https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7995
--- Comment #22 from Riccardo Alfieri <riccardo.alfi...@spamteq.com> ---
I managed to port 99% of the functions from our 3.4.x plugin, but I'm
encountering some issues with the extraction of cryptowallets addresses.
I have a test email with the following BTC wallet in it:
1Gx3ZjJaHkXquhPzwYSFbVz1uSf[-REMOVEME-]dMGJY48
I then have a rule defined like this:
body SH_HBL_CW_BTC
eval:check_hashbl_bodyre('_cw.<key>.hbl.dq.spamhaus.net',
'sha1/max=10/shuffle', '\b(?:bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}\b',
'^127\.0\.3\.20$')
priority SH_HBL_CW_BTC -100
describe SH_HBL_CW_BTC Malicious BTC address
The resulting SHA1 hash for that BTC address is
62a692ded19caec0194c33a289bc9392de4714f0 and it's correctly listed:
$ dig +short
62a692ded19caec0194c33a289bc9392de4714f0._cw.<key>.hbl.dq.spamhaus.net
127.0.3.20
Putting the regex and the BTC on www.regexr.com gives me a positive match,
making me think that the regex is correct, however when scanning the email, SA
reports:
dbg: HashBL: SH_HBL_CW_BTC: no matches found
I guess I'm either missing something obvious or there is a bug somewhere
--
You are receiving this mail because:
You are the assignee for the bug.
