[Conf] Increase scores for strange things in the archives

diff --git a/rules/archives.lua b/rules/archives.lua
index 83ac27df8679eab918c6645a7a9c4d7934972702..c582b93bd224c58f9fb3415dea234d68456b8071 100644 (file)
--- a/rules/archives.lua
+++ b/rules/archives.lua
@@ -2,19 +2,19 @@ local rspamd_regexp = require "rspamd_regexp"
 local lua_maps = require "lua_maps"
 
 local clickbait_map = lua_maps.map_add_from_ucl(
-  {
-    string.format('%s/maps.d/%s', rspamd_paths.CONFDIR, 'exe_clickbait.inc'),
-    string.format('%s/local.d/maps.d/%s', rspamd_paths.LOCAL_CONFDIR, 'exe_clickbait.inc')
-  },
-  'regexp',
-  'Inappropriate descriptions for executables'
+    {
+      string.format('%s/maps.d/%s', rspamd_paths.CONFDIR, 'exe_clickbait.inc'),
+      string.format('%s/local.d/maps.d/%s', rspamd_paths.LOCAL_CONFDIR, 'exe_clickbait.inc')
+    },
+    'regexp',
+    'Inappropriate descriptions for executables'
 )
 
 local exe_re = rspamd_regexp.create_cached([[/\.exe$|\.com$/i]])
 local img_re = rspamd_regexp.create_cached([[/\.img$/i]])
 local rar_re = rspamd_regexp.create_cached([[/\.rar$|\.r[0-9]{2}$/i]])
 
-local id = rspamd_config:register_symbol{
+local id = rspamd_config:register_symbol {
   callback = function(task)
     local num_checked = 0
     local have_subject_clickbait = false
@@ -52,7 +52,7 @@ local id = rspamd_config:register_symbol{
           local name = info.name
 
           if img_re:match(name) then
-            local ratio = info.uncompressed_size/info.compressed_size
+            local ratio = info.uncompressed_size / info.compressed_size
             if ratio >= 500 then
               task:insert_result('UDF_COMPRESSION_500PLUS', 1.0)
             end
@@ -86,7 +86,7 @@ local id = rspamd_config:register_symbol{
   type = 'callback',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'exe file in archive with clickbait filename',
   group = 'malware',
   name = 'EXE_ARCHIVE_CLICKBAIT_FILENAME',
@@ -96,7 +96,7 @@ rspamd_config:register_symbol{
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'exe file in archive with clickbait subject',
   group = 'malware',
   name = 'EXE_ARCHIVE_CLICKBAIT_SUBJECT',
@@ -106,47 +106,47 @@ rspamd_config:register_symbol{
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'exe file in archive',
   group = 'malware',
   name = 'EXE_IN_ARCHIVE',
   one_shot = true,
   parent = id,
-  score = 0.5,
+  score = 1.5,
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'rar with wrong extension containing exe file',
   group = 'malware',
   name = 'EXE_IN_MISIDENTIFIED_RAR',
   one_shot = true,
   parent = id,
-  score = 2.0,
+  score = 5.0,
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'rar with wrong extension',
   group = 'malware',
   name = 'MISIDENTIFIED_RAR',
   one_shot = true,
   parent = id,
-  score = 2.0,
+  score = 4.0,
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'single file container bearing executable',
   group = 'malware',
   name = 'SINGLE_FILE_ARCHIVE_WITH_EXE',
   one_shot = true,
   parent = id,
-  score = 1.0,
+  score = 5.0,
   type = 'virtual',
 }
 
-rspamd_config:register_symbol{
+rspamd_config:register_symbol {
   description = 'very well compressed img file in archive',
   name = 'UDF_COMPRESSION_500PLUS',
   one_shot = true,