# Content matching rules
#
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details

description = "Content rules";

symbols = {
  "PDF_ENCRYPTED" {
    weight = 0.3;
    description = "There is an encrypted PDF in the message";
    one_shot = true;
  }
  "PDF_JAVASCRIPT" {
    weight = 0.1;
    description = "There is an PDF with JavaScript in the message";
    one_shot = true;
  }
  "PDF_SUSPICIOUS" {
    weight = 4.5;
    description = "There is an PDF with suspicious properties in the message";
    one_shot = true;
  }
  "PDF_LONG_TRAILER" {
    weight = 0.2;
    description = "There is an PDF with a long trailer in the message";
    one_shot = true;
  }
  "PDF_MANY_OBJECTS" {
    weight = 0;
    description = "There is a PDF with too many objects in the message";
    one_shot = true;
  }
  "PDF_TIMEOUT" {
    weight = 0;
    description = "There is a PDF in the message that caused timeout in processing";
    one_shot = true;
  }
}