X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fmisc_spam;h=ffcd57e7e1fadacff056a908cc67b6669b4a5bc8;hp=be2490877021757660bcbcfe843bb8cb30923a19;hb=1f5091a1b187eede97605fbe9e7f4eb597a50d28;hpb=19b2f7efa74d1ef583814f3561a53cebe702853c

diff --git a/common/misc_spam b/common/misc_spam
index be24908..ffcd57e 100644
--- a/common/misc_spam
+++ b/common/misc_spam
@@ -27,21 +27,13 @@ describe PGPSIGNATURE	Has a pgp signature (may not be valid, but who cares?)
 score	 PGPSIGNATURE	-5
 
 
-# TODO: The rules below seem to be very similar; possibly fix them.
+body WORD_WITHOUT_VOWELS  /\b[bcdfghjklmnpqrstvwxz]{6,20}\b/
+describe WORD_WITHOUT_VOWELS Long word without any vowels
+score WORD_WITHOUT_VOWELS 1
 
-# These might trip up on non-english lists. We'll see.
-# They're fucking up on GPG signatures
-body MURPHY_WRONG_WORD1	/[bcdfghjklmnpqrstvwxz]{7,}/i
-score MURPHY_WRONG_WORD1 0.1
-
-body MURPHY_WRONG_WORD2 /[bcdfghjklmnpqrstvwxz]{6,}/i
-score MURPHY_WRONG_WORD2 0.2
-
-#Impronounceable. Need to check this one for accuracy (from airmax.cf)
-body IMPRONONCABLE_1                            /([bcdfghjklmnpqrstvwxz]){6,20}/
-describe IMPRONONCABLE_1                        Some words aren't easy to pronounce (too much vowels)
-body IMPRONONCABLE_2                            /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/
-describe IMPRONONCABLE_2                        Some words aren't easy to pronounce (mixed numbers and lower-case letters)
+body DIGITS_LETTERS /(([abcdefghijklmnopqrstvwxyz]){1,9}\d{1,4}){2,9}/
+describe DIGITS_LETTERS Mixed groups of letters followed by numbers
+score DIGITS_LETTERS 1
 
 # From http://www.exit0.us/index.php/FredsRules
 # Added by pasc 2004/06/20
@@ -171,7 +163,7 @@ describe FAILNOTE	bounced spam
 score FAILNOTE		2
 
 # blarson 2007-06-28
-rawbody CTINLINE	/^Content\-Disposition\: inline\;\b/
+full CTINLINE	/^Content\-Disposition\: inline\;\b/
 describe CTINLINE	Inline attachment
 score CTINLINE		1
 
@@ -228,6 +220,10 @@ body OUTOFOFFICE	/out of the office/i
 describe OUTOFOFFICE	Out of the office
 score OUTOFOFFICE	3
 
+body OUTOFOFFICE_BACK   /will be back/i
+describe OUTOFOFFICE_BACK   Out of the office
+score OUTOFOFFICE_BACK   3
+
 # blarson 2007-08-01 \w was too broad 2007-08-12 add dash, at least 3 digits
 header SUBENDNUM	subject =~ /[a-zA-Z!]-?\d{3,}$/
 describe SUBENDNUM	Subject ends in word989
@@ -309,7 +305,7 @@ describe TINYFONT	tiny font specified
 score TINYFONT		3
 
 # blarson 2008-04-03
-rawbody ZIPFILE		/\bfilename\=.*\.zip\b/i
+full ZIPFILE		/\bfilename\=.*\.zip\b/i
 describe ZIPFILE	zipfile attachment
 score ZIPFILE		0.5
 
@@ -415,7 +411,7 @@ describe INFOCOUK	to info@co.uk
 score INFOCOUK		3
 
 # blarson 2009-05-27
-body EXITAT		/\bexit\@(?:datalistsource|listsourcesworld|BestAccurateReliable)\.com\b/i
+body EXITAT		/\b(?:exit|rembox)\@(?:datalistsource|listsourcesworld|BestAccurateReliable|expertdatasystems|bestbizlists)\.\b/i
 describe EXITAT		exit@datalistsource.com
 score EXITAT		3
 
@@ -459,3 +455,60 @@ header DOTNET		   subject =~ /Planning a Website Design\? Updates/
 describe DOTNET		   .NET Spam
 score DOTNET 		   3
 
+# blarson 2010-02-02
+body REMBOX		/\b(?:rembo[xt]|disappear|stopping|delrem|remfiles?|exit|takemeoff|offthelist|purgefile)\s?\@/
+describe REMBOX		rembox
+score REMBOX		3
+
+# formorer 2010-01-23
+header LONGTO           to =~ /([\S]+, ){15,}/
+describe LONGTO		very long To line
+score LONGTO		3
+
+# formorer 2010-01-25
+header VAULAS		subject =~ /cursos video aulas video/i
+describe VAULAS		some spanish video spam
+score VAULAS		3
+
+# blarson 2010-01-28
+header FROMWWW		from =~ /\bwww\./i
+describe FROMWWW	from www.whatever
+score FROMWWW		3
+
+# blarson 2010-02-16
+header FROMCASINO	from =~ /\bcasino/i
+describe FROMCASINO	from casino
+score FROMCASINO	3
+
+# don 2010-06-10
+header CTOCTET_STREAM	Content-Type =~ /octet-stream/i
+describe CTOCTET_STREAM	Content type is octet-stream
+score CTOCTET_STREAM	0.5
+
+full RTF_ATTACH		/^Content-Disposition:.+name=.+\.(rtf|doc)/i
+describe RTF_ATTACH	Contains an RTF or DOC Attachment
+score RTF_ATTACH	2
+
+meta RTF_SPAM		CTOCTET_STREAM && RTF_ATTACH
+describe RTF_SPAM	Content type is octet-stream and has an RTF Attachment
+score RTF_SPAM		3
+
+# blarson 2010-10-11
+header WORDDIGDIG      subject =~ /^\w{3,}\s+\d\s\d\s*$/
+describe WORDDIGDIG    Word digit digit subject
+score WORDDIGDIG       3
+
+# don 2011-06-06
+header BRACE_SUBJECT	Subject =~ /^\[\ [a-z0-9]{16}]\ /
+describe BRACE_SUBJECT	16 length word in braces in the subject
+score BRACE_SUBJECT	4
+
+# formorer 2011-08-12
+header COMPTESFR    subject =~ /concernant Compte SFR/i
+describe COMPTESFR  concernant Compte SFR
+score COMPTESFR     3
+
+# formorer 2012-02-02
+header BACKTOME	    subject =~ /Please get back to me/i
+describe BACKTOME   Phrase get back to me
+score BACKTOME	    4