You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by sm...@apache.org on 2013/03/22 23:02:23 UTC
svn commit: r1460025 - /spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf
Author: smf
Date: Fri Mar 22 22:02:23 2013
New Revision: 1460025
URL: http://svn.apache.org/r1460025
Log:
Sandbox updates
Modified:
spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf
Modified: spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf?rev=1460025&r1=1460024&r2=1460025&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/smf/20_smf.cf Fri Mar 22 22:02:23 2013
@@ -118,3 +118,14 @@ meta FSL_TO_ROLE_BULK (__FSL_TO
describe FSL_TO_ROLE_BULK Bulk signature and to a role account
score FSL_TO_ROLE_BULK 1.0
+# Received: from hwyhsxwaxz (amandacallow@113.162.65.176 with login) by
+header __FSL_YAHOO_AUTH1 Received =~ /from [a-z]{10} \([^\@ ]+\@\d+\.\d+\.\d+\.\d+ with (?:plain|login)\) /
+# Received: from localhost (rhinotrick@46.185.178.15 with login) by
+header __FSL_YAHOO_AUTH2 Received =~ /from localhost \([^\@ ]+\@\d+\.\d+\.\d+\.\d+ with (?:plain|login)\) /
+meta FSL_YAHOO_AUTH_SIG (__FSL_RELAY_YAHOO && (__FSL_YAHOO_AUTH1 || __FSL_YAHOO_AUTH2))
+describe FSL_YAHOO_AUTH_SIG Yahoo SMTP AUTH observed patterns
+score FSL_YAHOO_AUTH_SIG 5.0
+
+header FSL_PHP_EXPLOIT_41 X-PHP-Script =~ / 41\.\d+\.\d+\.\d+\b/
+describe FSL_PHP_EXPLOIT_41 PHP Script being run by someone in Africa
+score FSL_PHP_EXPLOIT_41 3.0