diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-01-15 12:50:43 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-01-15 12:50:43 +0000 |
commit | 22a0948a357a7cc7dc9fd393eac686b743791626 (patch) | |
tree | ede3eab8a504b3d28201b3ab79a66197a5367bc9 | |
parent | 48db96cdcb93d2495dc3b550056aa9bdfbbd0a60 (diff) | |
download | rspamd-22a0948a357a7cc7dc9fd393eac686b743791626.tar.gz rspamd-22a0948a357a7cc7dc9fd393eac686b743791626.zip |
[Rules] LEAKED_PASSWORD_SCAM: Improve images scam detection
-rw-r--r-- | rules/regexp/misc.lua | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index 9d5f2dd2b..56e63cd7b 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -67,9 +67,26 @@ local wallet_word = [[/^wallet$/i{words}]] local broken_unicode = [[has_flag(bad_unicode)]] reconf['LEAKED_PASSWORD_SCAM'] = { - re = string.format('%s & (%s | %s | %s)', + re = string.format('%s & (%s | %s | %s | lua:check_data_images)', btc_wallet_address, password_in_words, wallet_word, broken_unicode), description = 'Contains password word and BTC wallet address', + functions = { + check_data_images = function(task) + local tp = task:get_text_parts() or {} + + for _,p in ipairs(tp) do + if p:is_html() then + local hc = p:get_html() + + if hc and hc:has_property('data_urls') then + return true + end + end + end + + return false + end + }, score = 7.0, group = 'scams' }
\ No newline at end of file |