diff --git a/modules/imap/handler_modules.php b/modules/imap/handler_modules.php index ca5b0f0489..36142578c8 100644 --- a/modules/imap/handler_modules.php +++ b/modules/imap/handler_modules.php @@ -854,7 +854,21 @@ public function process() { $msg['server_id'] = $form['imap_server_id']; $msg['server_name'] = $details['name']; $msg['folder'] = $form['folder']; - $msgs[] = $msg; + $uid = $msg['uid']; + $part = true; + $max = 87; + $msg_struct = $imap->get_message_structure($uid); + $struct = $imap->search_bodystructure($msg_struct, array('imap_part_number' => $part)); + $msg_struct_current = array_shift($struct); + $msg_text = $imap->get_message_content($uid, $part, $max, $msg_struct_current); + // remove line 858 to 863 when https://github.com/cypht-org/cypht/pull/1241 is merged + + $isValid = $this->validationMessage($msg['to'], $msg['subject'], $msg_text, $imap, $this->cache, $form['imap_server_id']); + if ($isValid) { + $msgs[] = $msg; + } else { + $msgs = []; + } } if ($imap->selected_mailbox) { $imap->selected_mailbox['detail']['exists'] = $total; @@ -868,6 +882,72 @@ public function process() { $this->out('do_not_flag_as_read_on_open', $this->user_config->get('unread_on_open_setting', false)); } } + public function validationMessage($email, $subject, $msg, $imap, $cache, $imap_server_id) { + // 1. Check Suspicious Terms or Requests + $suspiciousTerms = explode(",", $this->user_config->get("ceo_suspicious_terms_setting")); + if ($this->detectSuspiciousTerms($msg, $suspiciousTerms) || $this->detectSuspiciousTerms($subject, $suspiciousTerms)) { + // 2. check ceo_rate_limit + $amount = $this->extractAmountFromEmail($msg); + $amountLimit = $this->user_config->get("ceo_rate_limit_setting"); + if ($amount > $amountLimit) { + // 3. Check Sender's Email Address + $folder = "Suspicious emails"; + if (!count($imap->get_mailbox_status($folder))) { + $imap->create_mailbox($folder); + } + $server_id = $imap_server_id ."_". bin2hex($folder); + + if ($this->user_config->get("ceo_use_trusted_contact_setting")) { + $contacts = $this->get('contact_store'); + $contact_list = $contacts->getAll(); + $existingEmails = array_map(function($c){ + return $c->value('email_address'); + },$contact_list); + if (!$this->isValidateAddrEmail(array_values($existingEmails), $email)) { + // 4. action to execute implement here + imap_move_same_server($server_id, "move", $cache, $folder); + } + } else { + // 4. action to execute implement here + imap_move_same_server($server_id, "move", $cache, $folder); + } + return false; + } + return true; + } + } + private function detectSuspiciousTerms($msg, $suspiciousTerms) { + foreach ($suspiciousTerms as $phrase) { + if (stripos($msg, $phrase) !== false) { + return true; + } + } + + return false; + } + private function detectUnusualAmount($normalLimit, $amount) { + if ($amount > $normalLimit) { + return true; + } + return false; + } + private function isValidateAddrEmail($trustedDomain, $email) { + foreach ($trustedDomain as $e) { + if ($email === $e) { + return true; + } + } + return false; + } + private function extractAmountFromEmail($emailBody) { + $pattern = '/\b\d+(?:,\d+)?\.?\d*\s*(?:USD|dollars?|US\$?|EUR|euros?|€|JPY|yen|¥|GBP|pounds?|£|CAD|CAD\$|AUD|AUD\$)/i'; + + preg_match_all($pattern, $emailBody, $matches); + + if (count($matches[0]) > 0) { + return $matches[0][0]; + } + } } /** @@ -2194,3 +2274,19 @@ function process_move_messages_in_screen_email_enabled_callback($val) { return $ process_site_setting('move_messages_in_screen_email', $this, 'process_move_messages_in_screen_email_enabled_callback', true, true); } } + +/** + * Process setting_ceo_detection_fraud in the settings page + * @subpackage core/handler + */ +class Hm_Handler_process_setting_ceo_detection_fraud extends Hm_Handler_Module { + public function process() { + function process_ceo_use_trusted_contact_callback($val) { return $val; } + function process_ceo_suspicious_terms_callback($val) { return $val; } + function process_ceo_rate_limit_callback($val) { return $val; } + + process_site_setting('ceo_use_trusted_contact', $this, 'process_ceo_use_trusted_contact_callback'); + process_site_setting('ceo_suspicious_terms', $this, 'process_ceo_suspicious_terms_callback'); + process_site_setting('ceo_rate_limit', $this, 'process_ceo_rate_limit_callback'); + } +} diff --git a/modules/imap/output_modules.php b/modules/imap/output_modules.php index 273807b022..c9dcc3d40d 100644 --- a/modules/imap/output_modules.php +++ b/modules/imap/output_modules.php @@ -1470,3 +1470,40 @@ protected function output() { return $res; } } +class Hm_Output_setting_ceo_detection_fraud extends Hm_Output_Module { + protected function output() { + $settings = $this->get('user_settings', array()); + $ceo_use_trusted_contact = "checked"; + $ceo_suspicious_terms = "wire transfer, urgent, account details, payment instruction"; + $ceo_rate_limit = "100"; + if (array_key_exists('ceo_use_trusted_contact', $settings)) { + if ($settings['ceo_use_trusted_contact']) { + $ceo_use_trusted_contact = "checked"; + } else { + $ceo_use_trusted_contact = ""; + } + } + + if (array_key_exists('ceo_suspicious_terms', $settings) && $settings['ceo_suspicious_terms']) { + if ($settings['ceo_suspicious_terms']) { + $ceo_suspicious_terms = $settings['ceo_suspicious_terms']; + } + } + if (array_key_exists('ceo_rate_limit', $settings) && $settings['ceo_rate_limit']) { + if ($settings['ceo_rate_limit']) { + $ceo_rate_limit = $settings['ceo_rate_limit']; + } + } + + $res = '