[Rules] Improve LEAKED_PASSWORD_SCAM detection

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-01-11 17:41:22 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-01-11 17:41:22 +0000
commit: 15bb41399416edd2bad85cfb3295700925f2a91d (patch)
tree: e713d54f7eb1d1cae53506faf95d6b87a57acb83 /rules
parent: e5cc4ac8c61d0cb688bf14ddf57bde31deff6fbc (diff)
download: rspamd-15bb41399416edd2bad85cfb3295700925f2a91d.tar.gz
rspamd-15bb41399416edd2bad85cfb3295700925f2a91d.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 3a78ec969..9d5f2dd2b 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -61,14 +61,14 @@ reconf['HAS_ONION_URI'] = {
     group = 'experimental'
 }
 
-local password_in_words = [[/^password/i{words}]]
+local password_in_words = [[/^pass(?:(?:word)|(?:phrase))/i{words}]]
 local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
 local wallet_word = [[/^wallet$/i{words}]]
 local broken_unicode = [[has_flag(bad_unicode)]]
 
 reconf['LEAKED_PASSWORD_SCAM'] = {
-  re = string.format('%s & %s & (%s | %s)',
-      password_in_words, btc_wallet_address, wallet_word, broken_unicode),
+  re = string.format('%s & (%s | %s | %s)',
+      btc_wallet_address, password_in_words, wallet_word, broken_unicode),
   description = 'Contains password word and BTC wallet address',
   score = 7.0,
   group = 'scams'
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-01-11 17:41:22 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-01-11 17:41:22 +0000
commit	15bb41399416edd2bad85cfb3295700925f2a91d (patch)
tree	e713d54f7eb1d1cae53506faf95d6b87a57acb83 /rules
parent	e5cc4ac8c61d0cb688bf14ddf57bde31deff6fbc (diff)
download	rspamd-15bb41399416edd2bad85cfb3295700925f2a91d.tar.gz rspamd-15bb41399416edd2bad85cfb3295700925f2a91d.zip