You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/07/04 15:25:20 UTC
svn commit: r553200 - in /spamassassin/rules/trunk/sandbox/jm: 20_basic.cf
20_xmailer.cf 70_tt_drugs.cf
Author: jm
Date: Wed Jul 4 06:25:18 2007
New Revision: 553200
URL: http://svn.apache.org/viewvc?view=rev&rev=553200
Log:
add 'publish' to all the rules in my sandbox which I want to possibly appear in updates (assuming they're good enough)
Modified:
spamassassin/rules/trunk/sandbox/jm/20_basic.cf
spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf
spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=553200&r1=553199&r2=553200
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Wed Jul 4 06:25:18 2007
@@ -4,29 +4,36 @@
# compiler will take care of the hard work of copying them around for me, while
# they're still working well.
+tflags MID_DEGREES publish
header MID_DEGREES Message-ID =~ /^<\d{14}\.[A-F0-9]{10}\@[A-Z0-9]+>$/
## score MID_DEGREES 3
+tflags URI_L_PHP publish
uri URI_L_PHP /\/l\.php\?\d/
# from Clifton
# Been seeing broken message IDs for a long time, e.g. Message-Id<KKdj[20
# usually/always? associated with an empty message. Suspect broken spamware.
header TT_MSGID_TRUNC Message-Id =~ /^\s*<?[^<>\s]+\[\d+$/
+tflags TT_MSGID_TRUNC publish
describe TT_MSGID_TRUNC Scora: Message-Id ends after left-bracket + digits
# testing for Dave Funk (mail of 11/16); compare with AXB_FAKETZ, GMD_FAKETZ.
# pretty good; less FPs than AXB_FAKETZ, however, same FP level but less 0.01%
# less hits than GMD_FAKETZ, so that's still better
+tflags L_SPAM_TOOL_13 publish
header L_SPAM_TOOL_13 Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/
## score L_SPAM_TOOL_13 3.0
# broken spamware sending spam with headers in the body
+tflags BROKEN_RATWARE_BOM publish
body BROKEN_RATWARE_BOM /^\xEF\xBB\xBFMessage-ID:/
# persistent spamhaus, getting past a lot of bad stuff
+tflags RCVD_LSO_SND publish
header RCVD_LSO_SND X-Spam-Relays-Untrusted =~ /rdns=\S+\.lso-snd\.com /
+tflags JM_RCVD_QMAILV1 publish
header JM_RCVD_QMAILV1 Received =~ /by \S+ \(Qmailv1\) with ESMTP/
# ---------------------------------------------------------------------------
@@ -56,16 +63,19 @@
mimeheader __PART_STOCK_CD_F Content-Disposition =~ /filename/
meta PART_CID_STOCK (__ANY_IMAGE_ATTACH&&__PART_STOCK_CID&&!__PART_STOCK_CL&&!__PART_STOCK_CD_F)
+tflags PART_CID_STOCK publish
describe PART_CID_STOCK Has a spammy image attachment (by Content-ID)
## score PART_CID_STOCK 2.0
# more specific, 0 ham hits
mimeheader __PART_CID_STOCK_LESS Content-ID =~ /^<00[a-f0-9]{10}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[A-Za-z]+>$/
meta PART_CID_STOCK_LESS (__ANY_IMAGE_ATTACH&&__PART_CID_STOCK_LESS)
+tflags PART_CID_STOCK_LESS publish
describe PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID, more specific)
## score PART_CID_STOCK_LESS 2.0
mimeheader CTYPE_1SPACE_GIF Content-Type:raw =~ /image\/gif;\n name=\".+?\"\s*$/s
+tflags CTYPE_1SPACE_GIF publish
describe CTYPE_1SPACE_GIF Stock spam image part 'Content-Type' found
## score CTYPE_1SPACE_GIF 1.0
@@ -73,44 +83,53 @@
# catches "by jmason.org with esmtp (;4OZ*/H/)>7. 4.2-+*)" gibberish
header RCVD_FORGED_WROTE Received =~ / by \S+ with esmtp \([^a-z ]{6,} [^a-z ]{3,}\) id/
