[Rules] Reduce FP rate for LEAKE_PASSWORD_SCAM rule

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua

index 846cb5ee53912b7c4776db021c6899a099e575ba..7df011320438085f7f873f72929229050fba74e9 100644 (file)
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -63,7 +63,7 @@ reconf['HAS_ONION_URI'] = {
  
  local password_in_subject = [[Subject=/\bpassword\b/i]]
  local password_in_body = [[/\bpassword\b/i{sa_body}]]
-local btc_wallet = [[/\b[13][0-9a-zA-Z]{25,34}\b/{sa_body}]]
+local btc_wallet = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
  
  reconf['LEAKED_PASSWORD_SCAM'] = {
    re = string.format('(%s | %s) & %s', password_in_subject,
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 12 Nov 2018 11:16:58 +0000 (11:16 +0000)