name collision

core/rspamd/conf/composites.conf

@@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR {
     score = 20.0;
 }
 OLETOOLS_MACRO_SUSPICIOUS {
-    expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_A";
+    expression = "OLETOOLS_FLAG | OLETOOLS_VBASTOMP | OLETOOLS_A";
     message = "Rejected (malicious macro)";
     policy = "leave";
     score = 20.0;

core/rspamd/conf/external_services.conf

@@ -12,7 +12,7 @@ oletools {
   patterns {
     OLETOOLS_MACRO_FOUND= '^.....M..$';
     OLETOOLS_AUTOEXEC   = '^A....M..$';
-    OLETOOLS_SUSPICIOUS = '^.....MS.$';
+    OLETOOLS_FLAG       = '^.....MS.$';
     OLETOOLS_VBASTOMP   = '^VBA Stomping$';
 # see https://github.com/decalage2/oletools/blob/master/oletools/mraptor.py
     OLETOOLS_A   = '(?i)\b(?:Auto(?:Exec|_?Open|_?Close|Exit|New)|Document(?:_?Open|_Close|_?BeforeClose|Change|_New)|NewDocument|Workbook(?:_Open|_Activate|_Close|_BeforeClose)|\w+_(?:Painted|Painting|GotFocus|LostFocus|MouseHover|Layout|Click|Change|Resize|BeforeNavigate2|BeforeScriptExecute|DocumentComplete|DownloadBegin|DownloadComplete|FileDownload|NavigateComplete2|NavigateError|ProgressChange|PropertyChange|SetSecureLockIcon|StatusTextChange|TitleChange|MouseMove|MouseEnter|MouseLeave|OnConnecting))\b|Auto_Ope\b';

core/rspamd/conf/external_services_group.conf

@@ -15,7 +15,7 @@ symbols = {
     weight = 0.0;
     one_shot = true;
   },
-  "OLETOOLS_SUSPICIOUS" {
+  "OLETOOLS_FLAG" {
     weight = 0.0;
     one_shot = true;
   },