+tflags RCVD_FORGED_WROTE publish
describe RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)
## score RCVD_FORGED_WROTE 2.8
header __MIMEOLE_1106 X-MimeOLE =~ /^Produced By Microsoft MimeOLE V6.00.2800.1106$/
header __MAILER_OL_5510 X-Mailer =~ /^Microsoft Office Outlook, Build 11.0.5510$/
meta DRUGS_STOCK_MIMEOLE (__MIMEOLE_1106 && __MAILER_OL_5510)
+tflags DRUGS_STOCK_MIMEOLE publish
describe DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)
## score DRUGS_STOCK_MIMEOLE 2.0
# Suresh: 'Finding "mail.com", "post.com" etc in a received header is ALWAYS bogus'
header RCVD_MAIL_COM Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
+tflags RCVD_MAIL_COM publish
describe RCVD_MAIL_COM Forged Received header (contains post.com or mail.com)
## score RCVD_MAIL_COM 3.0
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader CTYPE_8SPACE_GIF Content-Type:raw =~ /^image\/gif;\n {8}name=\".+?\"$/s
+tflags CTYPE_8SPACE_GIF publish
describe CTYPE_8SPACE_GIF Stock spam image part 'Content-Type' found (8 spc)
## score CTYPE_8SPACE_GIF 2.0
endif
header OUTLOOK_3416 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.3416$/
+tflags OUTLOOK_3416 publish
describe OUTLOOK_3416 Claims to be sent by an unusual build of Outlook (3416)
## score OUTLOOK_3416 2.0
# this seems to appear with a faked 'Microsoft Office Outlook' X-Mailer
+tflags MID_14DIGITS_HEX publish
header MID_14DIGITS_HEX Message-ID =~ /^<[0-9]{14}\.[A-F0-9]{10}\@[0-9A-Z]+$/
## score MID_14DIGITS_HEX 2.8
header __HELO_NO_DOMAIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^\.]+ /
meta STOCK_IMG_HDR_FROM (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&TVD_FW_GRAPHIC_ID1&&__HTML_IMG_ONLY)
+tflags STOCK_IMG_HDR_FROM publish
describe STOCK_IMG_HDR_FROM Stock spam image part, with distinctive From line
meta STOCK_IMG_HTML (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__PART_STOCK_CID&&__HTML_IMG_ONLY)
+tflags STOCK_IMG_HTML publish
describe STOCK_IMG_HTML Stock spam image part, with distinctive HTML
header __XM_MS_IN_GENERAL X-Mailer =~ /\bMSCRM\b|Microsoft (?:CDO|Outlook|Office Outlook)\b/
meta STOCK_IMG_OUTLOOK (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__XM_MS_IN_GENERAL&&__HTML_LENGTH_1536_2048)
+tflags STOCK_IMG_OUTLOOK publish
describe STOCK_IMG_OUTLOOK Stock spam image part, with Outlook-like features
# Spammy X-Mailer version strings; no longer seen in ham, due to MS'
@@ -125,61 +144,78 @@
header __XM_OL_10_0_4115 X-Mailer =~ /^Microsoft Outlook, Build 10.0.4115$/
header __XM_OL_4_72_2106_4 X-Mailer =~ /^Microsoft Outlook Express 4.72.2106.4$/
meta SPAMMY_XMAILER (__XM_OL_29196700||__XM_OL_48071700||__XM_OL_28001441||__XM_OL_29196600||__XM_OL_49631700||__XM_OL_48072300||__XM_OL_28004682||__XM_OL_10_0_4115||__XM_OL_4_72_2106_4)
+tflags SPAMMY_XMAILER publish
describe SPAMMY_XMAILER X-Mailer string is common in spam and not in ham
meta SHORT_HELO_AND_INLINE_IMAGE (__HELO_NO_DOMAIN && __ANY_IMAGE_ATTACH)
+tflags SHORT_HELO_AND_INLINE_IMAGE publish
describe SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
# backported to here
# ---------------------------------------------------------------------------
meta DYN_RDNS_AND_INLINE_IMAGE (RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
