group = 'experimental'
}
-local password_in_subject = [[Subject=/\bpassword\b/i]]
-local password_in_body = [[/\bpassword\b/i{sa_body}]]
+local password_in_words = [[/^password/i{words}]]
local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
local wallet_word = [[/^wallet$/i{words}]]
+local broken_unicode = [[has_flag(bad_unicode)]]
reconf['LEAKED_PASSWORD_SCAM'] = {
- re = string.format('(%s | %s) & %s & %s', password_in_subject,
- password_in_body, btc_wallet_address, wallet_word),
+ re = string.format('%s & %s & (%s | %s)',
+ password_in_words, btc_wallet_address, wallet_word, broken_unicode),
description = 'Contains password word and BTC wallet address',
score = 7.0,
group = 'scams'
{"has_content_part", rspamd_has_content_part, NULL},
{"has_content_part_len", rspamd_has_content_part_len, NULL},
{"has_fake_html", rspamd_has_fake_html, NULL},
+ {"has_flag", rspamd_has_flag_expr, NULL},
{"has_html_tag", rspamd_has_html_tag, NULL},
{"has_only_html_part", rspamd_has_only_html_part, NULL},
{"header_exists", rspamd_header_exists, NULL},
{"is_html_balanced", rspamd_is_html_balanced, NULL},
{"is_recipients_sorted", rspamd_is_recipients_sorted, NULL},
{"raw_header_exists", rspamd_raw_header_exists, NULL},
- {"has_flag", rspamd_has_flag_expr, NULL},
};
const struct rspamd_atom_subr mime_expr_subr = {
projects / rspamd.git / commitdiff