From 18d4509d6acdcd416cbafd2905666315771cb25e Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 12 Nov 2018 14:32:52 +0000
Subject: [Minor] Make LEAKED_PASSWORD_SCAM rule more strict

---
 rules/regexp/misc.lua | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'rules/regexp')

diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 0a399e2ad..2332cd6ce 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -63,11 +63,12 @@ reconf['HAS_ONION_URI'] = {
 
 local password_in_subject = [[Subject=/\bpassword\b/i]]
 local password_in_body = [[/\bpassword\b/i{sa_body}]]
-local btc_wallet = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
+local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]]
+local wallet_word = [[/^wallet$/i{words}]]
 
 reconf['LEAKED_PASSWORD_SCAM'] = {
-  re = string.format('(%s | %s) & %s', password_in_subject,
-      password_in_body, btc_wallet),
+  re = string.format('(%s | %s) & %s & %s', password_in_subject,
+      password_in_body, btc_wallet_address, wallet_word),
   description = 'Contains password word and BTC wallet address',
   score = 7.0,
   group = 'scams'
-- 
cgit v1.2.3