+tflags DYN_RDNS_AND_INLINE_IMAGE publish
describe DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic rDNS
meta DYN_RDNS_SHORT_HELO_HTML (__HELO_NO_DOMAIN && RDNS_DYNAMIC && HTML_MESSAGE)
+tflags DYN_RDNS_SHORT_HELO_HTML publish
describe DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
meta DYN_RDNS_SHORT_HELO_IMAGE (__HELO_NO_DOMAIN && RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
+tflags DYN_RDNS_SHORT_HELO_IMAGE publish
describe DYN_RDNS_SHORT_HELO_IMAGE Short HELO string, dynamic rDNS, inline image
header __HDR_ORDER_FTSDMCXXXX ALL =~ /\nFrom: .{1,80}?\nTo: .{1,80}?\nSubject: .{1,200}?\nDate: .{1,40}?\nMIME-Version: .{1,40}?\nContent-Type: .{1,120}?\nX-Priority: .{1,40}?\nX-MSMail-Priority: .{1,40}?\nX-Mailer: .{1,80}?\nX-MimeOLE:/s
header __MID_START_001C Message-ID =~ /^<000001c/
meta HDR_ORDER_FTSDMCXX_BAT (__HDR_ORDER_FTSDMCXXXX && __BAT_BOUNDARY)
+tflags HDR_ORDER_FTSDMCXX_BAT publish
describe HDR_ORDER_FTSDMCXX_BAT Header order similar to spam (FTSDMCXX/boundary variant)
meta HDR_ORDER_FTSDMCXX_001C (__HDR_ORDER_FTSDMCXXXX && __MID_START_001C)
+tflags HDR_ORDER_FTSDMCXX_001C publish
describe HDR_ORDER_FTSDMCXX_001C Header order similar to spam (FTSDMCXX/MID variant)
# "Tora" spam
header __MAILER_OL_6626 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.6626$/
header __MOLE_2962 X-MimeOLE =~ /^Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962$/
header __NAKED_TO To =~ /^[^\s<>]+\@[^\s<>]+$/
+tflags JM_TORA_XM publish
meta JM_TORA_XM (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
# HELO as localhost. we should really be rejecting this at MTA, but hey.
# it seems most of us let these slip through our MTA configs; 3% of spam, no FPs
+tflags HELO_LOCALHOST publish
header HELO_LOCALHOST X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost /i
+tflags DIV_CENTER_A_HREF publish
full DIV_CENTER_A_HREF /<DIV align=3Dcenter><A href=3D=\n/
+tflags HELO_OEM publish
header HELO_OEM X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pc|oem\S*) /i
+tflags YOUR_CRD_RATING publish
body YOUR_CRD_RATING /Your cr[d\.]* (?:scor|rat)ing doesn.t matter/
body __DEAR_HOMEOWNER /\bDear Home Owner\b/
body __APPROVAL_MGR /\bApproval Manager\b/
body __YOUR_MONTHLY /\byour monthly payments by\b/
+tflags DEAR_HOMEOWNER publish
meta DEAR_HOMEOWNER (__DEAR_HOMEOWNER+__APPROVAL_MGR+__YOUR_MONTHLY == 3)
+tflags HELO_FRIEND publish
header HELO_FRIEND X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=friend /i
+tflags MIME_BOUND_EQ_REL publish
header MIME_BOUND_EQ_REL Content-Type =~ /boundary="=====================_\d+==\.REL"/s
body __DBLCLAIM /avoid double claiming/
body __CASHPRZ /cash prize of/
+tflags LOTTERY_1 publish
meta LOTTERY_1 (__DBLCLAIM && __CASHPRZ)
# blast from the past! seen in the recent "PUBLICIDAD POR EMAIL" spam
+tflags X_LIBRARY publish
header X_LIBRARY X-Library =~ /^Indy/
# ---------------------------------------------------------------------------
@@ -194,27 +230,38 @@
endif
meta STOCK_IMG_CTYPE (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__CTYPE_ONETAB_GIF&&__HTML_IMG_ONLY)
+tflags STOCK_IMG_CTYPE publish
describe STOCK_IMG_CTYPE Stock spam image part, with distinctive Content-Type header
