From: twesterhever <40121680+twesterhever@users.noreply.github.com>
Date: Thu, 29 Feb 2024 14:34:21 +0000 (+0000)
Subject: [Minor] Add HAS_FILE_URL rule for messages containing a file:// URL
X-Git-Tag: 3.9.0~118^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F4846%2Fhead;p=thirdparty%2Frspamd.git

[Minor] Add HAS_FILE_URL rule for messages containing a file:// URL

These are frequently abused for distributing malware via non-HTTP
protocols, such as public Samba servers. file:// URLs may also be abused
for including files from the victims' machine in a message. Either way,
a legitimate usecase is unlikely.

Signed-off-by: twesterhever <40121680+twesterhever@users.noreply.github.com>
---

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 0624997aae..5f6a49437e 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -938,6 +938,13 @@ reconf['HAS_GOOGLE_FIREBASE_URL'] = {
   group = 'url'
 }
 
+reconf['HAS_FILE_URL'] = {
+  re = '/^file:\\/\\//{url}i',
+  description = 'Contains file:// URL',
+  score = 2.0,
+  group = 'url'
+}
+
 reconf['XM_UA_NO_VERSION'] = {
   re = string.format('(!%s && !%s) && (%s || %s)',
       'X-Mailer=/https?:/H',