]> git.donarmstrong.com Git - spamassassin_config.git/blobdiff - common/virus_spam
projects / spamassassin_config.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tweak the shipping id rules
[spamassassin_config.git] / common / virus_spam
diff --git a/common/virus_spam b/common/virus_spam
index 151b21d6a94880504d3f06c376d30834ad0ca647..ef94c43932875cc2378ed006cccfa96cc7c8f80f 100644 (file)
--- a/common/virus_spam
+++ b/common/virus_spam
@@ -95,10 +95,23 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/FedEx International|unable to deliver.*(item|parcel)/i
+header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
-meta FEDEX_ZIP FEDEXPACKAGE && ZIPCOMPRESSED
+#don 2016-11-04
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*($|shipment|delivery)/
+describe SHIPPING_ID Contains a long ID number at the end or folled by shipment
+score SHIPPING_ID 3
+
+header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*/
+describe SHIP_ID_INT Contains a long ID number inside
+score SHIP_ID_INT 1
+
+rawbody MSWORD    /application\/msword/
+describe MSWORD   Has a word attachment
+score MSWORD      2
+
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID || SHIP_ID_INT ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
 describe FEDEX_ZIP Fedex package with zip file
 describe FEDEX_ZIP Fedex package with zip file
-score FEDEX_ZIP 3
+score FEDEX_ZIP 6
Unnamed repository; edit this file 'description' to name the repository.