diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-19 12:13:48 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-19 12:13:48 +0100 |
commit | 84384ae4e65ff85b0feedd00ec27506dd5b9dbc7 (patch) | |
tree | 5c4297d39f425afbfd07b037daf42ae80a6bf431 | |
parent | 90fb3cc2868a3ee4d5995aefb71fb6d66b450edf (diff) | |
download | rspamd-84384ae4e65ff85b0feedd00ec27506dd5b9dbc7.tar.gz rspamd-84384ae4e65ff85b0feedd00ec27506dd5b9dbc7.zip |
[Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
-rw-r--r-- | conf/composites.conf | 8 | ||||
-rw-r--r-- | rules/regexp/misc.lua | 14 |
2 files changed, 13 insertions, 9 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index 37b1c3da9..2204f1e71 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -148,7 +148,13 @@ composites { score = 0.0; policy = "remove_weight"; } - + LEAKED_PASSWORD_SCAM { + description = "Contains BTC wallet address and scam patterns"; + expression = "BITCOIN_ADDR & (LEAKED_PASSWORD_SCAM_RE | R_MIXED_CHARSET | R_EMPTY_IMAGE)"; + policy = "leave"; + score = 7.0; + group = "scams"; + } .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index 98380d97f..2e497f877 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -66,19 +66,18 @@ local your_webcam = [[/webcam/{words}]] local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]] local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]] local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]] -local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]] local wallet_word = [[/^wallet$/{words}]] local broken_unicode = [[has_flag(bad_unicode)]] local list_unsub = [[header_exists(List-Unsubscribe)]] local x_php_origin = [[header_exists(X-PHP-Originating-Script)]] -reconf['LEAKED_PASSWORD_SCAM'] = { - re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)', +reconf['LEAKED_PASSWORD_SCAM_RE'] = { + re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)', btc_wallet_address, password_in_words, wallet_word, my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images', - list_unsub, x_php_origin, mixed_charset), - description = 'Contains password word and BTC wallet address', + list_unsub, x_php_origin), + description = 'Contains BTC wallet address and malicious regexps', functions = { check_data_images = function(task) local tp = task:get_text_parts() or {} @@ -96,9 +95,8 @@ reconf['LEAKED_PASSWORD_SCAM'] = { return false end }, - score = 7.0, + score = 0.0, group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET')
\ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file |