X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fvirus_spam;h=2feae6f0f80f52d32c364b427eaeb63fae4120a5;hp=1129f2495e3fa57e9485d2e1f3e114dfae8699dc;hb=1131ac64d74e40f9e39052412a2bcdbe3cf5385a;hpb=8c60e4b6fab9533a2005f64e79e6a79edf409db1

diff --git a/common/virus_spam b/common/virus_spam
index 1129f24..2feae6f 100644
--- a/common/virus_spam
+++ b/common/virus_spam
@@ -95,19 +95,23 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification/i
+header FEDEXPACKAGE subject=~/(FedEx International|USPS courier)|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification|USPS delivery/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
 #don 2016-11-04
-header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{8,}\s*$/
-describe SHIPPING_ID Contains a long ID number at the end
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.|UPS)\s*\d{7,}\s*\)?\s*($|shipment|delivery)/
+describe SHIPPING_ID Contains a long ID number at the end or folled by shipment
 score SHIPPING_ID 3
 
+header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.|UPS)\s*\d{7,}\s*/
+describe SHIP_ID_INT Contains a long ID number inside
+score SHIP_ID_INT 1
+
 rawbody MSWORD    /application\/msword/
 describe MSWORD   Has a word attachment
 score MSWORD      2
 
-meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID || SHIP_ID_INT ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
 describe FEDEX_ZIP Fedex package with zip file
-score FEDEX_ZIP 6
+score FEDEX_ZIP 7