# this is a trick from Spambouncer -- thx Catherine!
uri __HAS_ANY_URI /./
body __HAS_ANY_EMAIL /\w@\S+\.\w/
+tflags SB_GIF_AND_NO_URIS publish
meta SB_GIF_AND_NO_URIS (__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)
# note: no dots allowed in hostname
+tflags MID_START_001C_2 publish
header MID_START_001C_2 Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[A-Za-z0-9_]{2,16}$/
+tflags MID_START_001C_3 publish
header MID_START_001C_3 Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[a-z]{4,8}$/
+tflags MID_START_001C_LOCALHOST publish
header MID_START_001C_LOCALHOST Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@localhost$/
+tflags CTYPE_001C_A publish
header CTYPE_001C_A Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0001_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
+tflags CTYPE_001C_B publish
header CTYPE_001C_B Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0000_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
header __MSOE_MID_WRONG_CASE ALL =~ /\nMessage-Id: /
header __XM_OUTLOOK_EXPRESS X-Mailer =~ /^Microsoft Outlook Express \d/
+tflags MSOE_MID_WRONG_CASE publish
meta MSOE_MID_WRONG_CASE (__XM_OUTLOOK_EXPRESS && __MSOE_MID_WRONG_CASE && !__MIMEOLE_1106)
+tflags STOX_REPLY_TYPE publish
header STOX_REPLY_TYPE Content-Type =~ /text\/plain; .* reply-type=original/
+tflags CURR_PRICE publish
body CURR_PRICE /\bCurrent Price:/
+tflags STOX_AND_PRICE publish
meta STOX_AND_PRICE CURR_PRICE && STOX_REPLY_TYPE
# bug 5224: basic OE multipart/related check. see what the overlaps
@@ -224,11 +271,15 @@
tflags OE_MULTIPART_RELATED nopublish
# more trials of bad HELO strings
+tflags HELO_LH_LD publish
header HELO_LH_LD X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost\.localdomain /i
+tflags HELO_LH_HOME publish
header HELO_LH_HOME X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\.(?:home|lan) /i
+tflags HELO_ADMIN publish
header HELO_ADMIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=admin\S* /i
# aim at the 'Dear Home Owner' spam
+tflags RCVD_FROM_EXTRA_SPC publish
header RCVD_FROM_EXTRA_SPC Received =~ /^from [a-zA-Z]/
# requested experiment: PBL hitrates on URIs
@@ -245,22 +296,27 @@
uri __URI_C_VAL /^https?:[\/\\]*[0-9a-z\#\.-]{5,99}($|\/|\#|\?|\;\|:)/i
uri __URI_C_HTTP /^http/i
meta URI_C_DOM_ODD __URI_C_HTTP && !__URI_C_VAL
+tflags URI_C_DOM_ODD publish
describe URI_C_DOM_ODD fscked domain name
body __DRUG_RA_PRICE1 /\S{3,}ra \D{0,4}3\D{0,4}35\b/
body __DRUG_RA_PRICE2 / remove \"/i
+tflags DRUG_RA_PRICE publish
meta DRUG_RA_PRICE (__DRUG_RA_PRICE1 && __DRUG_RA_PRICE2)
# interesting template, thanks Jeff
+tflags TEMPLATE_203_RCVD publish
header TEMPLATE_203_RCVD Received =~ /from 192.168.0.\d+ \(203-219-/
-
# bug 4892: compare against FUZZY_XPILL
+tflags FUZZY_XPILL_BUG4892 publish
body FUZZY_XPILL_BUG4892 /<inter W3><post P2>(?!xanax)\b<X><A><N><A><X>/i
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+tflags OEBOUND publish
mimeheader OEBOUND Content-Type =~ /boundary=.----=_1OEBOUND;./
endif
+tflags STOX_RCVD_N_NN_N publish
header STOX_RCVD_N_NN_N Received =~ / by \d+\.\d+\.\d+\.\d+ \(\d\.\d\d\.\d\/\d\.\d\d\.\d\) with SMTP id [\dA-Za-z]+\;/
Modified: spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf?view=diff&rev=553200&r1=553199&r2=553200
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf Wed Jul 4 06:25:18 2007
@@ -3,189 +3,236 @@
