You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2019/01/21 18:36:08 UTC

svn commit: r1851761 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Mon Jan 21 18:36:07 2019
New Revision: 1851761

URL: http://svn.apache.org/viewvc?rev=1851761&view=rev
Log:
Bitcoin extortion rule tweaks

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1851761&r1=1851760&r2=1851761&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Jan 21 18:36:07 2019
@@ -1968,13 +1968,13 @@ tflags         BITCOIN_SPAM_09  publish
 #   replace_rules  __EXPLOSIVE_DEVICE
 # else
   body           __MY_VICTIM            /\b(?:hi|hello),?(?:\smy)?\s(?:victim|prey)\b/i
-  body           __MY_MALWARE           /\b(?:(?:I\sput\sa\s|my\s(?:personal\s)?)(?:malware|virus)|application[a-z\s]{1,30}(?:enabled|allows)\sme\sto\s(?:access|control)|Anwendung\s[^\.]{1,40}\sich\sauf\salle\sIhre\sdarauf\sgespeicherten\sDateien\szugreifen\skann)\b/i
-  body           __PAY_ME               /\b(?:pay\sme|(?:send\sme|transfer\sthe\samount\sof|den\sbetrag\svon)\s[\d,'.]+\s?(?:usd|eur))\b/i
+  body           __MY_MALWARE           /\b(?:(?:I\sput\sa\s|my\s(?:personal\s)?)(?:malware|virus|spy\s?ware)|application[a-z\s]{1,30}(?:enabled|allows)\sme\sto\s(?:access|control)|Anwendung\s[^\.]{1,40}\sich\sauf\salle\sIhre\sdarauf\sgespeicherten\sDateien\szugreifen\skann)\b/i
+  body           __PAY_ME               /\b(?:pay\sme|(?:send\sme|transfer\sthe\samount\sof|den\sbetrag\svon)\s(?:[\d,'.]+\s?(?:usd|eur)|bitcoin))\b/i
   body           __YOUR_PASSWORD        /\byour\spassword\b/i
   body           __YOUR_WEBCAM          /\b(?:from|your)\swebcam\b/i
   body           __YOUR_ONAN            /\byour?\s(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary\ssex)\b/i
   body           __YOUR_PERSONAL        /\byour\spersonal\s(?:info(?:rmation)?|data)\b/i
-  body           __HOURS_DEADLINE       /\b(?:(?:give\syou|you\shave(?:\sonly|\sjust)?)\s\d+\shours|(?:by|to|until|before)\sthe\send\sof\sthe\s(?:work(?:ing)?\s)?day|Ich\sgebe\sIhnen\s\d+\sStunden)\b/i
+  body           __HOURS_DEADLINE       /\b(?:(?:give\syou|you\shave(?:\sonly|\sjust)?)(?:\sthe\slast)?\s\d+\shours|(?:by|to|until|before)\sthe\send\sof\sthe\s(?:work(?:ing)?\s)?day|Ich\sgebe\sIhnen\s\d+\sStunden)\b/i
   body           __EXPLOSIVE_DEVICE     /\b(?:explosive\sdevice|bomb)\b/i
 # endif
 meta           BITCOIN_EXTORT_01      __BITCOIN_ID && (__MY_MALWARE + __PAY_ME + __MY_VICTIM + __YOUR_WEBCAM + __YOUR_ONAN + __YOUR_PERSONAL + __HOURS_DEADLINE + __YOUR_PASSWORD + LOCALPART_IN_SUBJECT + __DESTROY_ME + __DESTROY_YOU + __EXPLOSIVE_DEVICE) > 2