You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/04/09 19:29:42 UTC

svn commit: r392786 - in /spamassassin/rules/trunk/sandbox/felicity: 70_other.cf 70_phishing.cf sandbox-felicity.pm

Author: felicity
Date: Sun Apr  9 10:29:40 2006
New Revision: 392786

URL: http://svn.apache.org/viewcvs?rev=392786&view=rev
Log:
more rule work

Modified:
    spamassassin/rules/trunk/sandbox/felicity/70_other.cf
    spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf
    spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm

Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Sun Apr  9 10:29:40 2006
@@ -152,11 +152,10 @@
 # 0.319   0.3774   0.0000    1.000   0.80    0.01  TVD_HAPPY_WITH
 # 0.177   0.2093   0.0000    1.000   0.60    0.01  TVD_VISIT_SITE
 # 0.098   0.1167   0.0000    1.000   0.20    0.01  TVD_FINGER_01
-meta TVD_FINGER_01	(TVD_HAPPY_WITH || TVD_GOT_UR) && TVD_VISIT_SITE
-meta TVD_FINGER_01_2	TVD_HAPPY_WITH || TVD_GOT_UR || TVD_VISIT_SITE
-body TVD_HAPPY_WITH	/\b(?:satisfied|glad|complaining|happy|content) with (?:ur?|your (?:thing|unit))\b/i
-body TVD_GOT_UR		/\bgot ur (?:msg|message|email)/i
-body TVD_VISIT_SITE	/\bvisit (?:this site|here),? www\./i
+meta TVD_FINGER_01	__TVD_HAPPY_WITH || __TVD_GOT_UR || __TVD_VISIT_SITE
+body __TVD_HAPPY_WITH	/\b(?:satisfied|glad|complaining|happy|content) with (?:ur?|your (?:thing|unit))\b/i
+body __TVD_GOT_UR	/\bgot ur (?:msg|message|email)/i
+body __TVD_VISIT_SITE	/\bvisit (?:this site|here),? www\./i
 
 # fostering Program V Mail Client 5.0
 # 0.174   0.2059   0.0000    1.000   0.40    0.01  TVD_UA_FOSTERING

Modified: spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf Sun Apr  9 10:29:40 2006
@@ -83,18 +83,23 @@
 
 
 
-loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
 
-ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#endif
+
+ifplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
 
 # bug 4255: with some ideas from Fred Tarasevicius I came up with a rule that
 # performs pretty decently, worthy of a general mass-check:
-# 0.214   0.2533   0.0000    1.000   1.00    0.01  T_HTTPS_HTTP_MISMATCH_1_14
-# 0.214   0.2533   0.0000    1.000   1.00    0.01  T_HTTPS_HTTP_MISMATCH_1_10
-# 0.214   0.2533   0.0000    1.000   1.00    0.01  T_HTTPS_HTTP_MISMATCH_1_12
-# 0.214   0.2533   0.0000    1.000   1.00    0.01  T_HTTPS_HTTP_MISMATCH_1_11
-# 0.214   0.2533   0.0000    1.000   1.00    0.01  T_HTTPS_HTTP_MISMATCH_1_13
-# 0.217   0.2533   0.0189    0.931   0.57    0.01  T_HTTPS_HTTP_MISMATCH_1_15
+# 0.186   0.2273   0.0030    0.987   0.66    0.01  T_HTTPS_HTTP_MISMATCH_1_12
+# 0.186   0.2273   0.0030    0.987   0.66    0.01  T_HTTPS_HTTP_MISMATCH_1_13
+# 0.185   0.2253   0.0015    0.993   0.66    0.01  T_HTTPS_HTTP_MISMATCH_1_10
+# 0.187   0.2280   0.0045    0.981   0.66    0.01  T_HTTPS_HTTP_MISMATCH_1_14
+# 0.186   0.2266   0.0030    0.987   0.66    0.01  T_HTTPS_HTTP_MISMATCH_1_11
+# 0.189   0.2280   0.0119    0.951   0.65    0.01  T_HTTPS_HTTP_MISMATCH_1_15
+# 0.003   0.0013   0.0089    0.129   0.43    0.01  T_HTTPS_HTTP_MISMATCH_11_15
+# 0.019   0.0013   0.0965    0.014   0.33    0.01  T_HTTPS_HTTP_MISMATCH_11_20
 # generally, hams seem to have a lot of links, whereas phishing mails don't.
 # so compare the domains between https? href and https anchor text, and flag
 # if the number of anchors is inside the given range and the domains don't
@@ -104,15 +109,8 @@
 # this rule.  though the two rules are very similar and could definitely share
 # code.  if promoted, the two should get merged together to backup both rules.
 
