@@ -61,14 +61,14 @@ reconf['HAS_ONION_URI'] = { | |||
group = 'experimental' | |||
} | |||
local password_in_subject = [[Subject=/\bpassword\b/i]] | |||
local password_in_body = [[/\bpassword\b/i{sa_body}]] | |||
local password_in_words = [[/^password/i{words}]] | |||
local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]] | |||
local wallet_word = [[/^wallet$/i{words}]] | |||
local broken_unicode = [[has_flag(bad_unicode)]] | |||
reconf['LEAKED_PASSWORD_SCAM'] = { | |||
re = string.format('(%s | %s) & %s & %s', password_in_subject, | |||
password_in_body, btc_wallet_address, wallet_word), | |||
re = string.format('%s & %s & (%s | %s)', | |||
password_in_words, btc_wallet_address, wallet_word, broken_unicode), | |||
description = 'Contains password word and BTC wallet address', | |||
score = 7.0, | |||
group = 'scams' |
@@ -151,6 +151,7 @@ static struct _fl { | |||
{"has_content_part", rspamd_has_content_part, NULL}, | |||
{"has_content_part_len", rspamd_has_content_part_len, NULL}, | |||
{"has_fake_html", rspamd_has_fake_html, NULL}, | |||
{"has_flag", rspamd_has_flag_expr, NULL}, | |||
{"has_html_tag", rspamd_has_html_tag, NULL}, | |||
{"has_only_html_part", rspamd_has_only_html_part, NULL}, | |||
{"header_exists", rspamd_header_exists, NULL}, | |||
@@ -158,7 +159,6 @@ static struct _fl { | |||
{"is_html_balanced", rspamd_is_html_balanced, NULL}, | |||
{"is_recipients_sorted", rspamd_is_recipients_sorted, NULL}, | |||
{"raw_header_exists", rspamd_raw_header_exists, NULL}, | |||
{"has_flag", rspamd_has_flag_expr, NULL}, | |||
}; | |||
const struct rspamd_atom_subr mime_expr_subr = { |