+# -*- mode: spamassassin -*-
# joy, 2003-08-15
rawbody PIC_GIF /^Content-ID: <pic\d*\.gif>/i
describe PIC_GIF pic*.gif in attachment, common spam/virus
describe NOVIR bogus no virus
score NOVIR 1
+# blarson 2008-08-09
+header ANTIGEN subject=~/Antigen Notification/
+describe ANTIGEN Antigen Notification
+score ANTIGEN 4
+
+# cord 2010-05-04
+body AUTOMATIC_MESSAGE /This is an automat(ic|ed) message/i
+describe AUTOMATIC_MESSAGE body indicates it is an automated message
+score AUTOMATIC_MESSAGE 2.0
+
+# formorer 2012-02-15
+header XEROX subject=~/Scan from a Xerox W./i
+describe XEROX Scanner malware
+score XEROX 4
+
+# don 2016-11-04
+header FEDEXPACKAGE subject=~/(FedEx International|USPS courier)|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification/i
+describe FEDEXPACKAGE Fedex Package Virus spam
+score FEDEXPACKAGE 4
+
+#don 2016-11-04
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*($|shipment|delivery)/
+describe SHIPPING_ID Contains a long ID number at the end or folled by shipment
+score SHIPPING_ID 3
+
+header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*/
+describe SHIP_ID_INT Contains a long ID number inside
+score SHIP_ID_INT 1
+
+rawbody MSWORD /application\/msword/
+describe MSWORD Has a word attachment
+score MSWORD 2
+
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID || SHIP_ID_INT ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
+describe FEDEX_ZIP Fedex package with zip file
+score FEDEX_ZIP 7
projects / spamassassin_config.git / blobdiff