[Minor] Fix FORGED_X_PHP_SCRIPT1

- Narrow regex match - Fix syntax error - Fix comparison - Reduce scoring: worried this could match something real
author: Andrew Lewis <nerf@judo.za.org> 2016-10-08 11:44:55 +0200
committer: Andrew Lewis <nerf@judo.za.org> 2016-10-08 11:44:55 +0200
commit: 6b3132754f11016c3e853380b8f8e15253c235c7 (patch)
tree: 325f0c4208f5a31216f9394d8cd58303e15cf883 /rules
parent: dabff7600bd0ae0cfb7d196eec83096bf0e38f25 (diff)
download: rspamd-6b3132754f11016c3e853380b8f8e15253c235c7.tar.gz
rspamd-6b3132754f11016c3e853380b8f8e15253c235c7.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/rules/misc.lua b/rules/misc.lua
index 60277c409..27003ce21 100644
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -404,16 +404,16 @@ rspamd_config.FORGED_X_PHP_SCRIPT1 = {
   callback = function (task)
     local hdr = task:get_header('X-PHP-Script', true)
     if not hdr then return end
-    local re_txt = ' for (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}), (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})'
+    local re_txt = ' for (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}), (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$)'
     local re = rspamd_regexp.get_cached(re_txt)
     if not re then
       re = rspamd_regexp.create_cached(re_txt)
     end
     local m = re:search(hdr, true, true)
-    if not m and m[2] and m[3] then return end
-    return m[2] == m[3]
+    if not m then return end
+    return m[1][2] == m[1][3]
   end,
-  score = 4.0,
+  score = 1.0,
   description = 'X-PHP-Script header appears forged',
   group = 'header'
 }
author	Andrew Lewis <nerf@judo.za.org>	2016-10-08 11:44:55 +0200
committer	Andrew Lewis <nerf@judo.za.org>	2016-10-08 11:44:55 +0200
commit	6b3132754f11016c3e853380b8f8e15253c235c7 (patch)
tree	325f0c4208f5a31216f9394d8cd58303e15cf883 /rules
parent	dabff7600bd0ae0cfb7d196eec83096bf0e38f25 (diff)
download	rspamd-6b3132754f11016c3e853380b8f8e15253c235c7.tar.gz rspamd-6b3132754f11016c3e853380b8f8e15253c235c7.zip