commit a2db37f: [Minor] Also add suspicious patterns support
Vsevolod Stakhov
vsevolod at highsecure.ru
Wed Nov 27 13:42:07 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-11-27 13:42:24 +0000
URL: https://github.com/rspamd/rspamd/commit/a2db37f731c4002899788b91770e01d225863d9b (HEAD -> master)
[Minor] Also add suspicious patterns support
---
lualib/lua_content/pdf.lua | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/lualib/lua_content/pdf.lua b/lualib/lua_content/pdf.lua
index e8d4c7bab..588117fc7 100644
--- a/lualib/lua_content/pdf.lua
+++ b/lualib/lua_content/pdf.lua
@@ -32,8 +32,14 @@ local pdf_patterns = {
},
javascript = {
patterns = {
- [[\s/JS]],
- [[\s/JavaScript]],
+ [[\s|>/JS]],
+ [[\s|>/JavaScript]],
+ }
+ },
+ suspicious = {
+ patterns = {
+ [[netsh\s]],
+ [[echo\s]],
}
}
}
@@ -139,6 +145,11 @@ processors.javascript = function(_, task, _, output)
output.javascript = true
end
+processors.suspicious = function(_, task, _, output)
+ lua_util.debugm(N, task, "pdf: found a suspicious pattern")
+ output.suspicious = true
+end
+
exports.process = process_pdf
return exports
\ No newline at end of file
More information about the Commits
mailing list