From 7b3fd1688c8d6634b67acced10f770792c928a91 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Wed, 26 Jun 2024 16:21:57 +0200
Subject: [PATCH] Exclude MIME_BAD_UNICODE false positive (#5030)

* Update composites.conf

* Update composites.conf

* Update composites.conf

* Update composites.conf

* Update mime_types_group.conf

* Update mime_types_group.conf

* Update composites.conf
---
 conf/composites.conf                | 12 ++++++++++++
 conf/scores.d/mime_types_group.conf |  4 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/conf/composites.conf b/conf/composites.conf
index b1bff1c1a8..4fb97588f9 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -203,6 +203,18 @@ composites {
     policy = "leave";
     description = "Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL";
   }
+  MIME_BAD_EXT_IN_OBFUSCATED_ARCHIVE {
+    expression = "MIME_BAD_EXTENSION and MIME_OBFUSCATED_ARCHIVE";
+    score = 8.0;
+    policy = leave;
+    description = "Attachment with bad extension and archive that has filename with clear obfuscation signs";
+  }
+  MIME_BAD_EXT_WITH_BAD_UNICODE {
+    expression = "MIME_BAD_EXTENSION and MIME_BAD_UNICODE";
+    score = 8.0;
+    policy = leave;
+    description = "Attachment with bad extension and filename that has known obscured unicode characters";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/conf/scores.d/mime_types_group.conf b/conf/scores.d/mime_types_group.conf
index 268709ee91..13778fe917 100644
--- a/conf/scores.d/mime_types_group.conf
+++ b/conf/scores.d/mime_types_group.conf
@@ -46,7 +46,7 @@ symbols = {
         one_shot = true;
     }
     "MIME_OBFUSCATED_ARCHIVE" {
-        weight = 8.0;
+        weight = 2.0;
         description = "Archive has files with clear obfuscation signs";
         one_shot = true;
     }
@@ -71,7 +71,7 @@ symbols = {
         one_shot = true;
     }
     "MIME_BAD_UNICODE" {
-        weight = 8.0;
+        weight = 2.0;
         description = "Filename with known obscured unicode characters";
         one_shot = true;
     }
-- 
2.47.3