summaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-10-29 16:51:39 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-10-29 16:51:39 +0000
commit80928e500cca36a6bd4901b3aca50d6515674b61 (patch)
tree25e088544b1d57983323b315e1246a021c923ab0 /rules
parent34f0b5587e72a7f77425d9faccac8b03b363fdcc (diff)
downloadrspamd-80928e500cca36a6bd4901b3aca50d6515674b61.tar.gz
rspamd-80928e500cca36a6bd4901b3aca50d6515674b61.zip
[Rules] Add LEAKED_PASSWORD_SCAM rule
Diffstat (limited to 'rules')
-rw-r--r--rules/regexp/misc.lua12
1 files changed, 12 insertions, 0 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index b9e1b0e6d..846cb5ee5 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -60,3 +60,15 @@ reconf['HAS_ONION_URI'] = {
score = 0.0,
group = 'experimental'
}
+
+local password_in_subject = [[Subject=/\bpassword\b/i]]
+local password_in_body = [[/\bpassword\b/i{sa_body}]]
+local btc_wallet = [[/\b[13][0-9a-zA-Z]{25,34}\b/{sa_body}]]
+
+reconf['LEAKED_PASSWORD_SCAM'] = {
+ re = string.format('(%s | %s) & %s', password_in_subject,
+ password_in_body, btc_wallet),
+ description = 'Contains password word and BTC wallet address',
+ score = 5.0,
+ group = 'scams'
+} \ No newline at end of file