import { Email } from '../mail/core/classes.email.js';
/**
 * Scan result information
 */
export interface IScanResult {
    isClean: boolean;
    threatType?: string;
    threatDetails?: string;
    threatScore: number;
    scannedElements: string[];
    timestamp: number;
}
/**
 * Options for content scanner configuration
 */
export interface IContentScannerOptions {
    maxCacheSize?: number;
    cacheTTL?: number;
    scanSubject?: boolean;
    scanBody?: boolean;
    scanAttachments?: boolean;
    maxAttachmentSizeToScan?: number;
    scanAttachmentNames?: boolean;
    blockExecutables?: boolean;
    blockMacros?: boolean;
    customRules?: Array<{
        pattern: string | RegExp;
        type: string;
        score: number;
        description: string;
    }>;
    minThreatScore?: number;
    highThreatScore?: number;
}
/**
 * Threat categories
 */
export declare enum ThreatCategory {
    SPAM = "spam",
    PHISHING = "phishing",
    MALWARE = "malware",
    EXECUTABLE = "executable",
    SUSPICIOUS_LINK = "suspicious_link",
    MALICIOUS_MACRO = "malicious_macro",
    XSS = "xss",
    SENSITIVE_DATA = "sensitive_data",
    BLACKLISTED_CONTENT = "blacklisted_content",
    CUSTOM_RULE = "custom_rule"
}
/**
 * Content Scanner for detecting malicious email content
 */
export declare class ContentScanner {
    private static instance;
    private scanCache;
    private options;
    /**
     * Default options for the content scanner
     */
    private static readonly DEFAULT_OPTIONS;
    /**
     * Constructor for the ContentScanner
     * @param options Configuration options
     */
    constructor(options?: IContentScannerOptions);
    /**
     * Get the singleton instance of the scanner
     * @param options Configuration options
     * @returns Singleton scanner instance
     */
    static getInstance(options?: IContentScannerOptions): ContentScanner;
    /**
     * Scan an email for malicious content.
     * Delegates text/subject/html/filename pattern scanning to Rust.
     * Binary attachment scanning (PE headers, VBA macros) stays in TS.
     * @param email The email to scan
     * @returns Scan result
     */
    scanEmail(email: Email): Promise<IScanResult>;
    /**
     * Generate a cache key from an email
     * @param email The email to generate a key for
     * @returns Cache key
     */
    private generateCacheKey;
    /**
     * Scan attachment binary content for PE headers and VBA macros.
     * This stays in TS because it accesses raw Buffer data (too large for IPC).
     * @param attachment The attachment to scan
     * @param result The scan result to update
     */
    private scanAttachmentBinary;
    /**
     * Apply custom rules (runtime-configured patterns) to the email.
     * These stay in TS because they are configured at runtime.
     * @param email The email to check
     * @param result The scan result to update
     */
    private applyCustomRules;
    /**
     * Extract text from a binary buffer for scanning
     * @param buffer Binary content
     * @returns Extracted text (may be partial)
     */
    private extractTextFromBuffer;
    /**
     * Check if an Office document likely contains macros
     * @param attachment The attachment to check
     * @returns Whether the file likely contains macros
     */
    private likelyContainsMacros;
    /**
     * Log a high threat finding to the security logger
     * @param email The email containing the threat
     * @param result The scan result
     */
    private logHighThreatFound;
    /**
     * Log a threat finding to the security logger
     * @param email The email containing the threat
     * @param result The scan result
     */
    private logThreatFound;
    /**
     * Get threat level description based on score
     * @param score Threat score
     * @returns Threat level description
     */
    static getThreatLevel(score: number): 'none' | 'low' | 'medium' | 'high';
}