aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-09-19 12:13:48 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-09-19 12:13:48 +0100
commit84384ae4e65ff85b0feedd00ec27506dd5b9dbc7 (patch)
tree5c4297d39f425afbfd07b037daf42ae80a6bf431
parent90fb3cc2868a3ee4d5995aefb71fb6d66b450edf (diff)
downloadrspamd-84384ae4e65ff85b0feedd00ec27506dd5b9dbc7.tar.gz
rspamd-84384ae4e65ff85b0feedd00ec27506dd5b9dbc7.zip
[Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
-rw-r--r--conf/composites.conf8
-rw-r--r--rules/regexp/misc.lua14
2 files changed, 13 insertions, 9 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index 37b1c3da9..2204f1e71 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -148,7 +148,13 @@ composites {
score = 0.0;
policy = "remove_weight";
}
-
+ LEAKED_PASSWORD_SCAM {
+ description = "Contains BTC wallet address and scam patterns";
+ expression = "BITCOIN_ADDR & (LEAKED_PASSWORD_SCAM_RE | R_MIXED_CHARSET | R_EMPTY_IMAGE)";
+ policy = "leave";
+ score = 7.0;
+ group = "scams";
+ }
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 98380d97f..2e497f877 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -66,19 +66,18 @@ local your_webcam = [[/webcam/{words}]]
local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]]
local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]]
local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]]
-local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]]
local wallet_word = [[/^wallet$/{words}]]
local broken_unicode = [[has_flag(bad_unicode)]]
local list_unsub = [[header_exists(List-Unsubscribe)]]
local x_php_origin = [[header_exists(X-PHP-Originating-Script)]]
-reconf['LEAKED_PASSWORD_SCAM'] = {
- re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)',
+reconf['LEAKED_PASSWORD_SCAM_RE'] = {
+ re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)',
btc_wallet_address, password_in_words, wallet_word,
my_victim, your_webcam, your_onan,
broken_unicode, 'lua:check_data_images',
- list_unsub, x_php_origin, mixed_charset),
- description = 'Contains password word and BTC wallet address',
+ list_unsub, x_php_origin),
+ description = 'Contains BTC wallet address and malicious regexps',
functions = {
check_data_images = function(task)
local tp = task:get_text_parts() or {}
@@ -96,9 +95,8 @@ reconf['LEAKED_PASSWORD_SCAM'] = {
return false
end
},
- score = 7.0,
+ score = 0.0,
group = 'scams'
}
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET') \ No newline at end of file
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') \ No newline at end of file