|
|
|
@ -66,19 +66,18 @@ local your_webcam = [[/webcam/{words}]] |
|
|
|
local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]] |
|
|
|
local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]] |
|
|
|
local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]] |
|
|
|
local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]] |
|
|
|
local wallet_word = [[/^wallet$/{words}]] |
|
|
|
local broken_unicode = [[has_flag(bad_unicode)]] |
|
|
|
local list_unsub = [[header_exists(List-Unsubscribe)]] |
|
|
|
local x_php_origin = [[header_exists(X-PHP-Originating-Script)]] |
|
|
|
|
|
|
|
reconf['LEAKED_PASSWORD_SCAM'] = { |
|
|
|
re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)', |
|
|
|
reconf['LEAKED_PASSWORD_SCAM_RE'] = { |
|
|
|
re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)', |
|
|
|
btc_wallet_address, password_in_words, wallet_word, |
|
|
|
my_victim, your_webcam, your_onan, |
|
|
|
broken_unicode, 'lua:check_data_images', |
|
|
|
list_unsub, x_php_origin, mixed_charset), |
|
|
|
description = 'Contains password word and BTC wallet address', |
|
|
|
list_unsub, x_php_origin), |
|
|
|
description = 'Contains BTC wallet address and malicious regexps', |
|
|
|
functions = { |
|
|
|
check_data_images = function(task) |
|
|
|
local tp = task:get_text_parts() or {} |
|
|
|
@ -96,9 +95,8 @@ reconf['LEAKED_PASSWORD_SCAM'] = { |
|
|
|
return false |
|
|
|
end |
|
|
|
}, |
|
|
|
score = 7.0, |
|
|
|
score = 0.0, |
|
|
|
group = 'scams' |
|
|
|
} |
|
|
|
|
|
|
|
rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') |
|
|
|
rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET') |
|
|
|
rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') |
Vsevolod Stakhov
6 years ago