You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/10/13 18:07:15 UTC

svn commit: r1631455 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Mon Oct 13 16:07:15 2014
New Revision: 1631455

URL: http://svn.apache.org/r1631455
Log:
Add rule for malware downloads via Google

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1631455&r1=1631454&r2=1631455&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Oct 13 16:07:15 2014
@@ -1780,4 +1780,15 @@ header    __FM_EDGER_HOOVER             
 
 body      __MYSTERY_SHOPPER             /\bmystery shoppers?\b/i
 
+header    __HAS_NO_RELAY                X-No-Relay =~ /./
+
+# seen 10/2014: "https://www.google.com/url?q=https://copy.com/ApbFn2848pQm/ShippingInvoice_6974.PDF.scr?download=1&sa=D&sntz=1&usg=AFQjCNGhvWhljnujQlP85tA6YUsddfuJow"
+uri       __GOOG_MALWARE_DNLD           m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
+meta      GOOG_MALWARE_DNLD             __GOOG_MALWARE_DNLD
+describe  GOOG_MALWARE_DNLD             File download via Google - Malware?
+score     GOOG_MALWARE_DNLD             5.000   # limit
+tflags    GOOG_MALWARE_DNLD             publish
+
+
+