header __XM_OL_8E893 X-Mailer =~ /Microsoft\ Outlook\,\ Build\ 10\.0\.2616/
header __MO_OL_8E893 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V10\.0\.2616/
+tflags XMAILER_MIMEOLE_OL_8E893 publish
meta XMAILER_MIMEOLE_OL_8E893 (__XM_OL_8E893 && __MO_OL_8E893)
header __XM_OL_A50F8 X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4922\.1500/
header __MO_OL_A50F8 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4922\.1500/
+tflags XMAILER_MIMEOLE_OL_A50F8 publish
meta XMAILER_MIMEOLE_OL_A50F8 (__XM_OL_A50F8 && __MO_OL_A50F8)
header __XM_OL_32D97 X-Mailer =~ /Microsoft\ Outlook\ IMO\,\ Build\ 9\.0\.2416\ \(9\.0\.2910\.0\)/
header __MO_OL_32D97 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V9\.0\.2416/
+tflags XMAILER_MIMEOLE_OL_32D97 publish
meta XMAILER_MIMEOLE_OL_32D97 (__XM_OL_32D97 && __MO_OL_32D97)
header __XM_OL_B9B11 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2462\.0000/
header __MO_OL_B9B11 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2462\.0000/
+tflags XMAILER_MIMEOLE_OL_B9B11 publish
meta XMAILER_MIMEOLE_OL_B9B11 (__XM_OL_B9B11 && __MO_OL_B9B11)
header __XM_OL_4B815 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.2730\.2/
header __MO_OL_4B815 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.2730\.2/
+tflags XMAILER_MIMEOLE_OL_4B815 publish
meta XMAILER_MIMEOLE_OL_4B815 (__XM_OL_4B815 && __MO_OL_4B815)
header __XM_OL_3D61D X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.2244\.8/
header __MO_OL_3D61D X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.2244\.8/
+tflags XMAILER_MIMEOLE_OL_3D61D publish
meta XMAILER_MIMEOLE_OL_3D61D (__XM_OL_3D61D && __MO_OL_3D61D)
header __XM_OL_20C99 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3338\.1/
header __MO_OL_20C99 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3338\.1/
+tflags XMAILER_MIMEOLE_OL_20C99 publish
meta XMAILER_MIMEOLE_OL_20C99 (__XM_OL_20C99 && __MO_OL_20C99)
header __XM_OL_CAC8F X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.1712\.3/
header __MO_OL_CAC8F X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.1712\.3/
+tflags XMAILER_MIMEOLE_OL_CAC8F publish
meta XMAILER_MIMEOLE_OL_CAC8F (__XM_OL_CAC8F && __MO_OL_CAC8F)
header __XM_OL_09BB4 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3155\.0/
header __MO_OL_09BB4 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3155\.0/
+tflags XMAILER_MIMEOLE_OL_09BB4 publish
meta XMAILER_MIMEOLE_OL_09BB4 (__XM_OL_09BB4 && __MO_OL_09BB4)
header __XM_OL_83BF7 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3110\.3/
header __MO_OL_83BF7 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3110\.3/
+tflags XMAILER_MIMEOLE_OL_83BF7 publish
meta XMAILER_MIMEOLE_OL_83BF7 (__XM_OL_83BF7 && __MO_OL_83BF7)
header __XM_OL_7533E X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4963\.1700/
header __MO_OL_7533E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
+tflags XMAILER_MIMEOLE_OL_7533E publish
meta XMAILER_MIMEOLE_OL_7533E (__XM_OL_7533E && __MO_OL_7533E)
header __XM_OL_91287 X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4807\.2300/
header __MO_OL_91287 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
+tflags XMAILER_MIMEOLE_OL_91287 publish
meta XMAILER_MIMEOLE_OL_91287 (__XM_OL_91287 && __MO_OL_91287)
header __XM_OL_1ECD5 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1081/
