aboutsummaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-09-18 16:25:59 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-09-18 16:25:59 +0100
commit601825e42a01cc5c2c2b15199468e91b7a225f18 (patch)
treedd1a3ebcb143dfc2399a4b1441bab9e80820ff7d /rules
parent4839327399dc15a6bba1056027feb8d2def0a26a (diff)
downloadrspamd-601825e42a01cc5c2c2b15199468e91b7a225f18.tar.gz
rspamd-601825e42a01cc5c2c2b15199468e91b7a225f18.zip
[Minor] Improve LEAKED_PASSWORD_SCAM
Diffstat (limited to 'rules')
-rw-r--r--rules/regexp/misc.lua11
1 files changed, 7 insertions, 4 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 867b700c1..98380d97f 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -66,16 +66,18 @@ local your_webcam = [[/webcam/{words}]]
local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]]
local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]]
local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]]
+local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]]
local wallet_word = [[/^wallet$/{words}]]
local broken_unicode = [[has_flag(bad_unicode)]]
local list_unsub = [[header_exists(List-Unsubscribe)]]
local x_php_origin = [[header_exists(X-PHP-Originating-Script)]]
reconf['LEAKED_PASSWORD_SCAM'] = {
- re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)',
+ re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)',
btc_wallet_address, password_in_words, wallet_word,
- my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images',
- list_unsub, x_php_origin),
+ my_victim, your_webcam, your_onan,
+ broken_unicode, 'lua:check_data_images',
+ list_unsub, x_php_origin, mixed_charset),
description = 'Contains password word and BTC wallet address',
functions = {
check_data_images = function(task)
@@ -98,4 +100,5 @@ reconf['LEAKED_PASSWORD_SCAM'] = {
group = 'scams'
}
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') \ No newline at end of file
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET') \ No newline at end of file