From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 9 Mar 2017 15:38:02 +0000 (+0000)
Subject: [Conf] Add composite for hacked wordpress phishing
X-Git-Tag: 1.5.3~70
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d10012653e3fc6447461b7920fef24eca2985b00;p=rspamd.git

[Conf] Add composite for hacked wordpress phishing
---

diff --git a/conf/composites.conf b/conf/composites.conf
index 288b08d58..9565ae489 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -57,6 +57,10 @@ composites {
     MAIL_RU_MAILER_BASE64 {
         expression = "MAIL_RU_MAILER & (FROM_EXCESS_BASE64 | REPLYTO_EXCESS_BASE64 | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
     }
+    HACKED_WP_PHISHING {
+        expression = "HAS_X_POS & HAS_WP_URI & PHISHING";
+        policy = "leave";
+    }
 
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/conf/metrics.conf b/conf/metrics.conf
index a8eff289c..bc39a7925 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -424,6 +424,10 @@ metric {
             weight = 7.0;
             description = "Phished URL found in phishtank.com";
         }
+        symbol HACKED_WP_PHISHING {
+            weight = 4.5;
+            description = "Phishing message from hacked wordpress";
+        }
     }
 
     group "hfilter" {