This commit is contained in:
Mariusz B. / mgeeky 2021-10-17 19:16:52 +02:00
parent 3a609949bf
commit d11d4d1e8c
2 changed files with 21 additions and 0 deletions

View File

@ -34,6 +34,7 @@
- `X-Ovh-Spam-Reason` - `X-Ovh-Spam-Reason`
- `X-VR-SPAMCAUSE` - `X-VR-SPAMCAUSE`
- `X-VR-SPAMSCORE` - `X-VR-SPAMSCORE`
- `X-Virus-Scanned`
- and more... - and more...
Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them. Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them.

View File

@ -31,6 +31,7 @@
# - X-Ovh-Spam-Reason # - X-Ovh-Spam-Reason
# - X-VR-SPAMCAUSE # - X-VR-SPAMCAUSE
# - X-VR-SPAMSCORE # - X-VR-SPAMSCORE
# - X-Virus-Scanned
# #
# Usage: # Usage:
# ./decode-spam-headers [options] <smtp-headers.txt> # ./decode-spam-headers [options] <smtp-headers.txt>
@ -248,6 +249,8 @@ class SMTPHeadersAnalysis:
'atp', 'atp',
'defend', 'defend',
'assassin', 'assassin',
'virus',
'scan'
) )
Interesting_Headers = ( Interesting_Headers = (
@ -293,6 +296,7 @@ class SMTPHeadersAnalysis:
'X-Ovh-Spam-Reason', 'X-Ovh-Spam-Reason',
'X-VR-SPAMSCORE', 'X-VR-SPAMSCORE',
'X-VR-SPAMCAUSE', 'X-VR-SPAMCAUSE',
'X-Virus-Scanned',
) )
auth_result = { auth_result = {
@ -901,6 +905,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.results['OVH\'s X-VR-SPAMCAUSE'] = self.testSpamCause() self.results['OVH\'s X-VR-SPAMCAUSE'] = self.testSpamCause()
self.results['OVH\'s X-Ovh-Spam-Reason'] = self.testOvhSpamReason() self.results['OVH\'s X-Ovh-Spam-Reason'] = self.testOvhSpamReason()
self.results['OVH\'s X-Ovh-Spam-Score'] = self.testOvhSpamScore() self.results['OVH\'s X-Ovh-Spam-Score'] = self.testOvhSpamScore()
self.results['X-Virus-Scan'] = self.testXVirusScan()
return {k: v for k, v in self.results.items() if v} return {k: v for k, v in self.results.items() if v}
@ -966,6 +971,21 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
lines.append(line) lines.append(line)
return '\n'.join(lines) return '\n'.join(lines)
def testXVirusScan(self):
(num, header, value) = self.getHeader('X-Virus-Scanned')
if num == -1: return []
result = f'- Message was scanned with an Anti-Virus.'
if len(result) == 0:
return []
return {
'header' : header,
'value': value,
'analysis' : result
}
def testOvhSpamScore(self): def testOvhSpamScore(self):
(num, header, value) = self.getHeader('X-VR-SPAMSCORE') (num, header, value) = self.getHeader('X-VR-SPAMSCORE')
if num == -1: return [] if num == -1: return []