From c53dd6be7203038a0be6e73f1eb4beeeecd65b91 Mon Sep 17 00:00:00 2001
From: Steve Freegard <steve@stevefreegard.com>
Date: Thu, 23 Mar 2017 21:27:02 +0000
Subject: New rules

---
 rules/regexp/headers.lua | 6 ++++++
 rules/regexp/misc.lua    | 7 +++++++
 2 files changed, 13 insertions(+)

(limited to 'rules/regexp')

diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index f58feeaf8..af63d7131 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -899,3 +899,9 @@ reconf['X_PHPOS_FAKE'] = {
   group = 'headers'
 }
 
+reconf['HAS_XOIP'] = {
+  re = "header_exists('X-Originating-IP')",
+  description = "Has X-Originating-IP header",
+  score = 0.0,
+  group = 'headers'
+}
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 2fc194965..5f5b437b6 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -40,3 +40,10 @@ reconf['DATA_URI_OBFU'] = {
   score = 2.0
 }
 
+reconf['INTRODUCTION'] = {
+  re = '/\\b(?:my name is\\b|(?:i am|this is)\\s+(?:mr|mrs|ms|miss|master|sir|prof(?:essor)?|d(?:octo)?r|rev(?:erend)?)(\.|\\b))/{sa_body}i',
+  description = "Sender introduces themselves",
+  score = 2.0,
+  group = 'scams'
+}
+
-- 
cgit v1.2.3