Checks/check-ORCA102.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
using module "..\ORCA.psm1"

class ORCA102 : ORCACheck
{
    <#
     
        CONSTRUCTOR with Check Header Data
     
    #>


    ORCA102()
    {
        $this.Control="ORCA-102"
        $this.Area="Anti-Spam Policies"
        $this.Name="Advanced Spam Filter (ASF)"
        $this.PassText="Advanced Spam filter options are turned off"
        $this.FailRecommendation="Turn off Advanced Spam filter (ASF) options in Anti-Spam filter policies"
        $this.Importance="Settings in the Advanced Spam Filter (ASF) are currently being deprecated. It is recommended to disable ASF settings."
        $this.ExpandResults=$True
        $this.CheckType=[CheckType]::ObjectPropertyValue
        $this.ObjectType="Policy"
        $this.ItemName="Setting"
        $this.DataType="Current Value"
        $this.ChiValue=[ORCACHI]::Low
        $this.Links= @{
            "Security & Compliance Center - Anti-spam settings"="https://protection.office.com/antispam"
            "Recommended settings for EOP and Office 365 ATP security"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp#anti-spam-anti-malware-and-anti-phishing-protection-in-eop"
        }
    }

    <#
     
        RESULTS
     
    #>


    GetResults($Config)
    {
        ForEach($Policy in $Config["HostedContentFilterPolicy"]) {
            # Determine if ASF options are off or not
            If($Policy.IncreaseScoreWithImageLinks -eq "On" -or $Policy.IncreaseScoreWithNumericIps -eq "On" -or $Policy.IncreaseScoreWithRedirectToOtherPort -eq "On" -or $Policy.IncreaseScoreWithBizOrInfoUrls -eq "On" -or $Policy.MarkAsSpamEmptyMessages -eq "On" -or $Policy.MarkAsSpamJavaScriptInHtml -eq "On" -or $Policy.MarkAsSpamFramesInHtml -eq "On" -or $Policy.MarkAsSpamObjectTagsInHtml -eq "On" -or $Policy.MarkAsSpamEmbedTagsInHtml -eq "On" -or $Policy.MarkAsSpamFormTagsInHtml -eq "On" -or $Policy.MarkAsSpamWebBugsInHtml -eq "On" -or $Policy.MarkAsSpamSensitiveWordList -eq "On" -or $Policy.MarkAsSpamFromAddressAuthFail -eq "On" -or $Policy.MarkAsSpamNdrBackscatter -eq "On" -or $Policy.MarkAsSpamSpfRecordHardFail -eq "On") {
                If($Policy.IncreaseScoreWithImageLinks -eq "On") {

                    $ConfigObject = [ORCACheckConfig]::new()

                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="IncreaseScoreWithImageLinks"
                    $ConfigObject.ConfigData=$($Policy.IncreaseScoreWithImageLinks)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.IncreaseScoreWithNumericIps -eq "On") 
                {

                    $ConfigObject = [ORCACheckConfig]::new()

                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="IncreaseScoreWithNumericIps"
                    $ConfigObject.ConfigData=$($Policy.IncreaseScoreWithNumericIps)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.IncreaseScoreWithRedirectToOtherPort -eq "On") 
                {

                    $ConfigObject = [ORCACheckConfig]::new()

                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="IncreaseScoreWithRedirectToOtherPort"
                    $ConfigObject.ConfigData=$($Policy.IncreaseScoreWithRedirectToOtherPort)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.IncreaseScoreWithBizOrInfoUrls -eq "On") 
                {

                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="IncreaseScoreWithBizOrInfoUrls"
                    $ConfigObject.ConfigData=$($Policy.IncreaseScoreWithBizOrInfoUrls)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamEmptyMessages -eq "On") 
                {

                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamEmptyMessages"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamEmptyMessages)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamJavaScriptInHtml -eq "On") 
                {
                    
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamJavaScriptInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamJavaScriptInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamFramesInHtml -eq "On") {
                                        
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamFramesInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamFramesInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamObjectTagsInHtml -eq "On") 
                {
                                                            
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamObjectTagsInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamObjectTagsInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamEmbedTagsInHtml -eq "On") 
                {
                                                                                
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamEmbedTagsInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamEmbedTagsInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamFormTagsInHtml -eq "On") 
                {
                                                                                                    
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamFormTagsInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamFormTagsInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamWebBugsInHtml -eq "On") 
                {
                                                                                                                        
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamWebBugsInHtml"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamWebBugsInHtml)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamSensitiveWordList -eq "On") 
                {
                                                                                                                                      
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamSensitiveWordList"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamSensitiveWordList)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamFromAddressAuthFail -eq "On") 
                {
                                                                                                                                                          
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamFromAddressAuthFail"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamFromAddressAuthFail)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamNdrBackscatter -eq "On") 
                {
                                                                                                                                                                              
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamNdrBackscatter"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamNdrBackscatter)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
                If ($Policy.MarkAsSpamSpfRecordHardFail -eq "On") 
                {
                                                                                                                                                                             
                    $ConfigObject = [ORCACheckConfig]::new()
                    
                    $ConfigObject.Object=$($Policy.Name)
                    $ConfigObject.ConfigItem="MarkAsSpamSpfRecordHardFail"
                    $ConfigObject.ConfigData=$($Policy.MarkAsSpamSpfRecordHardFail)
                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")

                    $this.AddConfig($ConfigObject)

                }
    
            }
            else 
            {
                                                                                                                                                                        
                $ConfigObject = [ORCACheckConfig]::new()
                    
                $ConfigObject.Object=$($Policy.Name)
                $ConfigObject.ConfigItem="ASF Options"
                $ConfigObject.ConfigData="Disabled"
                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")

                $this.AddConfig($ConfigObject)

            }
        }        

    }

}