commit 74889ce: [Rules] Add more detection to LEAKED_PASSWORD_SCAM
Vsevolod Stakhov
vsevolod at highsecure.ru
Mon Jun 17 17:00:04 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-06-17 17:57:21 +0100
URL: https://github.com/rspamd/rspamd/commit/74889ceafbb4756dc331577db7864279f23fa64f (HEAD -> master)
[Rules] Add more detection to LEAKED_PASSWORD_SCAM
---
rules/regexp/misc.lua | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index ece856c96..6b1f58a4b 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -69,11 +69,13 @@ local btc_wallet_address = [[/^[13][1-9A-Za-z]{25,34}$/]]
local wallet_word = [[/^wallet$/{words}]]
local broken_unicode = [[has_flag(bad_unicode)]]
local list_unsub = [[header_exists(List-Unsubscribe)]]
+local x_php_origin = [[header_exists(X-PHP-Originating-Script)]]
reconf['LEAKED_PASSWORD_SCAM'] = {
- re = string.format('%s{words} & (%s | %s | %s | %s | %s | %s | %s | lua:check_data_images)',
+ re = string.format('%s{words} & (%s | %s | %s | %s | %s | %s | %s | %s | %s)',
btc_wallet_address, password_in_words, wallet_word,
- my_victim, your_webcam, your_onan, broken_unicode, list_unsub),
+ my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images',
+ list_unsub, x_php_origin),
description = 'Contains password word and BTC wallet address',
functions = {
check_data_images = function(task)
More information about the Commits
mailing list