You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/10/25 11:07:24 UTC

svn commit: r467584 - /spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Author: jm
Date: Wed Oct 25 02:07:23 2006
New Revision: 467584

URL: http://svn.apache.org/viewvc?view=rev&rev=467584
Log:
add another test mimeheader rule to match stock-spam Content-Type MIME-part headers

Modified:
    spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=467584&r1=467583&r2=467584
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Wed Oct 25 02:07:23 2006
@@ -51,12 +51,9 @@
 meta CORRUPT_FROM_LINE_IN_HDRS (MISSING_HEADERS && __BODY_STARTS_WITH_FROM_LINE && MISSING_DATE && NO_RELAYS)
 describe CORRUPT_FROM_LINE_IN_HDRS Informational: message is corrupt, with a From line in its headers
 
-# ---------------------------------------------------------------------------
-# Testing bit
-
-# Suresh: 'Finding "mail.com", "post.com" etc in a received header is ALWAYS bogus'
-# oops, /\b/ matches ".", hence FPs :(  try again:
-header RCVD_MAIL_COM        Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
+# informational rules don't have to hit spam
+tflags CORRUPT_FROM_LINE_IN_HDRS userconf publish
+score CORRUPT_FROM_LINE_IN_HDRS 0.001
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
@@ -74,17 +71,29 @@
 meta PART_CID_STOCK_LESS (__PART_STOCK_IMG&&__PART_CID_STOCK_LESS)
 describe PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID, more specific)
 
-
 mimeheader CTYPE_1SPACE_GIF Content-Type:raw =~ /image\/gif;\n name=\".+?\"\s*$/s
+describe CTYPE_1SPACE_GIF   Stock spam image part 'Content-Type' found
 
 endif # Mail::SpamAssassin::Plugin::MIMEHeader
 
 header RCVD_FORGED_WROTE    Received =~ /from \d\S+\d \(HELO [a-z]\S+\) by \S+ with esmtp \([A-Z0-9]/s
 describe RCVD_FORGED_WROTE  Forged 'Received' header found ('wrote:' spam)
 
+# ---------------------------------------------------------------------------
+# Testing bit
+
+# Suresh: 'Finding "mail.com", "post.com" etc in a received header is ALWAYS bogus'
+# oops, /\b/ matches ".", hence FPs :(  try again:
+header RCVD_MAIL_COM        Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
+
 header __MIMEOLE_1106   X-MimeOLE =~ /^Produced By Microsoft MimeOLE V6.00.2800.1106$/
 header __MAILER_OL_5510 X-Mailer =~ /^Microsoft Office Outlook, Build 11.0.5510$/
 header __TI36           Thread-Index =~ /^.{36}$/
 meta DRUGS_STOCK_MIMEOLE (__MIMEOLE_1106 && __MAILER_OL_5510 && __TI36)
 meta DRUGS_STOCK_MIMEOLE2 (__MIMEOLE_1106 && __MAILER_OL_5510)
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+mimeheader CTYPE_8SPACE_GIF Content-Type:raw =~ /^image\/gif;\n {8}name=\".+?\"$/s
+describe CTYPE_8SPACE_GIF   Stock spam image part 'Content-Type' found (8 spc)
+endif