Closed dragoangel closed 1 week ago
MIME_BAD_EXTENSION(9.10){exe;},MIME_BAD_UNICODE(8.00){0x202ed after scan;},MIME_OBFUSCATED_ARCHIVE(8.00){obfuscated archive;scan�s�x�l�x�.rar;
- case of evil usage of 202e -LRM where some OS can put scanrar.xlsx name? I not sure, but, I think the real proper fix would be to set MIME_BAD_UNICODE
and MIME_OBFUSCATED_ARCHIVE
symbol to 1.0
if not 0.1
, and give them score via composite over MIME_BAD_EXTENSION
, because there is too much cases when people can name files like Müller.rar
, החתלתול האהוב עליי.jpg
or قطتي المفضلة.jpg
and so on...
Resolve cases from https://github.com/rspamd/rspamd/discussions/4893