You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/09/04 18:41:52 UTC
svn commit: r1622513 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Thu Sep 4 16:41:52 2014
New Revision: 1622513
URL: http://svn.apache.org/r1622513
Log:
FP avoidance tuning, expose hacked-wordpress URI rules for scoring
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1622513&r1=1622512&r2=1622513&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Sep 4 16:41:52 2014
@@ -997,7 +997,7 @@ meta SUBJ_OBFU_PUNCT_MANY __SUB
describe SUBJ_OBFU_PUNCT_MANY Punctuation-obfuscated Subject: header
score SUBJ_OBFU_PUNCT_MANY 1.750
-meta SUBJ_MANGLED __SUBJ_OBFU_PUNCT && __GAPPY_SUBJECT
+meta SUBJ_MANGLED __SUBJ_OBFU_PUNCT && __GAPPY_SUBJECT && !__RP_MATCHES_RCVD && !__HAS_X_MAILER && !__DOS_HAS_LIST_UNSUB
score SUBJ_MANGLED 2.000 # limit
# A document was scanned and sentto you using a Hewlett-Packard HP Officejet
@@ -1360,8 +1360,12 @@ meta URI_WPADMIN __URI_WPA
describe URI_WPADMIN WordPress login/admin URI, possible phishing
tflags URI_WPADMIN publish
-uri __URI_WPCONTENT m,/wp-content/.*\.php,i
-uri __URI_WPINCLUDES m,/wp-includes/.*\.php,i
+uri __URI_WPCONTENT m,/wp-content/.*\.php\b,i
+uri __URI_WPINCLUDES m,/wp-includes/.*\.php\b,i
+meta URI_WP_HACKED __URI_WPCONTENT || __URI_WPINCLUDES
+describe URI_WP_HACKED URI for compromised WordPress site, possible malware
+score URI_WP_HACKED 3.000 # limit
+tflags URI_WP_HACKED publish
# subrules migrated from 00_FVGT_File001.cf
@@ -1688,4 +1692,9 @@ score OPTOUT_BRKT_MANY 2.
#describe __RECIP_IN_URL_DOM Recipient in body URL
#tflags __RECIP_IN_URL_DOM nopublish
+# tuning tests
+body __TVD_GET_STOCK_1 /\b(?i:OTC).{2,8}(?:[A-Z]\s*){3,5}\b/
+body __TVD_GET_STOCK_2 /(?i:OTC)[^-\/\\'.]{2,8}(?:[A-Z]\s*){3,5}\b/
+
+