add more matches for shipping spam master
authorDon Armstrong <don@donarmstrong.com>
Wed, 17 May 2017 20:53:42 +0000 (13:53 -0700)
committerDon Armstrong <don@donarmstrong.com>
Wed, 17 May 2017 20:54:28 +0000 (13:54 -0700)
common/virus_spam

index 5e88e97..fb5a2ea 100644 (file)
@@ -95,16 +95,16 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/(FedEx International|USPS courier)|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification|USPS delivery/i
+header FEDEXPACKAGE subject=~/(FedEx International|USPS courier)|((unable to|could not) deliver|problems? with).*(item|parcel)|shipment delivery problem|delivery notification|US?PS delivery/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
 #don 2016-11-04
-header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.|UPS(| parcel))\s*\d{7,}\s*\)?\s*($|shipment|delivery)/
+header SHIPPING_ID subject =~ /(ID:?|ID|\#|n\.|UPS(| parcel)|code:?)\s*\d{7,}\s*\)?\s*($|shipment|delivery)/
 describe SHIPPING_ID Contains a long ID number at the end or folled by shipment
 score SHIPPING_ID 3
 
-header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.|UPS(| parcel))\s*\d{7,}\s*/
+header SHIP_ID_INT subject =~ /(ID:?|ID|\#|n\.|UPS(| parcel)|code:?)\s*\d{7,}\s*/
 describe SHIP_ID_INT Contains a long ID number inside
 score SHIP_ID_INT 1