You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2020/08/06 18:12:31 UTC
svn commit: r1880645 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Thu Aug 6 18:12:31 2020
New Revision: 1880645
URL: http://svn.apache.org/viewvc?rev=1880645&view=rev
Log:
More 4-byte-Unicode rules prompted by bug 7844
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1880645&r1=1880644&r2=1880645&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Aug 6 18:12:31 2020
@@ -2983,6 +2983,20 @@ meta SUSP_UTF8_WORD_MANY _
describe SUSP_UTF8_WORD_MANY Many words using only suspicious UTF-8 characters
score SUSP_UTF8_WORD_MANY 3.000 # limit
+meta SUSP_UTF8_WORD_COMBO __4BYTE_UTF8_WORD && ( __JM_REACTOR_DATE || __LIST_PARTIAL || __RDNS_NONE || __CLICK_HERE || __PHPMAILER_MUA || __STY_INVIS_2 || __TO___LOWER || __MSGID_OK_DIGITS )
+describe SUSP_UTF8_WORD_COMBO Words using only suspicious UTF-8 characters + other signs
+score SUSP_UTF8_WORD_COMBO 3.000 # limit
+
+header __4BYTE_UTF8_WORD_SUBJ Subject =~ /(?:\xf0\x9d[\x90-\x9f][\x80-\xbf]){3,10}/
+meta SUSP_UTF8_WORD_SUBJ __4BYTE_UTF8_WORD_SUBJ
+describe SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8 characters
+score SUSP_UTF8_WORD_SUBJ 2.000 # limit
+
+header __4BYTE_UTF8_WORD_FROM From:name =~ /(?:\xf0\x9d[\x90-\x9f][\x80-\xbf]){3,10}/
+meta SUSP_UTF8_WORD_FROM __4BYTE_UTF8_WORD_FROM
+describe SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8 characters
+score SUSP_UTF8_WORD_FROM 2.000 # limit
+
# observed by AC
rawbody __HTML_EMPTY_CELLS /<td>(?:<\/td><td>){5,}/i
tflags __HTML_EMPTY_CELLS multiple maxhits=3