From 15becbc3f841c2be10a6196acc84e605a0cd5bf1 Mon Sep 17 00:00:00 2001
From: Don Armstrong <don@donarmstrong.com>
Date: Thu, 10 Nov 2016 09:00:35 -0800
Subject: [PATCH] change the FEDEXPACKAGE and ZIPFILE rules slightly

---
 common/virus_spam | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/virus_spam b/common/virus_spam
index 3654cb1..0d5dbe0 100644
--- a/common/virus_spam
+++ b/common/virus_spam
@@ -95,7 +95,7 @@ describe XEROX  Scanner malware
 score XEROX     4
 
 # don 2016-11-04
-header FEDEXPACKAGE subject=~/FedEx International|(unable to deliver|problem with).*(item|parcel)|shipment delivery problem|delivery notification/i
+header FEDEXPACKAGE subject=~/FedEx International|((unable to|could not) deliver|problem with).*(item|parcel)|shipment delivery problem|delivery notification/i
 describe FEDEXPACKAGE Fedex Package Virus spam
 score FEDEXPACKAGE 4
 
@@ -104,6 +104,6 @@ header SHIPPING_ID subject =~ /(ID:?|ID|\#)\s*\d{8,}\s*$/
 describe SHIPPING_ID Contains a long ID number at the end
 score SHIPPING_ID 3
 
-meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID ) && ZIPCOMPRESSED
+meta FEDEX_ZIP (FEDEXPACKAGE || SHIPPING_ID ) && ( ZIPCOMPRESSED | ZIPFILE )
 describe FEDEX_ZIP Fedex package with zip file
 score FEDEX_ZIP 3
-- 
2.39.2