diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-18 16:25:59 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-18 16:25:59 +0100 |
commit | 601825e42a01cc5c2c2b15199468e91b7a225f18 (patch) | |
tree | dd1a3ebcb143dfc2399a4b1441bab9e80820ff7d /rules | |
parent | 4839327399dc15a6bba1056027feb8d2def0a26a (diff) | |
download | rspamd-601825e42a01cc5c2c2b15199468e91b7a225f18.tar.gz rspamd-601825e42a01cc5c2c2b15199468e91b7a225f18.zip |
[Minor] Improve LEAKED_PASSWORD_SCAM
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/misc.lua | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index 867b700c1..98380d97f 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -66,16 +66,18 @@ local your_webcam = [[/webcam/{words}]] local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]] local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]] local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]] +local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]] local wallet_word = [[/^wallet$/{words}]] local broken_unicode = [[has_flag(bad_unicode)]] local list_unsub = [[header_exists(List-Unsubscribe)]] local x_php_origin = [[header_exists(X-PHP-Originating-Script)]] reconf['LEAKED_PASSWORD_SCAM'] = { - re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)', + re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)', btc_wallet_address, password_in_words, wallet_word, - my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images', - list_unsub, x_php_origin), + my_victim, your_webcam, your_onan, + broken_unicode, 'lua:check_data_images', + list_unsub, x_php_origin, mixed_charset), description = 'Contains password word and BTC wallet address', functions = { check_data_images = function(task) @@ -98,4 +100,5 @@ reconf['LEAKED_PASSWORD_SCAM'] = { group = 'scams' } -rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') +rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET')
\ No newline at end of file |