File size: 2,122 Bytes
06e04c9
 
 
734dc8c
 
 
 
 
 
88a3de2
734dc8c
 
 
 
 
06e04c9
 
 
07d9eff
 
 
 
 
 
 
 
 
 
 
 
 
734dc8c
88a3de2
734dc8c
 
 
 
07d9eff
734dc8c
 
 
 
88a3de2
 
 
 
 
734dc8c
 
07d9eff
734dc8c
 
 
07d9eff
734dc8c
 
 
07d9eff
734dc8c
88a3de2
d685f1a
 
07d9eff
d685f1a
 
 
 
 
 
 
 
734dc8c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# scoring_engine.py

def compute_final_score(
    *,
    header_score: int,
    body_score: int,
    url_score: int,
    attachment_score: int,
    behavior_score: int,
    behavior_attack: str,
    header_findings: list,
    body_findings: list,
    url_findings: list,
    attachment_findings: list,
    auth_results: dict,
):
    reasoning = []

    # -------------------------
    # NORMALIZE INPUTS (πŸ”₯ FIX)
    # -------------------------
    attack = (behavior_attack or "").strip().lower()

    # -------------------------
    # πŸ”₯ HARD BEHAVIOR OVERRIDE
    # -------------------------
    if attack == "sextortion":
        reasoning.append("Sextortion behavior detected β†’ authoritative override")
        reasoning.append("Behavioral confidence supersedes heuristics")
        return 90, "🚨 Malicious", reasoning

    # -------------------------
    # BASE WEIGHTED SCORE
    # -------------------------
    final_score = (
        header_score * 0.20 +
        body_score * 0.25 +
        behavior_score * 0.30 +
        url_score * 0.15 +
        attachment_score * 0.10
    )

    reasoning.append(f"Header contribution: {header_score * 0.20:.1f}")
    reasoning.append(f"Body contribution: {body_score * 0.25:.1f}")
    reasoning.append(f"Behavior contribution: {behavior_score * 0.30:.1f}")
    reasoning.append(f"URL contribution: {url_score * 0.15:.1f}")
    reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}")

    # -------------------------
    # AUTHENTICATION BOOST
    # -------------------------
    if auth_results.get("dmarc") == "fail":
        final_score += 10
        reasoning.append("DMARC failed β†’ +10")

    if auth_results.get("spf") == "fail":
        final_score += 5
        reasoning.append("SPF failed β†’ +5")

    final_score = min(int(final_score), 100)

    # -------------------------
    # VERDICT
    # -------------------------
    if final_score >= 70:
        verdict = "🚨 Malicious"
    elif final_score >= 40:
        verdict = "⚠️ Suspicious"
    else:
        verdict = "βœ… Safe"

    return final_score, verdict, reasoning