diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-10-29 16:51:39 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-10-29 16:51:39 +0000 |
| commit | 80928e500cca36a6bd4901b3aca50d6515674b61 (patch) | |
| tree | 25e088544b1d57983323b315e1246a021c923ab0 /rules | |
| parent | 34f0b5587e72a7f77425d9faccac8b03b363fdcc (diff) | |
| download | rspamd-80928e500cca36a6bd4901b3aca50d6515674b61.tar.gz rspamd-80928e500cca36a6bd4901b3aca50d6515674b61.zip | |
[Rules] Add LEAKED_PASSWORD_SCAM rule
Diffstat (limited to 'rules')
| -rw-r--r-- | rules/regexp/misc.lua | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index b9e1b0e6d..846cb5ee5 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -60,3 +60,15 @@ reconf['HAS_ONION_URI'] = { score = 0.0, group = 'experimental' } + +local password_in_subject = [[Subject=/\bpassword\b/i]] +local password_in_body = [[/\bpassword\b/i{sa_body}]] +local btc_wallet = [[/\b[13][0-9a-zA-Z]{25,34}\b/{sa_body}]] + +reconf['LEAKED_PASSWORD_SCAM'] = { + re = string.format('(%s | %s) & %s', password_in_subject, + password_in_body, btc_wallet), + description = 'Contains password word and BTC wallet address', + score = 5.0, + group = 'scams' +}
\ No newline at end of file |