Update decode-spam-headers.py

Added dest:C and dest:D as possible options within X-Microsoft-Antispam-Mailbox-Delivery header
This commit is contained in:
shadow-helix 2024-12-19 13:42:05 +00:00 committed by GitHub
parent 0489be1e7d
commit 964ca0c32e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -5801,8 +5801,13 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
if k not in parsed.keys(): if k not in parsed.keys():
parsed[k.lower()] = v parsed[k.lower()] = v
if 'ucf' in parsed.keys() and 'dest' in parsed.keys() and parsed['ucf'] == '1' and parsed['dest'] == 'J': if 'ucf' in parsed.keys() and 'dest' in parsed.keys() and parsed['ucf'] == '1':
result += self.logger.colored(f'- WARNING: User created a custom mail rule that moved this message to JUNK folder!\n', "red") if parsed['dest'] == 'J':
result += self.logger.colored(f'- WARNING: User created a custom mail rule that moved this message to JUNK folder!\n', "red")
elif parsed['dest'] == 'D':
result += self.logger.colored(f'- WARNING: User created a custom mail rule that moved this message to DELETED ITEMS folder!\n', "red")
elif parsed['dest'] == 'C':
result += self.logger.colored(f'- WARNING: User created a custom mail rule that moved this message to a custom (non built-in) folder!\n', "red")
for k, v in parsed.items(): for k, v in parsed.items():
elem = None elem = None