From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Wed, 2 Aug 2023 13:32:13 +0000 (+0000)
Subject: [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well
X-Git-Tag: 3.6~1^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F4558%2Fhead;p=thirdparty%2Frspamd.git

[Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well

Rationale: https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
---

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index b6b5e10d4e..42c08ca3fd 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -912,7 +912,7 @@ reconf['HAS_GUC_PROXY_URI'] = {
 }
 
 reconf['HAS_GOOGLE_REDIR'] = {
-  re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/url\\?/{url}i',
+  re = '/\\.google\\.([a-z]{2,3}(|\\.[a-z]{2,3})|info|jobs)\\/(amp\\/s\\/|url\\?)/{url}i',
   description = 'Has google.com/url or alike Google redirection URL',
   score = 1.0,
   group = 'url'