Updating tastes

configs/python/backend/backend.yaml

@@ -1,4 +1,4 @@
-version: 2024.02.01.01
+version: 2024.04.02.01
 logging_cfg: '/etc/strelka/logging.yaml'
 limits:
   max_files: 5000
@@ -107,6 +107,7 @@ scanners:
           - 'application/vnd.ms-outlook'
           - 'message/rfc822'
           - 'email_file'
+          - 'email_file_broad'
       priority: 5
       options:
         create_thumbnail: True

configs/python/backend/taste/taste.yara

@@ -464,6 +464,23 @@ rule email_file {
         $e in (0..2048)
 }
 
+rule email_file_broad
+{
+    meta:
+        type = "email"
+    strings:
+        $ = "Received: "
+        $ = "Origin-messageId: "
+        $ = "Return-Path: "
+        $ = "From: "
+        $ = "To: "
+        $ = "Subject: "
+        $ = "Date: "
+    condition:
+        magic.mime_type() == "message/rfc822" or
+        all of them
+}
+
 rule tnef_file {
     meta:
         description = "Transport Neutral Encapsulation Format"