You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/04/09 19:29:42 UTC
svn commit: r392786 - in /spamassassin/rules/trunk/sandbox/felicity:
70_other.cf 70_phishing.cf sandbox-felicity.pm
Author: felicity
Date: Sun Apr 9 10:29:40 2006
New Revision: 392786
URL: http://svn.apache.org/viewcvs?rev=392786&view=rev
Log:
more rule work
Modified:
spamassassin/rules/trunk/sandbox/felicity/70_other.cf
spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf
spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Sun Apr 9 10:29:40 2006
@@ -152,11 +152,10 @@
# 0.319 0.3774 0.0000 1.000 0.80 0.01 TVD_HAPPY_WITH
# 0.177 0.2093 0.0000 1.000 0.60 0.01 TVD_VISIT_SITE
# 0.098 0.1167 0.0000 1.000 0.20 0.01 TVD_FINGER_01
-meta TVD_FINGER_01 (TVD_HAPPY_WITH || TVD_GOT_UR) && TVD_VISIT_SITE
-meta TVD_FINGER_01_2 TVD_HAPPY_WITH || TVD_GOT_UR || TVD_VISIT_SITE
-body TVD_HAPPY_WITH /\b(?:satisfied|glad|complaining|happy|content) with (?:ur?|your (?:thing|unit))\b/i
-body TVD_GOT_UR /\bgot ur (?:msg|message|email)/i
-body TVD_VISIT_SITE /\bvisit (?:this site|here),? www\./i
+meta TVD_FINGER_01 __TVD_HAPPY_WITH || __TVD_GOT_UR || __TVD_VISIT_SITE
+body __TVD_HAPPY_WITH /\b(?:satisfied|glad|complaining|happy|content) with (?:ur?|your (?:thing|unit))\b/i
+body __TVD_GOT_UR /\bgot ur (?:msg|message|email)/i
+body __TVD_VISIT_SITE /\bvisit (?:this site|here),? www\./i
# fostering Program V Mail Client 5.0
# 0.174 0.2059 0.0000 1.000 0.40 0.01 TVD_UA_FOSTERING
Modified: spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_phishing.cf Sun Apr 9 10:29:40 2006
