Hi,
Can I use regexes and rawbody in the spamassassin module in rspamd, or can rspamd take care of this. Few examples below.
And do I put the config in this file?
# cat /etc/rspamd/local.d/spamassassin.conf
spamassassin {
ruleset = "/etc/rspamd/spamassassin/
local.cf";
# Limit search size to 100 kilobytes for all regular expressions
match_limit = 100k;
# Those regexp atoms will not be passed through hyperscan:
pcre_only = ["RULE1", "__RULE2"];
alpha = 0.1
}
describe SJL_OBFU_SUBJ_VIAGRA Obfuscated viagra in Subject
header SJL_OBFU_SUBJ_VIAGRA Subject =~ /(?:\b[vu]|\B(?:\\\/|\xCE\xBD))[\W_]{0,3}(?:[il1:\|\*\xCC-\xCF\xEC-\xEF\xA6]|\xC4[\xA8-\xB0]|\xC4\xBA|\xC4\xBC|\xC4\xBE|\xC5\x80|\xC5\x82|\xC7[\x8F-\x90]|\xD0[\x86-\x87]|\xD1[\x96-\x97]|\xCE\x8A|\xCE\x90|\xCE\x99|\xCE\xAA|\xCE\xAF|\xCE\xB9|\xCF\x8A)[\W_]{0,3}(?:[a4\*\@\xC0-\xC5\xAA\xE0-\xE5]|\/\\|\xC4[\x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]|\xCE\x86|\xCE\x91|\xCE\x94|\xCE\x9B|\xCE\xAC|\xCE\xB1|\xD0\x90|\xD0\xB0)[\W_]{0,3}(?:[g6]|\xC4[\x9C-\xA3]])[\W_]{0,3}(?:[r\xAE]|\xC5[\x94-\x99]|\xD1\x93)[\W_]{0,3}(?:[a4]\b|(?:[\*\@\xC0-\xC5\xAA\xE0-\xE5]|\/\\|\xC4[\x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]|\xCE\x86|\xCE\x91|\xCE\x94|\xCE\x9B|\xCE\xAC|\xCE\xB1|\xD0\x90|\xD0\xB0)\B)/i
score SJL_OBFU_SUBJ_VIAGRA 2.5
# ASCII-0
rawbody SJL_MIME_ASCII0 /\0/
describe SJL_MIME_ASCII0 Message body contains ASCII-0 character
score SJL_MIME_ASCII0 5
# Detect excessive multiple htmlline breaks <br/>
rawbody __LOC_BR /<br>/
tflags __LOC_BR multiple maxhits=21
meta LOC_MULT_BR __LOC_BR > 20
score LOC_MULT_BR 0.2
describe LOC_MULT_BR At least 20 br tags found