leave original symbols for composite rules

Removing original symbols if a composite rule triggers is kind
of confusing and makes debugging harder.

diff --git a/conf/composites.conf b/conf/composites.conf
index 7197adc8ffb6baa67d438566a336b60d01f494ac..bf772be07aed76d57fdf8d5305617665a759d774 100644 (file)
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -103,16 +103,19 @@ composites {
         expression = "(HAS_X_POS | HAS_PHPMAILER_SIG | HAS_X_PHP_SCRIPT) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM | MANY_INVISIBLE_PARTS)";
         description = "Message was generated by PHP script and contains some spam indicators";
         score = 1.0;
+        policy = "leave";
     }
     PHISH_EMOTION {
         expression = "(PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK) & (SUBJECT_ENDS_QUESTION | SUBJECT_ENDS_EXCLAIM)";
         description = "Phish message with subject trying to address users emotion";
         score = 2.0;
+        policy = "leave";
     }
     HAS_ANON_DOMAIN {
         expression = "HAS_GUC_PROXY_URI | URIBL_RED | DBL_ABUSE_REDIR";
         description = "Contains one or more domains trying to disguise owner/destination";
         score = 0.5;
+        policy = "leave";
     }
 
     .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"