diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-06-17 17:57:21 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-06-17 17:57:21 +0100 |
commit | 74889ceafbb4756dc331577db7864279f23fa64f (patch) | |
tree | cac4664a1c2a5221f244ae4879c90dbaa9bc7a7a /rules | |
parent | fd8fa3e700f834c758cc673cc34b2f9c44a9e5d2 (diff) | |
download | rspamd-74889ceafbb4756dc331577db7864279f23fa64f.tar.gz rspamd-74889ceafbb4756dc331577db7864279f23fa64f.zip |
[Rules] Add more detection to LEAKED_PASSWORD_SCAM
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/misc.lua | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index ece856c96..6b1f58a4b 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -69,11 +69,13 @@ local btc_wallet_address = [[/^[13][1-9A-Za-z]{25,34}$/]] local wallet_word = [[/^wallet$/{words}]] local broken_unicode = [[has_flag(bad_unicode)]] local list_unsub = [[header_exists(List-Unsubscribe)]] +local x_php_origin = [[header_exists(X-PHP-Originating-Script)]] reconf['LEAKED_PASSWORD_SCAM'] = { - re = string.format('%s{words} & (%s | %s | %s | %s | %s | %s | %s | lua:check_data_images)', + re = string.format('%s{words} & (%s | %s | %s | %s | %s | %s | %s | %s | %s)', btc_wallet_address, password_in_words, wallet_word, - my_victim, your_webcam, your_onan, broken_unicode, list_unsub), + my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images', + list_unsub, x_php_origin), description = 'Contains password word and BTC wallet address', functions = { check_data_images = function(task) |