@@ -60,3 +60,15 @@ reconf['HAS_ONION_URI'] = { | |||
score = 0.0, | |||
group = 'experimental' | |||
} | |||
local password_in_subject = [[Subject=/\bpassword\b/i]] | |||
local password_in_body = [[/\bpassword\b/i{sa_body}]] | |||
local btc_wallet = [[/\b[13][0-9a-zA-Z]{25,34}\b/{sa_body}]] | |||
reconf['LEAKED_PASSWORD_SCAM'] = { | |||
re = string.format('(%s | %s) & %s', password_in_subject, | |||
password_in_body, btc_wallet), | |||
description = 'Contains password word and BTC wallet address', | |||
score = 5.0, | |||
group = 'scams' | |||
} |