[Minor] Improve HACKED_WP_PHISHING coverage

diff --git a/conf/composites.conf b/conf/composites.conf
index 19a2187e6ea0e0e9fc1ce8abefe4b0a8b402e77b..efb287207270d1d402cddfef5516988ad5f1b8b5 100644 (file)
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -66,7 +66,7 @@ composites {
     policy = "remove_weight";
   }
   HACKED_WP_PHISHING {
-    expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
+    expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
     description = "Phish message sent by hacked Wordpress instance";
     policy = "leave";
   }

diff --git a/conf/scores.d/phishing_group.conf b/conf/scores.d/phishing_group.conf
index 5ee7374a1582d41a73c63eada764b27444e5dd2d..24d0ad5966c3ef7964b01a3f1f54403bc7b1cb6e 100644 (file)
--- a/conf/scores.d/phishing_group.conf
+++ b/conf/scores.d/phishing_group.conf
@@ -35,7 +35,7 @@ symbols = {
     }
     HACKED_WP_PHISHING {
         weight = 4.5;
-        description = "Phishing message from hacked wordpress";
+        description = "Phish message sent by hacked Wordpress instance";
     }
     REDIRECTOR_FALSE {
         weight = 0.0;
@@ -50,4 +50,4 @@ symbols = {
         weight = 0.0;
         description = "Phishing exclusion symbol for known exceptions";
     }
-}
\ No newline at end of file
+}