|
|
@@ -0,0 +1,34 @@
|
|
|
+# Extensions that are treated as 'bad'
|
|
|
+# Number is score multiply factor
|
|
|
+bad_extensions = {
|
|
|
+ scr = 4,
|
|
|
+ lnk = 4,
|
|
|
+ exe = 1,
|
|
|
+ jar = 2,
|
|
|
+ com = 4,
|
|
|
+ bat = 4,
|
|
|
+ ace = 4,
|
|
|
+ arj = 4,
|
|
|
+ cab = 3,
|
|
|
+};
|
|
|
+
|
|
|
+# Extensions that are particularly penalized for archives
|
|
|
+bad_archive_extensions = {
|
|
|
+ pptx = 0.5,
|
|
|
+ docx = 0.5,
|
|
|
+ xlsx = 0.5,
|
|
|
+ pdf = 1.0,
|
|
|
+ jar = 3,
|
|
|
+ js = 0.5,
|
|
|
+ vbs = 7,
|
|
|
+};
|
|
|
+
|
|
|
+# Used to detect another archive in archive
|
|
|
+archive_extensions = {
|
|
|
+ zip = 1,
|
|
|
+ arj = 1,
|
|
|
+ rar = 1,
|
|
|
+ ace = 1,
|
|
|
+ 7z = 1,
|
|
|
+ cab = 1,
|
|
|
+};
|
andryyy