diff options
author | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-06-02 10:02:19 +0000 |
---|---|---|
committer | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2023-06-02 10:02:19 +0000 |
commit | 6a9bb3606bb8371ff799dc95cfca49277d2a3cfe (patch) | |
tree | 402ea767af210062c215858c9a2c5c0fe3946783 /conf/composites.conf | |
parent | eb001dce519558f4b14c6a0bd044f762ce804b09 (diff) | |
download | rspamd-6a9bb3606bb8371ff799dc95cfca49277d2a3cfe.tar.gz rspamd-6a9bb3606bb8371ff799dc95cfca49277d2a3cfe.zip |
[Minor] Improve HACKED_WP_PHISHING coverage
Diffstat (limited to 'conf/composites.conf')
-rw-r--r-- | conf/composites.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index 19a2187e6..efb287207 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -66,7 +66,7 @@ composites { policy = "remove_weight"; } HACKED_WP_PHISHING { - expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; + expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)"; description = "Phish message sent by hacked Wordpress instance"; policy = "leave"; } |