From a8061f3ed361670e7e267f416ace05b354718193 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Thu, 24 Nov 2022 12:25:41 +0100 Subject: [PATCH] doh --- core/rspamd/conf/composites.conf | 2 +- core/rspamd/conf/external_services_group.conf | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/core/rspamd/conf/composites.conf b/core/rspamd/conf/composites.conf index 912061af..eaf48d8e 100644 --- a/core/rspamd/conf/composites.conf +++ b/core/rspamd/conf/composites.conf @@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR { score = 20.0; } OLETOOLS_MACRO_SUSPICIOUS { - expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_AUTOEXEC"; + expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_A"; message = "Rejected (malicious macro)"; policy = "leave"; score = 20.0; diff --git a/core/rspamd/conf/external_services_group.conf b/core/rspamd/conf/external_services_group.conf index bed44eea..ac032fbc 100644 --- a/core/rspamd/conf/external_services_group.conf +++ b/core/rspamd/conf/external_services_group.conf @@ -7,4 +7,32 @@ symbols = { description = "OLETOOLS found a Macro"; one_shot = true; }, + "OLETOOLS_MACRO_FOUND" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_AUTOEXEC" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_SUSPICIOUS" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_VBASTOMP" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_A" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_W" { + weight = 0.0; + one_shot = true; + }, + "OLETOOLS_X" { + weight = 0.0; + one_shot = true; + }, }