From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 2 Jun 2023 10:02:19 +0000 (+0000) Subject: [Minor] Improve HACKED_WP_PHISHING coverage X-Git-Tag: 3.6~86^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F4506%2Fhead;p=rspamd.git [Minor] Improve HACKED_WP_PHISHING coverage --- diff --git a/conf/composites.conf b/conf/composites.conf index 19a2187e6..efb287207 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -66,7 +66,7 @@ composites { policy = "remove_weight"; } HACKED_WP_PHISHING { - expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; + expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; description = "Phish message sent by hacked Wordpress instance"; policy = "leave"; } diff --git a/conf/scores.d/phishing_group.conf b/conf/scores.d/phishing_group.conf index 5ee7374a1..24d0ad596 100644 --- a/conf/scores.d/phishing_group.conf +++ b/conf/scores.d/phishing_group.conf @@ -35,7 +35,7 @@ symbols = { } HACKED_WP_PHISHING { weight = 4.5; - description = "Phishing message from hacked wordpress"; + description = "Phish message sent by hacked Wordpress instance"; } REDIRECTOR_FALSE { weight = 0.0; @@ -50,4 +50,4 @@ symbols = { weight = 0.0; description = "Phishing exclusion symbol for known exceptions"; } -} \ No newline at end of file +}