From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Wed, 18 Sep 2019 15:25:59 +0000 (+0100)
Subject: [Minor] Improve LEAKED_PASSWORD_SCAM
X-Git-Tag: 2.0~182
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=601825e42a01cc5c2c2b15199468e91b7a225f18;p=thirdparty%2Frspamd.git

[Minor] Improve LEAKED_PASSWORD_SCAM
---

diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index 867b700c18..98380d97fc 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -66,16 +66,18 @@ local your_webcam = [[/webcam/{words}]]
 local your_onan = [[/(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary)/{words}]]
 local password_in_words = [[/^pass(?:(?:word)|(?:phrase))$/i{words}]]
 local btc_wallet_address = [[has_symbol(BITCOIN_ADDR)]]
+local mixed_charset = [[has_symbol(R_MIXED_CHARSET)]]
 local wallet_word = [[/^wallet$/{words}]]
 local broken_unicode = [[has_flag(bad_unicode)]]
 local list_unsub = [[header_exists(List-Unsubscribe)]]
 local x_php_origin = [[header_exists(X-PHP-Originating-Script)]]
 
 reconf['LEAKED_PASSWORD_SCAM'] = {
-  re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s)',
+  re = string.format('%s & (%s | %s | %s | %s | %s | %s | %s | %s | %s | %s)',
       btc_wallet_address, password_in_words, wallet_word,
-      my_victim, your_webcam, your_onan, broken_unicode, 'lua:check_data_images',
-      list_unsub, x_php_origin),
+      my_victim, your_webcam, your_onan,
+      broken_unicode, 'lua:check_data_images',
+      list_unsub, x_php_origin, mixed_charset),
   description = 'Contains password word and BTC wallet address',
   functions = {
     check_data_images = function(task)
@@ -98,4 +100,5 @@ reconf['LEAKED_PASSWORD_SCAM'] = {
   group = 'scams'
 }
 
-rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
\ No newline at end of file
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR')
+rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'R_MIXED_CHARSET')
\ No newline at end of file