diff --git a/lib/utils.ts b/lib/utils.ts
index 9f3e433eda5..c243bd188b4 100644
--- a/lib/utils.ts
+++ b/lib/utils.ts
@@ -206,11 +206,11 @@ export const getErrorMessage = (error: unknown) => {
 }
 
 export const matchesSystemIniFile = (text: string) => {
-  const match = text.match(/(; for 16-bit app support|drivers|mci|driver32|386enh|keyboard|boot|display)/gi)
+  const match = text.match(/; for 16-bit app support/gi)
   return match !== null && match.length >= 1
 }
 
 export const matchesEtcPasswdFile = (text: string) => {
-  const match = text.match(/\w*:\w*:\d*:\d*:\w*:.*/gi)
+  const match = text.match(/(\w*:\w*:\d*:\d*:\w*:.*)|(Note that this file is consulted directly)/gi)
   return match !== null && match.length >= 1
 }
diff --git a/routes/fileUpload.ts b/routes/fileUpload.ts
index e7633dce818..b81057629f1 100644
--- a/routes/fileUpload.ts
+++ b/routes/fileUpload.ts
@@ -79,7 +79,7 @@ function handleXmlUpload ({ file }: Request, res: Response, next: NextFunction)
         vm.createContext(sandbox)
         const xmlDoc = vm.runInContext('libxml.parseXml(data, { noblanks: true, noent: true, nocdata: true })', sandbox, { timeout: 2000 })
         const xmlString = xmlDoc.toString(false)
-        challengeUtils.solveIf(challenges.xxeFileDisclosureChallenge, () => { return (utils.matchesEtcPasswdFile(xmlString || utils.matchesSystemIniFile(xmlString))) })
+        challengeUtils.solveIf(challenges.xxeFileDisclosureChallenge, () => { return (utils.matchesEtcPasswdFile(xmlString) || utils.matchesSystemIniFile(xmlString)) })
         res.status(410)
         next(new Error('B2B customer complaints via file upload have been deprecated for security reasons: ' + utils.trunc(xmlString, 400) + ' (' + file.originalname + ')'))
       } catch (err: any) { // TODO: Remove any