X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fvirus_spam;h=cb2f0ae7d2235eaea994ce37e88361c05b2317aa;hp=6de061cffa4fbf5d37cf4dba7214188337539755;hb=b387f2f7e58aa81fbf565bc4f70d27a72996eea0;hpb=2b31230fe3be69fefe817ff8f3decf6bf7e817cb

diff --git a/common/virus_spam b/common/virus_spam
index 6de061c..cb2f0ae 100644
--- a/common/virus_spam
+++ b/common/virus_spam
@@ -95,6 +95,19 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/FedEx International/i
+header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problem with).*(item|parcel)|shipment delivery problem|delivery notification/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
+
+#don 2016-11-04
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.)\s*\d{8,}\s*$/
+describe SHIPPING_ID Contains a long ID number at the end
+score SHIPPING_ID 3
+
+rawbody MSWORD    /application\/msword/
+describe MSWORD   Has a word attachment
+score MSWORD      2
+
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID ) && ( ZIPCOMPRESSED || ZIPFILE || MSWORD )
+describe FEDEX_ZIP Fedex package with zip file
+score FEDEX_ZIP 3