You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/10/13 18:07:15 UTC
svn commit: r1631455 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Oct 13 16:07:15 2014
New Revision: 1631455
URL: http://svn.apache.org/r1631455
Log:
Add rule for malware downloads via Google
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1631455&r1=1631454&r2=1631455&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Oct 13 16:07:15 2014
@@ -1780,4 +1780,15 @@ header __FM_EDGER_HOOVER
body __MYSTERY_SHOPPER /\bmystery shoppers?\b/i
+header __HAS_NO_RELAY X-No-Relay =~ /./
+
+# seen 10/2014: "https://www.google.com/url?q=https://copy.com/ApbFn2848pQm/ShippingInvoice_6974.PDF.scr?download=1&sa=D&sntz=1&usg=AFQjCNGhvWhljnujQlP85tA6YUsddfuJow"
+uri __GOOG_MALWARE_DNLD m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
+meta GOOG_MALWARE_DNLD __GOOG_MALWARE_DNLD
+describe GOOG_MALWARE_DNLD File download via Google - Malware?
+score GOOG_MALWARE_DNLD 5.000 # limit
+tflags GOOG_MALWARE_DNLD publish
+
+
+