aboutsummaryrefslogtreecommitdiffstats
path: root/conf/composites.conf
diff options
context:
space:
mode:
authortwesterhever <40121680+twesterhever@users.noreply.github.com>2023-06-02 10:02:19 +0000
committertwesterhever <40121680+twesterhever@users.noreply.github.com>2023-06-02 10:02:19 +0000
commit6a9bb3606bb8371ff799dc95cfca49277d2a3cfe (patch)
tree402ea767af210062c215858c9a2c5c0fe3946783 /conf/composites.conf
parenteb001dce519558f4b14c6a0bd044f762ce804b09 (diff)
downloadrspamd-6a9bb3606bb8371ff799dc95cfca49277d2a3cfe.tar.gz
rspamd-6a9bb3606bb8371ff799dc95cfca49277d2a3cfe.zip
[Minor] Improve HACKED_WP_PHISHING coverage
Diffstat (limited to 'conf/composites.conf')
-rw-r--r--conf/composites.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf
index 19a2187e6..efb287207 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -66,7 +66,7 @@ composites {
policy = "remove_weight";
}
HACKED_WP_PHISHING {
- expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
+ expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
description = "Phish message sent by hacked Wordpress instance";
policy = "leave";
}