X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=common%2Fvirus_spam;h=ba76a8c093b604b846ccfac75e7e8d9df80913a8;hb=80dc0b55e1899357c644942fe615378a3be858a7;hp=0d5dbe03795b61720559d56d18940b8fb1882aed;hpb=15becbc3f841c2be10a6196acc84e605a0cd5bf1;p=spamassassin_config.git

diff --git a/common/virus_spam b/common/virus_spam
index 0d5dbe0..ba76a8c 100644
--- a/common/virus_spam
+++ b/common/virus_spam
@@ -95,15 +95,23 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problem with).*(item|parcel)|shipment delivery problem|delivery notification/i
+header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
 #don 2016-11-04
-header SHIPPING_ID subject =~ /(ID:?|ID|\#)\s*\d{8,}\s*$/
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{8,}\s*$/
 describe SHIPPING_ID Contains a long ID number at the end
 score SHIPPING_ID 3
 
-meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID ) && ( ZIPCOMPRESSED | ZIPFILE )
+header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.)\s*\d{8,}\s*/
+describe SHIP_ID_INT Contains a long ID number inside
+score SHIP_ID_INT 1
+
+rawbody MSWORD    /application\/msword/
+describe MSWORD   Has a word attachment
+score MSWORD      2
+
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID || SHIP_ID_INT ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
 describe FEDEX_ZIP Fedex package with zip file
-score FEDEX_ZIP 3
+score FEDEX_ZIP 6