score PGPSIGNATURE -5
-# TODO: The rules below seem to be very similar; possibly fix them.
+body WORD_WITHOUT_VOWELS /\b[bcdfghjklmnpqrstvwxz]{6,20}\b/
+describe WORD_WITHOUT_VOWELS Long word without any vowels
+score WORD_WITHOUT_VOWELS 1
-# These might trip up on non-english lists. We'll see.
-# They're fucking up on GPG signatures
-body MURPHY_WRONG_WORD1 /[bcdfghjklmnpqrstvwxz]{7,}/i
-score MURPHY_WRONG_WORD1 0.1
-
-body MURPHY_WRONG_WORD2 /[bcdfghjklmnpqrstvwxz]{6,}/i
-score MURPHY_WRONG_WORD2 0.2
-
-#Impronounceable. Need to check this one for accuracy (from airmax.cf)
-body IMPRONONCABLE_1 /([bcdfghjklmnpqrstvwxz]){6,20}/
-describe IMPRONONCABLE_1 Some words aren't easy to pronounce (too much vowels)
-body IMPRONONCABLE_2 /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/
-describe IMPRONONCABLE_2 Some words aren't easy to pronounce (mixed numbers and lower-case letters)
+body DIGITS_LETTERS /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/
+describe DIGITS_LETTERS Mixed groups of letters followed by numbers
+score DIGITS_LETTERS 1
# From http://www.exit0.us/index.php/FredsRules
# Added by pasc 2004/06/20
score FAILNOTE 2
# blarson 2007-06-28
-rawbody CTINLINE /^Content\-Disposition\: inline\;\b/
+full CTINLINE /^Content\-Disposition\: inline\;\b/
describe CTINLINE Inline attachment
score CTINLINE 1
describe OUTOFOFFICE Out of the office
score OUTOFOFFICE 3
+body OUTOFOFFICE_BACK /will be back/i
+describe OUTOFOFFICE_BACK Out of the office
+score OUTOFOFFICE_BACK 3
+
# blarson 2007-08-01 \w was too broad 2007-08-12 add dash, at least 3 digits
header SUBENDNUM subject =~ /[a-zA-Z!]-?\d{3,}$/
describe SUBENDNUM Subject ends in word989
score TINYFONT 3
# blarson 2008-04-03
-rawbody ZIPFILE /\bfilename\=.*\.zip\b/i
+full ZIPFILE /\bfilename\=.*\.zip\b/i
describe ZIPFILE zipfile attachment
score ZIPFILE 0.5
score INFOCOUK 3
# blarson 2009-05-27
-body EXITAT /\bexit\@(?:datalistsource|listsourcesworld|BestAccurateReliable)\.com\b/i
+body EXITAT /\b(?:exit|rembox)\@(?:datalistsource|listsourcesworld|BestAccurateReliable|expertdatasystems|bestbizlists)\.\b/i
describe EXITAT exit@datalistsource.com
score EXITAT 3
header YAHOOCALENDAR X-Yahoo-Calendar-IId: =~ /./
describe YAHOOCALENDAR Mail comming from yahoo calendar, which spams us with updates
score YAHOOCALENDAR 5
+
+# alex 2009-12-05
+header TLOTTERY subject =~ /Ticket no: [0-9]+/i
+describe TLOTTERY Lottery spam
+score TLOTTERY 3
+
+# alex 2009-12-05
+header GLOTTERY subject =~ /Google_L_o_t_t_e_r_y_W_i_n_n_e_r_s/i
+describe GLOTTERY Google Lottery spam
+score GLOTTERY 3
+
+# alex 2009-12-16
+header DOTNET subject =~ /Planning a Website Design\? Updates/
+describe DOTNET .NET Spam
+score DOTNET 3
+
+# blarson 2010-02-02
+body REMBOX /\b(?:rembo[xt]|disappear|stopping|delrem|remfiles?|exit|takemeoff|offthelist|purgefile)\s?\@/
+describe REMBOX rembox
+score REMBOX 3
+
+# formorer 2010-01-23
+header LONGTO to =~ /([\S]+, ){15,}/
+describe LONGTO very long To line
+score LONGTO 3
+
+# formorer 2010-01-25
+header VAULAS subject =~ /cursos video aulas video/i
+describe VAULAS some spanish video spam
+score VAULAS 3
+
+# blarson 2010-01-28