@@ -83,18 +83,23 @@
-loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
-ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#endif
+
+ifplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
# bug 4255: with some ideas from Fred Tarasevicius I came up with a rule that
# performs pretty decently, worthy of a general mass-check:
-# 0.214 0.2533 0.0000 1.000 1.00 0.01 T_HTTPS_HTTP_MISMATCH_1_14
-# 0.214 0.2533 0.0000 1.000 1.00 0.01 T_HTTPS_HTTP_MISMATCH_1_10
-# 0.214 0.2533 0.0000 1.000 1.00 0.01 T_HTTPS_HTTP_MISMATCH_1_12
-# 0.214 0.2533 0.0000 1.000 1.00 0.01 T_HTTPS_HTTP_MISMATCH_1_11
-# 0.214 0.2533 0.0000 1.000 1.00 0.01 T_HTTPS_HTTP_MISMATCH_1_13
-# 0.217 0.2533 0.0189 0.931 0.57 0.01 T_HTTPS_HTTP_MISMATCH_1_15
+# 0.186 0.2273 0.0030 0.987 0.66 0.01 T_HTTPS_HTTP_MISMATCH_1_12
+# 0.186 0.2273 0.0030 0.987 0.66 0.01 T_HTTPS_HTTP_MISMATCH_1_13
+# 0.185 0.2253 0.0015 0.993 0.66 0.01 T_HTTPS_HTTP_MISMATCH_1_10
+# 0.187 0.2280 0.0045 0.981 0.66 0.01 T_HTTPS_HTTP_MISMATCH_1_14
+# 0.186 0.2266 0.0030 0.987 0.66 0.01 T_HTTPS_HTTP_MISMATCH_1_11
+# 0.189 0.2280 0.0119 0.951 0.65 0.01 T_HTTPS_HTTP_MISMATCH_1_15
+# 0.003 0.0013 0.0089 0.129 0.43 0.01 T_HTTPS_HTTP_MISMATCH_11_15
+# 0.019 0.0013 0.0965 0.014 0.33 0.01 T_HTTPS_HTTP_MISMATCH_11_20
# generally, hams seem to have a lot of links, whereas phishing mails don't.
# so compare the domains between https? href and https anchor text, and flag
# if the number of anchors is inside the given range and the domains don't
@@ -104,15 +109,8 @@
# this rule. though the two rules are very similar and could definitely share
# code. if promoted, the two should get merged together to backup both rules.
-body T_HTTPS_HTTP_MISMATCH_1_10 eval:check_https_http_mismatch('1','10')
-body T_HTTPS_HTTP_MISMATCH_11_15 eval:check_https_http_mismatch('11','15')
-body T_HTTPS_HTTP_MISMATCH_11_20 eval:check_https_http_mismatch('11','20')
-
-body T_HTTPS_HTTP_MISMATCH_1_11 eval:check_https_http_mismatch('1','11')
-body T_HTTPS_HTTP_MISMATCH_1_12 eval:check_https_http_mismatch('1','12')
-body T_HTTPS_HTTP_MISMATCH_1_13 eval:check_https_http_mismatch('1','13')
-body T_HTTPS_HTTP_MISMATCH_1_14 eval:check_https_http_mismatch('1','14')
-body T_HTTPS_HTTP_MISMATCH_1_15 eval:check_https_http_mismatch('1','15')
+# used to be T_HTTPS_HTTP_MISMATCH_1_10, has the best results
+body HTTPS_HTTP_MISMATCH eval:check_https_http_mismatch('1','10')
endif
@@ -162,6 +160,7 @@
header T_TVD_PH_SUBJ_29 Subject =~ /^notice(?::|[\s\W]*$)/i
header T_TVD_PH_SUBJ_31 Subject =~ /^security verification\b/i
header T_TVD_PH_SUBJ_30 Subject =~ /^urgent(?:[\s\W]*$|.{1,40}(?:alert|response|assistance|proposal|reply|warning|noti(?:ce|fication)|greeting|help|matter))/i
+header T_TVD_PH_SUBJ_57 Subject =~ /^urgent(?:[\s\W]*$|.{1,40}(?:alert|response|assistance|proposal|reply|warning|noti(?:ce|fication)|greeting|matter))/i
header T_TVD_PH_SUBJ_36 Subject =~ /\bconsumer notice\b/i
header T_TVD_PH_SUBJ_37 Subject =~ /(?:\w+ )+valued member\b/i
@@ -188,4 +187,4 @@
header T_TVD_PH_SUBJ_59 Subject =~ /\bquestion from (?:\w+ )*member\b/i
meta T_TVD_PH_SUBJ_GOOD T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_30 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61
-meta T_TVD_PH_SUBJ_GOOD2 T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61
+meta T_TVD_PH_SUBJ_GOOD2 T_TVD_PH_SUBJ_00 || T_TVD_PH_SUBJ_02 || T_TVD_PH_SUBJ_04 || T_TVD_PH_SUBJ_05 || T_TVD_PH_SUBJ_06 || T_TVD_PH_SUBJ_07 || T_TVD_PH_SUBJ_08 || T_TVD_PH_SUBJ_10 || T_TVD_PH_SUBJ_12 || T_TVD_PH_SUBJ_15 || T_TVD_PH_SUBJ_16 || T_TVD_PH_SUBJ_17 || T_TVD_PH_SUBJ_19 || T_TVD_PH_SUBJ_20 || T_TVD_PH_SUBJ_21 || T_TVD_PH_SUBJ_22 || T_TVD_PH_SUBJ_24 || T_TVD_PH_SUBJ_25 || T_TVD_PH_SUBJ_29 || T_TVD_PH_SUBJ_31 || T_TVD_PH_SUBJ_36 || T_TVD_PH_SUBJ_37 || T_TVD_PH_SUBJ_38 || T_TVD_PH_SUBJ_39 || T_TVD_PH_SUBJ_41 || T_TVD_PH_SUBJ_42 || T_TVD_PH_SUBJ_43 || T_TVD_PH_SUBJ_44 || T_TVD_PH_SUBJ_46 || T_TVD_PH_SUBJ_47 || T_TVD_PH_SUBJ_48 || T_TVD_PH_SUBJ_50 || T_TVD_PH_SUBJ_52 || T_TVD_PH_SUBJ_54 || T_TVD_PH_SUBJ_56 || T_TVD_PH_SUBJ_57 || T_TVD_PH_SUBJ_58 || T_TVD_PH_SUBJ_59 || T_TVD_PH_SUBJ_61
Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?rev=392786&r1=392785&r2=392786&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Sun Apr 9 10:29:40 2006
@@ -36,73 +36,9 @@
bless ($self, $class);
# the important bit!
- $self->register_eval_rule ("check_https_http_mismatch");
+# $self->register_eval_rule ("check_https_http_mismatch");
return $self;
-}
-
-# <a href="http://baboz-njeryz.de/">https://bankofamerica.com/</a>
-sub check_https_http_mismatch {
- my ($self, $permsgstatus, undef, $minanchors, $maxanchors) = @_;
-
- $minanchors ||= 1;
-
- if (!exists $permsgstatus->{chhm_hit}) {
- $permsgstatus->{chhm_hit} = 0;
- $permsgstatus->{chhm_anchors} = 0;
-
- foreach my $v ( values %{$permsgstatus->{html}->{uri_detail}} ) {
- # if the URI wasn't used for an anchor tag, or the anchor text didn't
- # exist, skip this.
- next unless (exists $v->{anchor_text} && @{$v->{anchor_text}});
-
- my $uri;
- foreach (@{$v->{cleaned}}) {
- if (m@^https?://([^/:]+)@i) {
- $uri = $1;
-
- # Skip IPs since there's another rule to catch that already
- if ($uri =~ /^\d+\.\d+\.\d+\.\d+$/) {
- undef $uri;
- next;
- }
-
- # want to compare whole hostnames instead of domains?
- # comment this next section to the blank line.
- $uri = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain($uri);
- undef $uri unless (Mail::SpamAssassin::Util::RegistrarBoundaries::is_domain_valid($uri));
-
- last if $uri;
- }
- }
-
- next unless $uri;
- $permsgstatus->{chhm_anchors}++ if exists $v->{anchor_text};
-
- foreach (@{$v->{anchor_text}}) {
- if (m@https://([^/:]+)@i) {
- my $https = $1;
-
- # want to compare whole hostnames instead of domains?
- # comment this next section to the blank line.
- if ($https !~ /^\d+\.\d+\.\d+\.\d+$/) {
- $https = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain($https);
- undef $https unless (Mail::SpamAssassin::Util::RegistrarBoundaries::is_domain_valid($https));
- }
- next unless $https;
-
- dbg("https_http_mismatch: domains $uri -> $https");
-
- next if $uri eq $https;
- $permsgstatus->{chhm_hit} = 1;
- last;
- }
- }
- }
- dbg("https_http_mismatch: anchors ".$permsgstatus->{chhm_anchors});
- }
-
- return ( $permsgstatus->{chhm_hit} && $permsgstatus->{chhm_anchors} >= $minanchors && (defined $maxanchors && $permsgstatus->{chhm_anchors} < $maxanchors) );
}
1;