From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Wed, 26 Jun 2024 14:21:57 +0000 (+0200)
Subject: Exclude MIME_BAD_UNICODE false positive (#5030)
X-Git-Tag: 3.9.0~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b3fd1688c8d6634b67acced10f770792c928a91;p=thirdparty%2Frspamd.git

Exclude MIME_BAD_UNICODE false positive (#5030)

* Update composites.conf

* Update composites.conf

* Update composites.conf

* Update composites.conf

* Update mime_types_group.conf

* Update mime_types_group.conf

* Update composites.conf
---

diff --git a/conf/composites.conf b/conf/composites.conf
index b1bff1c1a8..4fb97588f9 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -203,6 +203,18 @@ composites {
     policy = "leave";
     description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
   }
+  MIME_BAD_EXT_IN_OBFUSCATED_ARCHIVE {
+    expression = "MIME_BAD_EXTENSION and MIME_OBFUSCATED_ARCHIVE";
+    score = 8.0;
+    policy = leave;
+    description = "Attachment with bad extension and archive that has filename with clear obfuscation signs";
+  }
+  MIME_BAD_EXT_WITH_BAD_UNICODE {
+    expression = "MIME_BAD_EXTENSION and MIME_BAD_UNICODE";
+    score = 8.0;
+    policy = leave;
+    description = "Attachment with bad extension and filename that has known obscured unicode characters";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
index 268709ee91..13778fe917 100644
--- a/conf/scores.d/mime_types_group.conf
+++ b/conf/scores.d/mime_types_group.conf
@@ -46,7 +46,7 @@ symbols = {
         one_shot = true;
     }
     "MIME_OBFUSCATED_ARCHIVE" {
-        weight = 8.0;
+        weight = 2.0;
         description = "Archive has files with clear obfuscation signs";
         one_shot = true;
     }
@@ -71,7 +71,7 @@ symbols = {
         one_shot = true;
     }
     "MIME_BAD_UNICODE" {
-        weight = 8.0;
+        weight = 2.0;
         description = "Filename with known obscured unicode characters";
         one_shot = true;
     }