def test_check_specific_domains(self): """Test if only domains from the config file get checked""" shouldcheck = [ 'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org' ] shouldnotcheck = [ 'evil11.unittests.fuglu.org', 'evil22.unittests.fuglu.org' ] config = self._make_config(checkdomains=shouldcheck, virusaction='REJECT', rejectmessage='spearphish') candidate = SpearPhishPlugin(None) candidate.config = config for domain in shouldcheck: suspect = self._make_dummy_suspect( envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain) self.assertEqual(candidate.examine(suspect), (REJECT, 'spearphish'), ' spearphish should have been detected') for domain in shouldnotcheck: suspect = self._make_dummy_suspect( envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain) self.assertEqual( candidate.examine(suspect), DUNNO, 'spearphish should have been ignored - not in config file')
def test_check_all_domains(self): """Test if all domains are checked if an empty file is configured""" shouldcheck = ['evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org'] config = self._make_config(checkdomains=[], virusaction='REJECT', rejectmessage='spearphish') candidate = SpearPhishPlugin(None) candidate.config = config for domain in shouldcheck: suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain) self.assertEqual(candidate.examine(suspect), (REJECT, 'spearphish'), ' spearphish should have been detected')
def test_check_specific_domains(self): """Test if only domains from the config file get checked""" shouldcheck = ['evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org'] shouldnotcheck = ['evil11.unittests.fuglu.org', 'evil22.unittests.fuglu.org'] config = self._make_config(checkdomains=shouldcheck, virusaction='REJECT', rejectmessage='spearphish') candidate = SpearPhishPlugin(None) candidate.config = config for domain in shouldcheck: suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain) self.assertEqual(candidate.examine(suspect), (REJECT, 'spearphish'), ' spearphish should have been detected') for domain in shouldnotcheck: suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain) self.assertEqual(candidate.examine(suspect), DUNNO, 'spearphish should have been ignored - not in config file' )
def test_specification(self): """Check if the plugin works as intended: Only hit if header_from_domain = recipient domain but different envelope sender domain """ config = self._make_config(checkdomains=[], virusaction='REJECT', rejectmessage='spearphish') candidate = SpearPhishPlugin(None) candidate.config = config # the spearphish case, header from = recipient, but different env sender self.assertEqual(candidate.examine( self._make_dummy_suspect( envelope_sender_domain='a.example.com', recipient_domain='b.example.com', header_from_domain='b.example.com')), (REJECT, 'spearphish'), 'spearphish should have been detected') # don't hit if env sender matches as well self.assertEqual(candidate.examine( self._make_dummy_suspect( envelope_sender_domain='c.example.com', recipient_domain='c.example.com', header_from_domain='c.example.com')), DUNNO, 'env sender domain = recipient domain should NOT be flagged as spearphish (1)') # don't hit if all different self.assertEqual(candidate.examine( self._make_dummy_suspect( envelope_sender_domain='d.example.com', recipient_domain='e.example.com', header_from_domain='f.example.com')), (DUNNO, None), 'env sender domain = recipient domain should NOT be flagged as spearphish (2)')
def test_emptyfrom(self): """Check with empty mail but address in display part""" shouldcheck = [ 'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org' ] config = self._make_config(checkdomains=shouldcheck, virusaction='REJECT', rejectmessage='spearphish', check_display_part='True') candidate = SpearPhishPlugin(None) candidate.config = config domain = 'evil1.unittests.fuglu.org' envelope_sender_domain = 'example.com' recipient_domain = domain file = os.path.join(unittestsetup.TESTDATADIR, "empty_from_to.eml") suspect = Suspect('sender@%s' % envelope_sender_domain, 'recipient@%s' % recipient_domain, file) response = candidate.examine(suspect) self.assertEqual(response, (REJECT, 'spearphish'), ' spearphish should have been detected')
def test_multiline(self): """Check a multiline from header""" shouldcheck = [ 'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org' ] config = self._make_config(checkdomains=shouldcheck, virusaction='REJECT', rejectmessage='spearphish') candidate = SpearPhishPlugin(None) candidate.config = config domain = 'evil1.unittests.fuglu.org' envelope_sender_domain = 'example.com' recipient_domain = domain file = os.path.join(unittestsetup.TESTDATADIR, "from_subject_2lines.eml") suspect = Suspect('sender@%s' % envelope_sender_domain, 'recipient@%s' % recipient_domain, file) response = candidate.examine(suspect) self.assertEqual(response, (REJECT, 'spearphish'), ' spearphish should have been detected')