header __MO_OL_1ECD5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1081/
+tflags XMAILER_MIMEOLE_OL_1ECD5 publish
meta XMAILER_MIMEOLE_OL_1ECD5 (__XM_OL_1ECD5 && __MO_OL_1ECD5)
header __XM_OL_FF5C8 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_FF5C8 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2741\.2600/
+tflags XMAILER_MIMEOLE_OL_FF5C8 publish
meta XMAILER_MIMEOLE_OL_FF5C8 (__XM_OL_FF5C8 && __MO_OL_FF5C8)
header __XM_OL_4BF4C X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_4BF4C X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4522\.1200/
+tflags XMAILER_MIMEOLE_OL_4BF4C publish
meta XMAILER_MIMEOLE_OL_4BF4C (__XM_OL_4BF4C && __MO_OL_4BF4C)
header __XM_OL_25340 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_25340 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
+tflags XMAILER_MIMEOLE_OL_25340 publish
meta XMAILER_MIMEOLE_OL_25340 (__XM_OL_25340 && __MO_OL_25340)
header __XM_OL_4EEDB X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_4EEDB X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
+tflags XMAILER_MIMEOLE_OL_4EEDB publish
meta XMAILER_MIMEOLE_OL_4EEDB (__XM_OL_4EEDB && __MO_OL_4EEDB)
header __XM_OL_9B90B X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_9B90B X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.1700/
+tflags XMAILER_MIMEOLE_OL_9B90B publish
meta XMAILER_MIMEOLE_OL_9B90B (__XM_OL_9B90B && __MO_OL_9B90B)
header __XM_OL_C65FA X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_C65FA X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.1700/
+tflags XMAILER_MIMEOLE_OL_C65FA publish
meta XMAILER_MIMEOLE_OL_C65FA (__XM_OL_C65FA && __MO_OL_C65FA)
header __XM_OL_B30D1 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_B30D1 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
+tflags XMAILER_MIMEOLE_OL_B30D1 publish
meta XMAILER_MIMEOLE_OL_B30D1 (__XM_OL_B30D1 && __MO_OL_B30D1)
header __XM_OL_58CB5 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_58CB5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/
+tflags XMAILER_MIMEOLE_OL_58CB5 publish
meta XMAILER_MIMEOLE_OL_58CB5 (__XM_OL_58CB5 && __MO_OL_58CB5)
header __XM_OL_5B79A X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_5B79A X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.3790\.1830/
+tflags XMAILER_MIMEOLE_OL_5B79A publish
meta XMAILER_MIMEOLE_OL_5B79A (__XM_OL_5B79A && __MO_OL_5B79A)
header __XM_OL_3857F X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_3857F X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1409/
+tflags XMAILER_MIMEOLE_OL_3857F publish
meta XMAILER_MIMEOLE_OL_3857F (__XM_OL_3857F && __MO_OL_3857F)
header __XM_OL_F475E X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_F475E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2741\.2600/
+tflags XMAILER_MIMEOLE_OL_F475E publish
meta XMAILER_MIMEOLE_OL_F475E (__XM_OL_F475E && __MO_OL_F475E)
header __XM_OL_F6D01 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_F6D01 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4522\.1200/
+tflags XMAILER_MIMEOLE_OL_F6D01 publish
meta XMAILER_MIMEOLE_OL_F6D01 (__XM_OL_F6D01 && __MO_OL_F6D01)
header __XM_OL_6554A X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_6554A X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2905/
+tflags XMAILER_MIMEOLE_OL_6554A publish
meta XMAILER_MIMEOLE_OL_6554A (__XM_OL_6554A && __MO_OL_6554A)
