X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fmisc_spam;h=84a1fbe11aa799de0e0214fa41da0f5a093a6f17;hp=7b174a429c9115878359fe3033f0d2c2274efe5c;hb=34edaf03b7c21ecb55ce9980659dc523708bf1ef;hpb=6de25e1383c1e0d6c0af4c81f53ec2fcec0f969c diff --git a/common/misc_spam b/common/misc_spam index 7b174a4..84a1fbe 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -22,7 +22,7 @@ describe GUEBDE www.geub.de score GUEBDE 5 # Don 2008-06-27 -rawbody PGPSIGNATURE /-----BEGIN PGP SIGNATURE-----/ +full PGPSIGNATURE /-----BEGIN PGP SIGNATURE-----/ describe PGPSIGNATURE Has a pgp signature (may not be valid, but who cares?) score PGPSIGNATURE -5 @@ -123,10 +123,10 @@ full NEXTPART /\-\=\_NextPart\_000\_/ describe NEXTPART spammer mime separator score NEXTPART 2.5 -# blarson 2006-10-17 +# blarson 2006-10-17 2009-04-30 full CT_IMAGE /Content\-Type\:\s*image/i describe CT_IMAGE Picture attached -score CT_IMAGE 1 +score CT_IMAGE 1.5 # blarson 2006-12-01 (score so low since it will also hit CT_IMAGE) header CT_IMAGE_HEAD content-type =~ /image/ @@ -399,7 +399,100 @@ header AOL_SPAM4 from =~ /[^a-zA-Z0-9]+.*\@([^\@]+\.)?aol\.com/i describe AOL_SPAM4 possible AOL-pretending spam, matching rule 4 score AOL_SPAM4 1 +# blarson 2009-04-15 +body WEBMAIL /\bwebmail\b/i +describe WEBMAIL webmail +score WEBMAIL 1 + +# blarson 2009-04-17 +header REFNO subject =~ /\bref no\b/i +describe REFNO Ref No +score REFNO 2 + +# blarson 2009-05-26 +header INFOCOUK to =~ /\b(?:info|winner|loan|lotto|grant|win)\@(?:info\.|winner\.|loan\.|lotto\.|hotmail\.|grant\.|win\.|yahoo\.|)(?:co\.uk|net|com|org)\b/ +describe INFOCOUK to info@co.uk +score INFOCOUK 3 + +# blarson 2009-05-27 +body EXITAT /\b(?:exit|rembox)\@(?:datalistsource|listsourcesworld|BestAccurateReliable|expertdatasystems|bestbizlists)\.\b/i +describe EXITAT exit@datalistsource.com +score EXITAT 3 + +# blarson 2009-06-05 +header TOINFO to =~ /\binfo\@/ +describe TOINFO to info@ +score TOINFO 1 + # don 2009-07-06 header CONSTCONTACT X-Mailer =~ /Constant Contact/i describe CONSTCONTACT Mail comming from constant contact, which doesn't require double opt-in score CONSTCONTACT 5 + +# blarson 2009-08-16 +meta CTBDN (CT_IMAGE && MIXEDBDN) +describe CTBDN CT_IMAGE && MIXEDBDN +score CTBDN 0.5 + +# don 2009-09-22 +body NUMEMAIL /\d{3,}\s+emails?/i +describe NUMEMAIL Mail which mentions some number of e-mail addresses +score NUMEMAIL 2 + +# don 2009-11-25 +header YAHOOCALENDAR X-Yahoo-Calendar-IId: =~ /./ +describe YAHOOCALENDAR Mail comming from yahoo calendar, which spams us with updates +score YAHOOCALENDAR 5 + +# alex 2009-12-05 +header TLOTTERY subject =~ /Ticket no: [0-9]+/i +describe TLOTTERY Lottery spam +score TLOTTERY 3 + +# alex 2009-12-05 +header GLOTTERY subject =~ /Google_L_o_t_t_e_r_y_W_i_n_n_e_r_s/i +describe GLOTTERY Google Lottery spam +score GLOTTERY 3 + +# alex 2009-12-16 +header DOTNET subject =~ /Planning a Website Design\? Updates/ +describe DOTNET .NET Spam +score DOTNET 3 + +# blarson 2010-02-02 +body REMBOX /\b(?:rembox|disappear|stopping|delrem|remfiles?|exit)\s?\@/ +describe REMBOX rembox +score REMBOX 3 + +# formorer 2010-01-23 +header LONGTO to =~ /([\S]+, ){15,}/ +describe LONGTO very long To line +score LONGTO 3 + +# formorer 2010-01-25 +header VAULAS subject =~ /cursos video aulas video/i +describe VAULAS some spanish video spam +score VAULAS 3 + +# blarson 2010-01-28 +header FROMWWW from =~ /\bwww\./i +describe FROMWWW from www.whatever +score FROMWWW 3 + +# blarson 2010-02-16 +header FROMCASINO from =~ /\bcasino/i +describe FROMCASINO from casino +score FROMCASINO 3 + +# don 2010-06-10 +header CTOCTET_STREAM Content-Type =~ /octet-stream/i +describe CTOCTET_STREAM Content type is octet-stream +score CTOCTET_STREAM 0.5 + +header RTF_ATTACH Content-Type =~ /name=.+\.rtf/i +describe RTF_ATTACH Contains an RTF Attachment +score RTF_ATTACH 0.5 + +meta RTF_SPAM CTOCTET_STREAM && RTF_ATTACH +describe RTF_SPAM Content type is octet-stream and has an RTF Attachment +score RTF_SPAM 3 \ No newline at end of file