[Rules] Improve LEAKED_PASSWORD_SCAM detection

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua

index 3a78ec96997efbeed36c371a038603079fb02d27..9d5f2dd2b2038e958fedc682cf05620cec46d878 100644 (file)
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -61,14 +61,14 @@ reconf['HAS_ONION_URI'] = {
      group = 'experimental'
  }
  
-local password_in_words = [[/^password/i{words}]]
+local password_in_words = [[/^pass(?:(?:word)|(?:phrase))/i{words}]]
  local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
  local wallet_word = [[/^wallet$/i{words}]]
  local broken_unicode = [[has_flag(bad_unicode)]]
  
  reconf['LEAKED_PASSWORD_SCAM'] = {
-  re = string.format('%s & %s & (%s | %s)',
-      password_in_words, btc_wallet_address, wallet_word, broken_unicode),
+  re = string.format('%s & (%s | %s | %s)',
+      btc_wallet_address, password_in_words, wallet_word, broken_unicode),
    description = 'Contains password word and BTC wallet address',
    score = 7.0,
    group = 'scams'
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 11 Jan 2019 17:41:22 +0000 (17:41 +0000)