header __XM_OL_07794 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_07794 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
+tflags XMAILER_MIMEOLE_OL_07794 publish
meta XMAILER_MIMEOLE_OL_07794 (__XM_OL_07794 && __MO_OL_07794)
header __XM_OL_015D5 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_015D5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2905/
+tflags XMAILER_MIMEOLE_OL_015D5 publish
meta XMAILER_MIMEOLE_OL_015D5 (__XM_OL_015D5 && __MO_OL_015D5)
header __XM_OL_B4B40 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_B4B40 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/
+tflags XMAILER_MIMEOLE_OL_B4B40 publish
meta XMAILER_MIMEOLE_OL_B4B40 (__XM_OL_B4B40 && __MO_OL_B4B40)
header __XM_OL_812FF X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_812FF X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4927\.1200/
+tflags XMAILER_MIMEOLE_OL_812FF publish
meta XMAILER_MIMEOLE_OL_812FF (__XM_OL_812FF && __MO_OL_812FF)
header __XM_OL_ADFF7 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_ADFF7 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
+tflags XMAILER_MIMEOLE_OL_ADFF7 publish
meta XMAILER_MIMEOLE_OL_ADFF7 (__XM_OL_ADFF7 && __MO_OL_ADFF7)
header __XM_OL_4F240 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_4F240 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
+tflags XMAILER_MIMEOLE_OL_4F240 publish
meta XMAILER_MIMEOLE_OL_4F240 (__XM_OL_4F240 && __MO_OL_4F240)
header __XM_OL_BC7E6 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_BC7E6 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4927\.1200/
+tflags XMAILER_MIMEOLE_OL_BC7E6 publish
meta XMAILER_MIMEOLE_OL_BC7E6 (__XM_OL_BC7E6 && __MO_OL_BC7E6)
header __XM_OL_F3B05 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_F3B05 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
+tflags XMAILER_MIMEOLE_OL_F3B05 publish
meta XMAILER_MIMEOLE_OL_F3B05 (__XM_OL_F3B05 && __MO_OL_F3B05)
header __XM_OL_CF0C0 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_CF0C0 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
+tflags XMAILER_MIMEOLE_OL_CF0C0 publish
meta XMAILER_MIMEOLE_OL_CF0C0 (__XM_OL_CF0C0 && __MO_OL_CF0C0)
header __XM_OL_D03AB X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2180/
header __MO_OL_D03AB X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2869/
+tflags XMAILER_MIMEOLE_OL_D03AB publish
meta XMAILER_MIMEOLE_OL_D03AB (__XM_OL_D03AB && __MO_OL_D03AB)
header __XM_OL_3AC1D X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.00\.2919\.6700/
header __MO_OL_3AC1D X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.00\.2919\.6700/
+tflags XMAILER_MIMEOLE_OL_3AC1D publish
meta XMAILER_MIMEOLE_OL_3AC1D (__XM_OL_3AC1D && __MO_OL_3AC1D)
header __XM_OL_A842E X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1158/
header __MO_OL_A842E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1441/
+tflags XMAILER_MIMEOLE_OL_A842E publish
meta XMAILER_MIMEOLE_OL_A842E (__XM_OL_A842E && __MO_OL_A842E)
header __XM_OL_72641 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1441/
header __MO_OL_72641 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1441/
+tflags XMAILER_MIMEOLE_OL_72641 publish
meta XMAILER_MIMEOLE_OL_72641 (__XM_OL_72641 && __MO_OL_72641)
header __XM_OL_8627E X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1437/
header __MO_OL_8627E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
