X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fvirus_spam;h=b476dc49d280264e614535d081f54b367b1a260e;hp=c9686d281af0afe3ba9e70ed6e2a8258b0bbc735;hb=26d8c604e43cb8d397b2969c6c5f3000bc349b11;hpb=652703901508da38854d07b3b53b6d231eff175f diff --git a/common/virus_spam b/common/virus_spam index c9686d2..b476dc4 100644 --- a/common/virus_spam +++ b/common/virus_spam @@ -1,3 +1,4 @@ +# -*- mode: spamassassin -*- # joy, 2003-08-15 rawbody PIC_GIF /^Content-ID: /i describe PIC_GIF pic*.gif in attachment, common spam/virus @@ -78,3 +79,39 @@ body NOVIR /^No virus found in this incoming message\./ describe NOVIR bogus no virus score NOVIR 1 +# blarson 2008-08-09 +header ANTIGEN subject=~/Antigen Notification/ +describe ANTIGEN Antigen Notification +score ANTIGEN 4 + +# cord 2010-05-04 +body AUTOMATIC_MESSAGE /This is an automat(ic|ed) message/i +describe AUTOMATIC_MESSAGE body indicates it is an automated message +score AUTOMATIC_MESSAGE 2.0 + +# formorer 2012-02-15 +header XEROX subject=~/Scan from a Xerox W./i +describe XEROX Scanner malware +score XEROX 4 + +# don 2016-11-04 +header FEDEXPACKAGE subject=~/(FedEx International|USPS courier)|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification/i +describe FEDEXPACKAGE Fedex Package Virus spam +score FEDEXPACKAGE 4 + +#don 2016-11-04 +header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*($|shipment|delivery)/ +describe SHIPPING_ID Contains a long ID number at the end or folled by shipment +score SHIPPING_ID 3 + +header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.)\s*\d{7,}\s*/ +describe SHIP_ID_INT Contains a long ID number inside +score SHIP_ID_INT 1 + +rawbody MSWORD /application\/msword/ +describe MSWORD Has a word attachment +score MSWORD 2 + +meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID || SHIP_ID_INT ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD ) +describe FEDEX_ZIP Fedex package with zip file +score FEDEX_ZIP 7