Browse Source

[Rules] Use bad_unicode flag for LEAKED_PASSWORD_SCAM rule

Issue: #2649
tags/1.8.3
Vsevolod Stakhov 5 years ago
parent
commit
3f147877af
2 changed files with 5 additions and 5 deletions
  1. 4
    4
      rules/regexp/misc.lua
  2. 1
    1
      src/libmime/mime_expressions.c

+ 4
- 4
rules/regexp/misc.lua View File

@@ -61,14 +61,14 @@ reconf['HAS_ONION_URI'] = {
group = 'experimental'
}

local password_in_subject = [[Subject=/\bpassword\b/i]]
local password_in_body = [[/\bpassword\b/i{sa_body}]]
local password_in_words = [[/^password/i{words}]]
local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
local wallet_word = [[/^wallet$/i{words}]]
local broken_unicode = [[has_flag(bad_unicode)]]

reconf['LEAKED_PASSWORD_SCAM'] = {
re = string.format('(%s | %s) & %s & %s', password_in_subject,
password_in_body, btc_wallet_address, wallet_word),
re = string.format('%s & %s & (%s | %s)',
password_in_words, btc_wallet_address, wallet_word, broken_unicode),
description = 'Contains password word and BTC wallet address',
score = 7.0,
group = 'scams'

+ 1
- 1
src/libmime/mime_expressions.c View File

@@ -151,6 +151,7 @@ static struct _fl {
{"has_content_part", rspamd_has_content_part, NULL},
{"has_content_part_len", rspamd_has_content_part_len, NULL},
{"has_fake_html", rspamd_has_fake_html, NULL},
{"has_flag", rspamd_has_flag_expr, NULL},
{"has_html_tag", rspamd_has_html_tag, NULL},
{"has_only_html_part", rspamd_has_only_html_part, NULL},
{"header_exists", rspamd_header_exists, NULL},
@@ -158,7 +159,6 @@ static struct _fl {
{"is_html_balanced", rspamd_is_html_balanced, NULL},
{"is_recipients_sorted", rspamd_is_recipients_sorted, NULL},
{"raw_header_exists", rspamd_raw_header_exists, NULL},
{"has_flag", rspamd_has_flag_expr, NULL},
};

const struct rspamd_atom_subr mime_expr_subr = {

Loading…
Cancel
Save