131 lines
3.8 KiB
TypeScript
131 lines
3.8 KiB
TypeScript
import { Email } from '../mail/core/classes.email.js';
|
|
/**
|
|
* Scan result information
|
|
*/
|
|
export interface IScanResult {
|
|
isClean: boolean;
|
|
threatType?: string;
|
|
threatDetails?: string;
|
|
threatScore: number;
|
|
scannedElements: string[];
|
|
timestamp: number;
|
|
}
|
|
/**
|
|
* Options for content scanner configuration
|
|
*/
|
|
export interface IContentScannerOptions {
|
|
maxCacheSize?: number;
|
|
cacheTTL?: number;
|
|
scanSubject?: boolean;
|
|
scanBody?: boolean;
|
|
scanAttachments?: boolean;
|
|
maxAttachmentSizeToScan?: number;
|
|
scanAttachmentNames?: boolean;
|
|
blockExecutables?: boolean;
|
|
blockMacros?: boolean;
|
|
customRules?: Array<{
|
|
pattern: string | RegExp;
|
|
type: string;
|
|
score: number;
|
|
description: string;
|
|
}>;
|
|
minThreatScore?: number;
|
|
highThreatScore?: number;
|
|
}
|
|
/**
|
|
* Threat categories
|
|
*/
|
|
export declare enum ThreatCategory {
|
|
SPAM = "spam",
|
|
PHISHING = "phishing",
|
|
MALWARE = "malware",
|
|
EXECUTABLE = "executable",
|
|
SUSPICIOUS_LINK = "suspicious_link",
|
|
MALICIOUS_MACRO = "malicious_macro",
|
|
XSS = "xss",
|
|
SENSITIVE_DATA = "sensitive_data",
|
|
BLACKLISTED_CONTENT = "blacklisted_content",
|
|
CUSTOM_RULE = "custom_rule"
|
|
}
|
|
/**
|
|
* Content Scanner for detecting malicious email content
|
|
*/
|
|
export declare class ContentScanner {
|
|
private static instance;
|
|
private scanCache;
|
|
private options;
|
|
/**
|
|
* Default options for the content scanner
|
|
*/
|
|
private static readonly DEFAULT_OPTIONS;
|
|
/**
|
|
* Constructor for the ContentScanner
|
|
* @param options Configuration options
|
|
*/
|
|
constructor(options?: IContentScannerOptions);
|
|
/**
|
|
* Get the singleton instance of the scanner
|
|
* @param options Configuration options
|
|
* @returns Singleton scanner instance
|
|
*/
|
|
static getInstance(options?: IContentScannerOptions): ContentScanner;
|
|
/**
|
|
* Scan an email for malicious content.
|
|
* Delegates text/subject/html/filename pattern scanning to Rust.
|
|
* Binary attachment scanning (PE headers, VBA macros) stays in TS.
|
|
* @param email The email to scan
|
|
* @returns Scan result
|
|
*/
|
|
scanEmail(email: Email): Promise<IScanResult>;
|
|
/**
|
|
* Generate a cache key from an email
|
|
* @param email The email to generate a key for
|
|
* @returns Cache key
|
|
*/
|
|
private generateCacheKey;
|
|
/**
|
|
* Scan attachment binary content for PE headers and VBA macros.
|
|
* This stays in TS because it accesses raw Buffer data (too large for IPC).
|
|
* @param attachment The attachment to scan
|
|
* @param result The scan result to update
|
|
*/
|
|
private scanAttachmentBinary;
|
|
/**
|
|
* Apply custom rules (runtime-configured patterns) to the email.
|
|
* These stay in TS because they are configured at runtime.
|
|
* @param email The email to check
|
|
* @param result The scan result to update
|
|
*/
|
|
private applyCustomRules;
|
|
/**
|
|
* Extract text from a binary buffer for scanning
|
|
* @param buffer Binary content
|
|
* @returns Extracted text (may be partial)
|
|
*/
|
|
private extractTextFromBuffer;
|
|
/**
|
|
* Check if an Office document likely contains macros
|
|
* @param attachment The attachment to check
|
|
* @returns Whether the file likely contains macros
|
|
*/
|
|
private likelyContainsMacros;
|
|
/**
|
|
* Log a high threat finding to the security logger
|
|
* @param email The email containing the threat
|
|
* @param result The scan result
|
|
*/
|
|
private logHighThreatFound;
|
|
/**
|
|
* Log a threat finding to the security logger
|
|
* @param email The email containing the threat
|
|
* @param result The scan result
|
|
*/
|
|
private logThreatFound;
|
|
/**
|
|
* Get threat level description based on score
|
|
* @param score Threat score
|
|
* @returns Threat level description
|
|
*/
|
|
static getThreatLevel(score: number): 'none' | 'low' | 'medium' | 'high';
|
|
}
|