/* * Copyright (C) 2006 Török Edvin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. */ #ifdef CL_EXPERIMENTAL #ifndef _PHISH_CHECK_H #define _PHISH_CHECK_H #ifdef HAVE_REGEX_H #include #endif #define CL_PHISH_BASE 100 enum phish_status {CL_PHISH_NODECISION=0,CL_PHISH_CLEAN=CL_PHISH_BASE, CL_PHISH_CLEANUP_OK,CL_PHISH_HOST_OK, CL_PHISH_DOMAIN_OK, CL_PHISH_HOST_NOT_LISTED, CL_PHISH_REDIR_OK, CL_PHISH_HOST_REDIR_OK, CL_PHISH_DOMAIN_REDIR_OK, CL_PHISH_HOST_REVERSE_OK,CL_PHISH_DOMAIN_REVERSE_OK, CL_PHISH_WHITELISTED,CL_PHISH_HOST_WHITELISTED, CL_PHISH_CLEAN_CID, CL_PHISH_TEXTURL, CL_PHISH_MAILTO_OK, CL_PHISH_CLOAKED_UIU, CL_PHISH_NUMERIC_IP,CL_PHISH_HEX_URL,CL_PHISH_CLOAKED_NULL,CL_PHISH_SSL_SPOOF, CL_PHISH_NOMATCH}; #define HOST_SUFFICIENT 1 #define DOMAIN_SUFFICIENT (HOST_SUFFICIENT | 2) #define DO_REVERSE_LOOKUP 4 #define CHECK_REDIR 8 #define CHECK_SSL 16 #define CHECK_CLOAKING 32 #define CLEANUP_URL 64 #define CHECK_DOMAIN_REVERSE 128 #define CHECK_IMG_URL 256 #define DOMAINLIST_REQUIRED 512 /* img checking disabled by default */ #define CL_PHISH_ALL_CHECKS (CLEANUP_URL|DOMAIN_SUFFICIENT|CHECK_SSL|CHECK_CLOAKING|DOMAINLIST_REQUIRED|CHECK_IMG_URL) struct string { int refcount; struct string* ref; char* data; }; struct phishcheck { regex_t preg; regex_t preg_tld; regex_t preg_cctld; regex_t preg_numeric; char* url_regex; int is_disabled; }; struct url_check { struct string realLink; struct string displayLink; unsigned short flags; }; int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs); enum phish_status phishingCheck(const struct cl_engine* engine,struct url_check* urls); int whitelist_check(const struct cl_engine* engine,struct url_check* urls,int hostOnly); void url_check_init(struct url_check* urls); void string_free(struct string* str); void string_assign(struct string* dest,struct string* src); void string_assign_c(struct string* dest,char* data); int string_assign_dup(struct string* dest,const char* start,const char* end); void string_assign_ref(struct string* dest,struct string* ref,char* data); void free_if_needed(struct url_check* url); int get_host(const struct phishcheck* pchk,struct string* dest,const char* URL,int isReal,int* phishy); int isCountryCode(const struct phishcheck* s,const char* str); int isTLD(const struct phishcheck* s,const char* str,int len); void get_domain(const struct phishcheck* pchk,struct string* dest,struct string* host); int ip_reverse(struct url_check* urls,int isReal); void reverse_lookup(struct url_check* url,int isReal); int isNumeric(const char* host); int isSSL(const char* URL); int cleanupURL(struct string* URL,int isReal); void get_redirected_URL(struct string* URL); int isURL(const struct phishcheck* pchk,const char* URL); enum phish_status cleanupURLs(struct url_check* urls); int isNumericURL(const struct phishcheck* pchk, const char* URL); int url_get_host(const struct phishcheck* pchk, struct url_check* url,struct url_check* host_url,int isReal,int* phishy); void url_get_domain(const struct phishcheck* pchk, struct url_check* url,struct url_check* domains); enum phish_status phishy_map(int phishy,enum phish_status fallback); int isEncoded(const char* url); void phish_disable(struct cl_engine* engine,const char* reason); /* Global, non-thread-safe functions, call only once! */ int phishing_init(struct cl_engine* engine); void phishing_done(struct cl_engine* engine); /* end of non-thread-safe functions */ static inline int isPhishing(enum phish_status rc) { switch(rc) { case CL_PHISH_CLEAN: case CL_PHISH_CLEANUP_OK: case CL_PHISH_WHITELISTED: case CL_PHISH_HOST_WHITELISTED: case CL_PHISH_HOST_OK: case CL_PHISH_DOMAIN_OK: case CL_PHISH_REDIR_OK: case CL_PHISH_HOST_REDIR_OK: case CL_PHISH_DOMAIN_REDIR_OK: case CL_PHISH_HOST_REVERSE_OK: case CL_PHISH_DOMAIN_REVERSE_OK: case CL_PHISH_MAILTO_OK: case CL_PHISH_TEXTURL: case CL_PHISH_HOST_NOT_LISTED: case CL_PHISH_CLEAN_CID: return 0; case CL_PHISH_HEX_URL: case CL_PHISH_CLOAKED_NULL: case CL_PHISH_SSL_SPOOF: case CL_PHISH_CLOAKED_UIU: case CL_PHISH_NUMERIC_IP: case CL_PHISH_NOMATCH: return 1; default: return 1; } } const char* phishing_ret_toString(enum phish_status rc); #endif #endif