+header FROMWWW from =~ /\bwww\./i
+describe FROMWWW from www.whatever
+score FROMWWW 3
+
+# blarson 2010-02-16
+header FROMCASINO from =~ /\bcasino/i
+describe FROMCASINO from casino
+score FROMCASINO 3
+
+# don 2010-06-10
+header CTOCTET_STREAM Content-Type =~ /octet-stream/i
+describe CTOCTET_STREAM Content type is octet-stream
+score CTOCTET_STREAM 0.5
+
+full RTF_ATTACH /^Content-Disposition:.+name=.+\.(rtf|doc)/i
+describe RTF_ATTACH Contains an RTF or DOC Attachment
+score RTF_ATTACH 2
+
+meta RTF_SPAM CTOCTET_STREAM && RTF_ATTACH
+describe RTF_SPAM Content type is octet-stream and has an RTF Attachment
+score RTF_SPAM 3
+
+# blarson 2010-10-11
+header WORDDIGDIG subject =~ /^\w{3,}\s+\d\s\d\s*$/
+describe WORDDIGDIG Word digit digit subject
+score WORDDIGDIG 3
+
+# don 2011-06-06
+header BRACE_SUBJECT Subject =~ /^\[\ [a-z0-9]{16}]\ /
+describe BRACE_SUBJECT 16 length word in braces in the subject
+score BRACE_SUBJECT 4
+
+# formorer 2011-08-12
+header COMPTESFR subject =~ /concernant Compte SFR/i
+describe COMPTESFR concernant Compte SFR
+score COMPTESFR 3
+
+# formorer 2012-02-02
+header BACKTOME subject =~ /Please get back to me/i
+describe BACKTOME Phrase get back to me
+score BACKTOME 4
+
+# formorer 2012-12-10
+header STEEL subject =~ /stainless steel cookware/i
+describe STEEL who need steel cookware?
+score STEEL 4
+
+# blarson 2012-02-23
+header SINGLES subject =~ /\bsingles\b/i
+describe SINGLES singles
+score SINGLES 4
+
+header CMAEOUT X-CMAE-OUT-Score =~ /.+/
+describe CMAEOUT Cmae out
+score CMAEOUT 3.5
+
+# blarson 2012-05-05
+body FBPHOTO /\b(photo|pict?|image)\s+on\s+(fb|facebook)\b/i
+describe FBPHOTO facebook photo
+score FBPHOTO 4
+
+header TRADEME subject =~ /Can you afford not to trade/
+describe TRADEME we don't trade
+score TRADEME 4
+
+# cord 2013-11-09
+header PHPMAILER X-Mailer =~ /PHPMailer/
+describe PHPMAILER X-Mailer: PHPMailer
+score PHPMAILER 2
+
+# formorer 2013-11-24
+header FROMTWOO from =~ /twoomail\.com/i
+describe FROMTWOO from twoomail
+score FROMTWOO 3
+
+# formorer 2014-07-31
+header FROMCHICEXECS from =~ /ChicExecs/i
+describe FROMCHICEXECS from ChicExecs
+score FROMCHICEXECS 3
+
+# formorer 2014-08-06
+header LHELMOND from =~ /Luke Helmond/i
+describe LHELMOND from Luke Helmond
+score LHELMOND 4
+
+# formorer 2014-08-06
+header MAILCHIMP X-Mailer =~ /MailChimp Mailer/i
+describe MAILCHIMP X-Mailer: MailChimp Mailer
+score MAILCHIMP 3
+
+# formorer 2014-08-29
+body AVERMITTLUNG /Arbeitsvermittlungsagentur/i
+describe AVERMITTLUNG Arbeitsvermittlungsagentur
+score AVERMITTLUNG 4
+
+# formorer 2014-08-29
+body BEWSCHREIBEN /Bewerbungsschreiben/i
+describe BEWSCHREIBEN Bewerbungsschreiben
+score BEWSCHREIBEN 4
+
+# formorer 2014-08-30
+header FREELNCMR subject =~ /Freelancer Online Marketing/
+describe FREELNCMR Freelancer Online Marketing
+score FREELNCMR 4
+
+# formorer 2014-09-03
+header SOLUCIONESAMB subject =~ /SOLUCIONES AMBIENTALES: FIN AL MAL OLOR CON ENZILIMP/
+describe SOLUCIONESAMB SOLUCIONES AMBIENTALES: FIN AL MAL OLOR CON ENZILIMP
+score SOLUCIONESAMB 5
+
+# formorer 2014-11-17
+header LYMBOO from =~ /\@lymboomail/
+describe LYMBOO lymboomail learning spam
+score LYMBOO 5