From 8b2c9860be8b0663bfe9fc3b6defc041bb90e5b2 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 16 Apr 2022 09:56:08 +0200
Subject: DGA improvements

---
 example/ndpiReader.c | 2 +-
 src/lib/ndpi_main.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index cd56feae7..7c3e188fa 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -4187,8 +4187,8 @@ static void dgaUnitTest() {
   };
 
   const char *non_dga[] = {
+    "mail.100x100design.com",
     "cdcvps.cloudapps.cisco.com",
-    "100x100design.com",
     "vcsa.vmware.com",
     "mz.gov.pl",
     "zoomam104zc.zoom.us",
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index fec0e4c63..b0b98d4a4 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -8318,7 +8318,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 
       if(num_bigram_checks
 	 /* We already checked num_dots > 0 */
-	 && ((num_found == 0) || ((num_digits > 5) && (num_words <= 3))
+	 && ((num_found == 0) || ((num_digits > 5) && (num_words <= 3) && (num_impossible > 0))
 	     || enough(num_found, num_impossible)
 	     || ((num_trigram_checked > 2)
 		 && ((num_trigram_found < (num_trigram_checked/2))
-- 
cgit v1.2.3