+tflags XMAILER_MIMEOLE_OL_8627E publish
meta XMAILER_MIMEOLE_OL_8627E (__XM_OL_8627E && __MO_OL_8627E)
header __XM_OL_C7C33 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_C7C33 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962/
+tflags XMAILER_MIMEOLE_OL_C7C33 publish
meta XMAILER_MIMEOLE_OL_C7C33 (__XM_OL_C7C33 && __MO_OL_C7C33)
header __XM_OL_22B61 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1158/
header __MO_OL_22B61 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
+tflags XMAILER_MIMEOLE_OL_22B61 publish
meta XMAILER_MIMEOLE_OL_22B61 (__XM_OL_22B61 && __MO_OL_22B61)
header __XM_OL_C9068 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_C9068 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1807/
+tflags XMAILER_MIMEOLE_OL_C9068 publish
meta XMAILER_MIMEOLE_OL_C9068 (__XM_OL_C9068 && __MO_OL_C9068)
header __XM_OL_EF20B X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_EF20B X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2180/
+tflags XMAILER_MIMEOLE_OL_EF20B publish
meta XMAILER_MIMEOLE_OL_EF20B (__XM_OL_EF20B && __MO_OL_EF20B)
header __XM_OL_465CD X-Mailer =~ /Microsoft\ Outlook\,\ Build\ 10\.0\.3416/
header __MO_OL_465CD X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1506/
+tflags XMAILER_MIMEOLE_OL_465CD publish
meta XMAILER_MIMEOLE_OL_465CD (__XM_OL_465CD && __MO_OL_465CD)
header __XM_OL_5E7ED X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2180/
header __MO_OL_5E7ED X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962/
+tflags XMAILER_MIMEOLE_OL_5E7ED publish
meta XMAILER_MIMEOLE_OL_5E7ED (__XM_OL_5E7ED && __MO_OL_5E7ED)
header __XM_OL_EF222 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2873/
header __MO_OL_EF222 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2873/
+tflags XMAILER_MIMEOLE_OL_EF222 publish
meta XMAILER_MIMEOLE_OL_EF222 (__XM_OL_EF222 && __MO_OL_EF222)
Modified: spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf?view=diff&rev=553200&r1=553199&r2=553200
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf Wed Jul 4 06:25:18 2007
@@ -12,16 +12,19 @@
header __TT_OBSCURED_VIAGRA Subject =~ /(v|V|\\\/)(i|I|1|\xef|\|)(a|A|\(a\)|4|@)(g|G)(r|R)(a|A|\(a\)|4|@)/
header __TT_BROKEN_VIAGRA Subject =~ /V[:^."%()*\[\\]?I[:^."%()*\[\\]?A[:^."%()*\[\\]?G[:^."%()*\[\\]?R[:^."%()*\[\\]?A/i
meta TT_OBSCURED_VIAGRA ( __TT_BROKEN_VIAGRA || __TT_OBSCURED_VIAGRA ) && ! __TT_VIAGRA
+tflags TT_OBSCURED_VIAGRA publish
describe TT_OBSCURED_VIAGRA Scora: obscured "VIAGRA" in subject
header __TT_XANAX Subject =~ /XANAX/i
header __TT_OBSCURED_XANAX Subject =~ /(x|X|><)(a|A|\(a\)|4|@)(n|N)(a|A|\(a\)|4|@)(x|X|><)/
header __TT_BROKEN_XANAX Subject =~ /X[:^."%()*\[\\]?A[:^."%()*\[\\]?N[:^."%()*\[\\]?A[:^."%()*\[\\]?X/i
meta TT_OBSCURED_XANAX ( __TT_BROKEN_XANAX || __TT_OBSCURED_XANAX ) && ! __TT_XANAX
+tflags TT_OBSCURED_XANAX publish
describe TT_OBSCURED_XANAX Scora: obscured "XANAX" in subject
header __TT_VALIUM Subject =~ /VALIUM/i
header __TT_OBSCURED_VALIUM Subject =~ /(v|V|\\\/)(a|A|\(a\)|4|@)(l|L|\|)(i|I|1|\xef|\|)(u|U|\(u\))(m|M)/
header __TT_BROKEN_VALIUM Subject =~ /V[:^."%()*\[\\]?A[:^."%()*\[\\]?L[:^."%()*\[\\]?I[:^."%()*\[\\]?U[:^."%()*\[\\]?M/i
meta TT_OBSCURED_VALIUM ( __TT_BROKEN_VALIUM || __TT_OBSCURED_VALIUM ) && ! __TT_VALIUM
+tflags TT_OBSCURED_VALIUM publish
describe TT_OBSCURED_VALIUM Scora: obscured "VALIUM" in subject