import { Email } from '../mail/core/classes.email.js'; /** * Scan result information */ export interface IScanResult { isClean: boolean; threatType?: string; threatDetails?: string; threatScore: number; scannedElements: string[]; timestamp: number; } /** * Options for content scanner configuration */ export interface IContentScannerOptions { maxCacheSize?: number; cacheTTL?: number; scanSubject?: boolean; scanBody?: boolean; scanAttachments?: boolean; maxAttachmentSizeToScan?: number; scanAttachmentNames?: boolean; blockExecutables?: boolean; blockMacros?: boolean; customRules?: Array<{ pattern: string | RegExp; type: string; score: number; description: string; }>; minThreatScore?: number; highThreatScore?: number; } /** * Threat categories */ export declare enum ThreatCategory { SPAM = "spam", PHISHING = "phishing", MALWARE = "malware", EXECUTABLE = "executable", SUSPICIOUS_LINK = "suspicious_link", MALICIOUS_MACRO = "malicious_macro", XSS = "xss", SENSITIVE_DATA = "sensitive_data", BLACKLISTED_CONTENT = "blacklisted_content", CUSTOM_RULE = "custom_rule" } /** * Content Scanner for detecting malicious email content */ export declare class ContentScanner { private static instance; private scanCache; private options; private static readonly MALICIOUS_PATTERNS; private static readonly EXECUTABLE_EXTENSIONS; private static readonly MACRO_DOCUMENT_EXTENSIONS; /** * Default options for the content scanner */ private static readonly DEFAULT_OPTIONS; /** * Constructor for the ContentScanner * @param options Configuration options */ constructor(options?: IContentScannerOptions); /** * Get the singleton instance of the scanner * @param options Configuration options * @returns Singleton scanner instance */ static getInstance(options?: IContentScannerOptions): ContentScanner; /** * Scan an email for malicious content * @param email The email to scan * @returns Scan result */ scanEmail(email: Email): Promise; /** * Generate a cache key from an email * @param email The email to generate a key for * @returns Cache key */ private generateCacheKey; /** * Scan email subject for threats * @param subject The subject to scan * @param result The scan result to update */ private scanSubject; /** * Scan plain text content for threats * @param text The text content to scan * @param result The scan result to update */ private scanTextContent; /** * Scan HTML content for threats * @param html The HTML content to scan * @param result The scan result to update */ private scanHtmlContent; /** * Scan an attachment for threats * @param attachment The attachment to scan * @param result The scan result to update */ private scanAttachment; /** * Extract links from HTML content * @param html HTML content * @returns Array of extracted links */ private extractLinksFromHtml; /** * Extract plain text from HTML * @param html HTML content * @returns Extracted text */ private extractTextFromHtml; /** * Extract text from a binary buffer for scanning * @param buffer Binary content * @returns Extracted text (may be partial) */ private extractTextFromBuffer; /** * Check if an Office document likely contains macros * This is a simplified check - real implementation would use specialized libraries * @param attachment The attachment to check * @returns Whether the file likely contains macros */ private likelyContainsMacros; /** * Map a pattern category to a threat type * @param category The pattern category * @returns The corresponding threat type */ private mapCategoryToThreatType; /** * Log a high threat finding to the security logger * @param email The email containing the threat * @param result The scan result */ private logHighThreatFound; /** * Log a threat finding to the security logger * @param email The email containing the threat * @param result The scan result */ private logThreatFound; /** * Get threat level description based on score * @param score Threat score * @returns Threat level description */ static getThreatLevel(score: number): 'none' | 'low' | 'medium' | 'high'; }