X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fmisc_spam;h=f4fc654da423d047eea09ed40cda479c613700f2;hp=566c09bac621d8013992e18b339205f4a8997a33;hb=c25e0be2627fc55e481a95f16fb4a043b7dae29d;hpb=1d7706037e2869b4ae8b1ead68278abb6d3759e0 diff --git a/common/misc_spam b/common/misc_spam index 566c09b..f4fc654 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -27,21 +27,13 @@ describe PGPSIGNATURE Has a pgp signature (may not be valid, but who cares?) score PGPSIGNATURE -5 -# TODO: The rules below seem to be very similar; possibly fix them. +body WORD_WITHOUT_VOWELS /\b[bcdfghjklmnpqrstvwxz]{6,20}\b/ +describe WORD_WITHOUT_VOWELS Long word without any vowels +score WORD_WITHOUT_VOWELS 1 -# These might trip up on non-english lists. We'll see. -# They're fucking up on GPG signatures -body MURPHY_WRONG_WORD1 /[bcdfghjklmnpqrstvwxz]{7,}/i -score MURPHY_WRONG_WORD1 0.1 - -body MURPHY_WRONG_WORD2 /[bcdfghjklmnpqrstvwxz]{6,}/i -score MURPHY_WRONG_WORD2 0.2 - -#Impronounceable. Need to check this one for accuracy (from airmax.cf) -body IMPRONONCABLE_1 /([bcdfghjklmnpqrstvwxz]){6,20}/ -describe IMPRONONCABLE_1 Some words aren't easy to pronounce (too much vowels) -body IMPRONONCABLE_2 /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/ -describe IMPRONONCABLE_2 Some words aren't easy to pronounce (mixed numbers and lower-case letters) +body DIGITS_LETTERS /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/ +describe DIGITS_LETTERS Mixed groups of letters followed by numbers +score DIGITS_LETTERS 1 # From http://www.exit0.us/index.php/FredsRules # Added by pasc 2004/06/20 @@ -171,7 +163,7 @@ describe FAILNOTE bounced spam score FAILNOTE 2 # blarson 2007-06-28 -rawbody CTINLINE /^Content\-Disposition\: inline\;\b/ +full CTINLINE /^Content\-Disposition\: inline\;\b/ describe CTINLINE Inline attachment score CTINLINE 1 @@ -313,7 +305,7 @@ describe TINYFONT tiny font specified score TINYFONT 3 # blarson 2008-04-03 -rawbody ZIPFILE /\bfilename\=.*\.zip\b/i +full ZIPFILE /\bfilename\=.*\.zip\b/i describe ZIPFILE zipfile attachment score ZIPFILE 0.5 @@ -493,14 +485,19 @@ header CTOCTET_STREAM Content-Type =~ /octet-stream/i describe CTOCTET_STREAM Content type is octet-stream score CTOCTET_STREAM 0.5 -header RTF_ATTACH Content-Type =~ /name=.+\.rtf/i -describe RTF_ATTACH Contains an RTF Attachment -score RTF_ATTACH 0.5 +full RTF_ATTACH /^Content-Disposition:.+name=.+\.(rtf|doc)/i +describe RTF_ATTACH Contains an RTF or DOC Attachment +score RTF_ATTACH 2 meta RTF_SPAM CTOCTET_STREAM && RTF_ATTACH describe RTF_SPAM Content type is octet-stream and has an RTF Attachment score RTF_SPAM 3 +# blarson 2010-10-11 +header WORDDIGDIG subject =~ /^\w{3,}\s+\d\s\d\s*$/ +describe WORDDIGDIG Word digit digit subject +score WORDDIGDIG 3 + # don 2011-06-06 header BRACE_SUBJECT Subject =~ /^\[\ [a-z0-9]{16}]\ / describe BRACE_SUBJECT 16 length word in braces in the subject @@ -511,3 +508,42 @@ header COMPTESFR subject =~ /concernant Compte SFR/i describe COMPTESFR concernant Compte SFR score COMPTESFR 3 +# formorer 2012-02-02 +header BACKTOME subject =~ /Please get back to me/i +describe BACKTOME Phrase get back to me +score BACKTOME 4 + +# formorer 2012-12-10 +header STEEL subject =~ /stainless steel cookware/i +describe STEEL who need steel cookware? +score STEEL 4 + +# blarson 2012-02-23 +header SINGLES subject =~ /\bsingles\b/i +describe SINGLES singles +score SINGLES 4 + +header CMAEOUT X-CMAE-OUT-Score =~ /.+/ +describe CMAEOUT Cmae out +score CMAEOUT 3.5 + +# blarson 2012-05-05 +body FBPHOTO /\b(photo|pict?|image)\s+on\s+(fb|facebook)\b/i +describe FBPHOTO facebook photo +score FBPHOTO 4 + +header TRADEME subject =~ /Can you afford not to trade/ +describe TRADEME we don't trade +score TRADEME 4 + +# cord 2013-11-09 +header PHPMAILER X-Mailer =~ /PHPMailer/ +describe PHPMAILER X-Mailer: PHPMailer +score PHPMAILER 2 + +# formorer 2013-11-24 +header FROMTWOO from =~ /twoomail\.com/i +describe FROMTWOO from twoomail +score FROMTWOO 3 + +