diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-03-09 15:38:02 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-03-09 15:38:20 +0000 |
| commit | d10012653e3fc6447461b7920fef24eca2985b00 (patch) | |
| tree | 6364431725fe9f1945b3a7acbb89eae8770dedf1 /conf | |
| parent | 430fafa6ebd713ee20d94119951412fba182cb21 (diff) | |
| download | rspamd-d10012653e3fc6447461b7920fef24eca2985b00.tar.gz rspamd-d10012653e3fc6447461b7920fef24eca2985b00.zip | |
[Conf] Add composite for hacked wordpress phishing
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/composites.conf | 4 | ||||
| -rw-r--r-- | conf/metrics.conf | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index 288b08d58..9565ae489 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -57,6 +57,10 @@ composites { MAIL_RU_MAILER_BASE64 { expression = "MAIL_RU_MAILER & (FROM_EXCESS_BASE64 | REPLYTO_EXCESS_BASE64 | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)"; } + HACKED_WP_PHISHING { + expression = "HAS_X_POS & HAS_WP_URI & PHISHING"; + policy = "leave"; + } .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" diff --git a/conf/metrics.conf b/conf/metrics.conf index a8eff289c..bc39a7925 100644 --- a/conf/metrics.conf +++ b/conf/metrics.conf @@ -424,6 +424,10 @@ metric { weight = 7.0; description = "Phished URL found in phishtank.com"; } + symbol HACKED_WP_PHISHING { + weight = 4.5; + description = "Phishing message from hacked wordpress"; + } } group "hfilter" { |