From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 29 Oct 2018 16:51:39 +0000 (+0000)
Subject: [Rules] Add LEAKED_PASSWORD_SCAM rule
X-Git-Tag: 1.8.2~108
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80928e500cca36a6bd4901b3aca50d6515674b61;p=thirdparty%2Frspamd.git

[Rules] Add LEAKED_PASSWORD_SCAM rule
---

diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua
index b9e1b0e6d0..846cb5ee53 100644
--- a/rules/regexp/misc.lua
+++ b/rules/regexp/misc.lua
@@ -60,3 +60,15 @@ reconf['HAS_ONION_URI'] = {
     score = 0.0,
     group = 'experimental'
 }
+
+local password_in_subject = [[Subject=/\bpassword\b/i]]
+local password_in_body = [[/\bpassword\b/i{sa_body}]]
+local btc_wallet = [[/\b[13][0-9a-zA-Z]{25,34}\b/{sa_body}]]
+
+reconf['LEAKED_PASSWORD_SCAM'] = {
+  re = string.format('(%s | %s) & %s', password_in_subject,
+      password_in_body, btc_wallet),
+  description = 'Contains password word and BTC wallet address',
+  score = 5.0,
+  group = 'scams'
+}
\ No newline at end of file