dragoangel
commented
1 week ago MIME_BAD_EXTENSION(9.10){exe;},MIME_BAD_UNICODE(8.00){0x202ed after scan;},MIME_OBFUSCATED_ARCHIVE(8.00){obfuscated archive;scan�s�x�l�x�.rar; - case of evil usage of 202e -LRM where some OS can put scanrar.xlsx name? I not sure, but, I think the real proper fix would be to set MIME_BAD_UNICODE and MIME_OBFUSCATED_ARCHIVE symbol to 1.0 if not 0.1, and give them score via composite over MIME_BAD_EXTENSION, because there is too much cases when people can name files like Müller.rar, החתלתול האהוב עליי.jpg or قطتي المفضلة.jpg and so on...
Resolve cases from https://github.com/rspamd/rspamd/discussions/4893