From 4c2e13009b63505ecf310b7c1086a431103e9895 Mon Sep 17 00:00:00 2001
From: Michael Kuron <mkuron@users.noreply.github.com>
Date: Fri, 17 Jan 2020 22:19:12 +0100
Subject: [PATCH] rspamd: More comprehensive attachment handling (#3273)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad
---
 data/conf/rspamd/local.d/external_services.conf |  2 ++
 data/conf/rspamd/local.d/mime_types.conf        | 11 ++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/external_services.conf b/data/conf/rspamd/local.d/external_services.conf
index bed4d917..f05314b8 100644
--- a/data/conf/rspamd/local.d/external_services.conf
+++ b/data/conf/rspamd/local.d/external_services.conf
@@ -4,4 +4,6 @@ oletools {
   # needs to be set explicitly for Rspamd < 1.9.5
   scan_mime_parts = true;
   # mime-part regex matching in content-type or filename
+  # block all macros
+  extended = true;
 }
diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf
index eaa8ea09..a4cdce7e 100644
--- a/data/conf/rspamd/local.d/mime_types.conf
+++ b/data/conf/rspamd/local.d/mime_types.conf
@@ -4,13 +4,22 @@ bad_extensions = {
   scr = 4,
   lnk = 4,
   exe = 1,
+  msi = 1,
+  msp = 1,
+  msu = 1,
   jar = 2,
   com = 4,
   bat = 4,
+  cmd = 4,
+  ps1 = 4,
   ace = 4,
   arj = 4,
   cab = 3,
-  doc = 10,
+  vbs = 4,
+  hta = 4,
+  shs = 4,
+  wsc = 4,
+  wsf = 4,
 };
 
 # Extensions that are particularly penalized for archives