You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2020/08/06 18:12:31 UTC

svn commit: r1880645 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Thu Aug  6 18:12:31 2020
New Revision: 1880645

URL: http://svn.apache.org/viewvc?rev=1880645&view=rev
Log:
More 4-byte-Unicode rules prompted by bug 7844

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1880645&r1=1880644&r2=1880645&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Aug  6 18:12:31 2020
@@ -2983,6 +2983,20 @@ meta       SUSP_UTF8_WORD_MANY         _
 describe   SUSP_UTF8_WORD_MANY         Many words using only suspicious UTF-8 characters
 score      SUSP_UTF8_WORD_MANY         3.000	# limit
 
+meta       SUSP_UTF8_WORD_COMBO        __4BYTE_UTF8_WORD && ( __JM_REACTOR_DATE || __LIST_PARTIAL || __RDNS_NONE || __CLICK_HERE || __PHPMAILER_MUA || __STY_INVIS_2 ||  __TO___LOWER || __MSGID_OK_DIGITS )
+describe   SUSP_UTF8_WORD_COMBO        Words using only suspicious UTF-8 characters + other signs
+score      SUSP_UTF8_WORD_COMBO        3.000	# limit
+
+header     __4BYTE_UTF8_WORD_SUBJ      Subject =~ /(?:\xf0\x9d[\x90-\x9f][\x80-\xbf]){3,10}/
+meta       SUSP_UTF8_WORD_SUBJ         __4BYTE_UTF8_WORD_SUBJ
+describe   SUSP_UTF8_WORD_SUBJ         Word in Subject using only suspicious UTF-8 characters
+score      SUSP_UTF8_WORD_SUBJ         2.000	# limit
+
+header     __4BYTE_UTF8_WORD_FROM      From:name =~ /(?:\xf0\x9d[\x90-\x9f][\x80-\xbf]){3,10}/
+meta       SUSP_UTF8_WORD_FROM         __4BYTE_UTF8_WORD_FROM
+describe   SUSP_UTF8_WORD_FROM         Word in From name using only suspicious UTF-8 characters
+score      SUSP_UTF8_WORD_FROM         2.000	# limit
+
 # observed by AC
 rawbody    __HTML_EMPTY_CELLS          /<td>(?:<\/td><td>){5,}/i
 tflags     __HTML_EMPTY_CELLS          multiple maxhits=3