From faadf253adda58a1f6363621f9c396950dfae4e7 Mon Sep 17 00:00:00 2001
From: heraklit256 <37872459+heraklit256@users.noreply.github.com#>
Date: Sat, 8 Sep 2018 12:11:36 +0200
Subject: add rule for phish messages containing emotional subjects

---
 conf/composites.conf | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'conf')

diff --git a/conf/composites.conf b/conf/composites.conf
index 89f03790e..83ae88e47 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -101,6 +101,11 @@ composites {
         description = "Message was generated by PHP script and contains some spam indicators";
         score = 1.0;
     }
+    PHISH_EMOTION {
+        expression = "(HACKED_WP_PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM)";
+        description = "Phish message with subject trying to address users emotion";
+        score = 2.0;
+    }
 
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
-- 
cgit v1.2.3