commit c599cb5: [Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
twesterhever
40121680+twesterhever at users.noreply.github.com
Mon Jul 29 17:53:10 UTC 2024
Author: twesterhever
Date: 2024-02-29 14:34:21 +0000
URL: https://github.com/rspamd/rspamd/commit/c599cb599e4c8df12ade63211e6c307e05a70276 (refs/pull/4846/head)
[Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
These are frequently abused for distributing malware via non-HTTP
protocols, such as public Samba servers. file:// URLs may also be abused
for including files from the victims' machine in a message. Either way,
a legitimate usecase is unlikely.
Signed-off-by: twesterhever <40121680+twesterhever at users.noreply.github.com>
---
rules/regexp/headers.lua | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 0624997aa..5f6a49437 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -938,6 +938,13 @@ reconf['HAS_GOOGLE_FIREBASE_URL'] = {
group = 'url'
}
+reconf['HAS_FILE_URL'] = {
+ re = '/^file:\\/\\//{url}i',
+ description = 'Contains file:// URL',
+ score = 2.0,
+ group = 'url'
+}
+
reconf['XM_UA_NO_VERSION'] = {
re = string.format('(!%s && !%s) && (%s || %s)',
'X-Mailer=/https?:/H',
More information about the Commits
mailing list