts['strict_domains']) == 'table' then
			sd = opts['strict_domains']
		else
			sd[1] = opts['strict_domains']
		end
		for _,d in ipairs(sd) do
			local s, _ = string.find(d, ':[^:]+$')
			if s then
				local sym = string.sub(d, s + 1, -1)
				local map = string.sub(d, 1, s - 1)
				if type(rspamd_config.get_api_version) ~= 'nil' then
					rspamd_config:register_virtual_symbol(sym, 1)
				end
				local rmap = rspamd_config:add_hash_map (map, 'Phishing strict domains map')
				if rmap then
					local rule = {symbol = sym, map = rmap}
					table.insert(strict_domains, rule)
				else
					rspamd_logger.info('cannot add map: ' .. map .. ' for symbol: ' .. sym)
				end
			else
				rspamd_logger.info('strict_domains option must be in format <map>:<symbol>')
			end
		end
	end
    -- If no symbol defined, do not register this module
end