]> source.dussan.org Git - rspamd.git/commitdiff
[Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Thu, 19 Sep 2019 11:13:48 +0000 (12:13 +0100)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Thu, 19 Sep 2019 11:13:48 +0000 (12:13 +0100)
conf/composites.conf
rules/regexp/misc.lua

index 37b1c3da98e0bd6cbdd1e7cba930ba7808444e5f..2204f1e713fafc965c2834ce2923f55d87c88aef 100644 (file)
@@ -148,7 +148,13 @@ composites {
     score = 0.0;
     policy = "remove_weight";
   }
-
+  LEAKED_PASSWORD_SCAM {
+    description = "Contains BTC wallet address and scam patterns";
+    expression = "BITCOIN_ADDR & (LEAKED_PASSWORD_SCAM_RE | R_MIXED_CHARSET | R_EMPTY_IMAGE)";
+    policy = "leave";
+    score = 7.0;
+    group = "scams";
+  }
 
   .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
   .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
index 98380d97fc9fb5ca7fc900c03ea80a69dfb7fc0b..2e497f877641c6e05d02660a7e76061028f8171d 100644 (file)
@@ -66,19 +66,18 @@ local your_webcam = [[/webcam/{words}]]
 local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]]
 local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]]
 local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]]
-local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]]
 local wallet_word = [[/^wallet$/{words}]]
 local broken_unicode = [[has_flag(bad_unicode)]]
 local list_unsub = [[header_exists(List-Unsubscribe)]]
 local x_php_origin = [[header_exists(X-PHP-Originating-Script)]]
 
-reconf['LEAKED_PASSWORD_SCAM'] = {
-  re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)',
+reconf['LEAKED_PASSWORD_SCAM_RE'] = {
+  re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)',
       btc_wallet_address, password_in_words, wallet_word,
       my_victim, your_webcam, your_onan,
       broken_unicode, 'lua:check_data_images',
-      list_unsub, x_php_origin, mixed_charset),
-  description = 'Contains password word and BTC wallet address',
+      list_unsub, x_php_origin),
+  description = 'Contains BTC wallet address and malicious regexps',
   functions = {
     check_data_images = function(task)
       local tp = task:get_text_parts() or {}
@@ -96,9 +95,8 @@ reconf['LEAKED_PASSWORD_SCAM'] = {
       return false
     end
   },
-  score = 7.0,
+  score = 0.0,
   group = 'scams'
 }
 
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET')
\ No newline at end of file
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file