-body  T_HTTPS_HTTP_MISMATCH_1_10 eval:check_https_http_mismatch('1','10')
-body  T_HTTPS_HTTP_MISMATCH_11_15 eval:check_https_http_mismatch('11','15')
-body  T_HTTPS_HTTP_MISMATCH_11_20 eval:check_https_http_mismatch('11','20')
-
-body  T_HTTPS_HTTP_MISMATCH_1_11 eval:check_https_http_mismatch('1','11')
-body  T_HTTPS_HTTP_MISMATCH_1_12 eval:check_https_http_mismatch('1','12')
-body  T_HTTPS_HTTP_MISMATCH_1_13 eval:check_https_http_mismatch('1','13')
-body  T_HTTPS_HTTP_MISMATCH_1_14 eval:check_https_http_mismatch('1','14')
-body  T_HTTPS_HTTP_MISMATCH_1_15 eval:check_https_http_mismatch('1','15')
+# used to be T_HTTPS_HTTP_MISMATCH_1_10, has the best results
+body  HTTPS_HTTP_MISMATCH eval:check_https_http_mismatch('1','10')
 
 endif
 
@@ -162,6 +160,7 @@
 header T_TVD_PH_SUBJ_29		Subject =~ /^notice(?::|[\s\W]*$)/i
 header T_TVD_PH_SUBJ_31		Subject =~ /^security verification\b/i
 header T_TVD_PH_SUBJ_30		Subject =~ /^urgent(?:[\s\W]*$|.{1,40}(?:alert|response|assistance|proposal|reply|warning|noti(?:ce|fication)|greeting|help|matter))/i
+header T_TVD_PH_SUBJ_57		Subject =~ /^urgent(?:[\s\W]*$|.{1,40}(?:alert|response|assistance|proposal|reply|warning|noti(?:ce|fication)|greeting|matter))/i
 
 header T_TVD_PH_SUBJ_36		Subject =~ /\bconsumer notice\b/i
 header T_TVD_PH_SUBJ_37		Subject =~ /(?:\w+ )+valued member\b/i
@@ -188,4 +187,4 @@
 header T_TVD_PH_SUBJ_59		Subject =~ /\bquestion from (?:\w+ )*member\b/i
 
 meta T_TVD_PH_SUBJ_GOOD T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_30 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61
-meta T_TVD_PH_SUBJ_GOOD2 T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61
+meta T_TVD_PH_SUBJ_GOOD2 T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_57 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61

Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Sun Apr  9 10:29:40 2006
@@ -36,73 +36,9 @@
   bless ($self, $class);
 
   # the important bit!
-  $self->register_eval_rule ("check_https_http_mismatch");
+#  $self->register_eval_rule ("check_https_http_mismatch");
 
   return $self;
-}
-
-# <a href="http://baboz-njeryz.de/">https://bankofamerica.com/</a>
-sub check_https_http_mismatch {
-  my ($self, $permsgstatus, undef, $minanchors, $maxanchors) = @_;
-
-  $minanchors ||= 1;
-
-  if (!exists $permsgstatus->{chhm_hit}) {
-    $permsgstatus->{chhm_hit} = 0;
-    $permsgstatus->{chhm_anchors} = 0;
-
-    foreach my $v ( values %{$permsgstatus->{html}->{uri_detail}} ) {
-      # if the URI wasn't used for an anchor tag, or the anchor text didn't
-      # exist, skip this.
-      next unless (exists $v->{anchor_text} && @{$v->{anchor_text}});
-
-      my $uri;
-      foreach (@{$v->{cleaned}}) {
-        if (m@^https?://([^/:]+)@i) {
-	  $uri = $1;
-
-	  # Skip IPs since there's another rule to catch that already
-          if ($uri =~ /^\d+\.\d+\.\d+\.\d+$/) {
-            undef $uri;
-            next;
-          }
-
-	  # want to compare whole hostnames instead of domains?
-	  # comment this next section to the blank line.
-	  $uri = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain($uri);
-          undef $uri unless (Mail::SpamAssassin::Util::RegistrarBoundaries::is_domain_valid($uri));
-
-	  last if $uri;
-        }
-      }
-
-      next unless $uri;
-      $permsgstatus->{chhm_anchors}++ if exists $v->{anchor_text};
-
-      foreach (@{$v->{anchor_text}}) {
-        if (m@https://([^/:]+)@i) {
-          my $https = $1;
-
-	  # want to compare whole hostnames instead of domains?
-	  # comment this next section to the blank line.
-          if ($https !~ /^\d+\.\d+\.\d+\.\d+$/) {
-	    $https = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain($https);
-            undef $https unless (Mail::SpamAssassin::Util::RegistrarBoundaries::is_domain_valid($https));
-          }
-	  next unless $https;
-
-	  dbg("https_http_mismatch: domains $uri -> $https");
-
-	  next if $uri eq $https;
-	  $permsgstatus->{chhm_hit} = 1;
-	  last;
-        }
-      }
-    }
-    dbg("https_http_mismatch: anchors ".$permsgstatus->{chhm_anchors});
-  }
-
-  return ( $permsgstatus->{chhm_hit} && $permsgstatus->{chhm_anchors} >= $minanchors && (defined $maxanchors && $permsgstatus->{chhm_anchors} < $maxanchors) );
 }
 
 1;