Composite rules: Minor cleanups

Added descriptions to some rules and unified AND operator.

diff --git a/conf/composites.conf b/conf/composites.conf
index bf772be07aed76d57fdf8d5305617665a759d774..9f3276fb366c28812ec96641080ad4e837041cc1 100644 (file)
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -24,6 +24,7 @@ composites {
     }
     FORGED_SENDER_FORWARDING {
         expression = "FORGED_SENDER & g:forwarding";
+        description = "Forged sender, but message is forwarded";
         policy = "remove_weight";
     }
     SPF_FAIL_FORWARDING {
@@ -42,7 +43,7 @@ composites {
         expression = "FORGED_SENDER & (ENVFROM_PRVS | ENVFROM_VERP)";
     }
     FORGED_MUA_MAILLIST {
-        expression = "g:mua and -MAILLIST";
+        expression = "g:mua & -MAILLIST";
     }
     RBL_SPAMHAUS_XBL_ANY {
         expression = "RBL_SPAMHAUS_XBL & RECEIVED_SPAMHAUS_XBL";
@@ -66,6 +67,7 @@ composites {
     }
     MAILER_1C_8_BASE64 {
         expression = "MAILER_1C_8 & (FROM_EXCESS_BASE64 | MIME_BASE64_TEXT | SUBJ_EXCESS_BASE64 | TO_EXCESS_BASE64)";
+        description = "Message was sent by '1C:Enterprise 8' and uses base64 encoded data";
     }
     HACKED_WP_PHISHING {
         expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";