You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by gb...@apache.org on 2019/12/12 22:06:10 UTC

svn commit: r1871307 - /spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf

Author: gbechis
Date: Thu Dec 12 22:06:10 2019
New Revision: 1871307

URL: http://svn.apache.org/viewvc?rev=1871307&view=rev
Log:
tweak Google redirect rule
add Google search rule

Modified:
    spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf

Modified: spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf?rev=1871307&r1=1871306&r2=1871307&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/gbechis/20_misc.cf Thu Dec 12 22:06:10 2019
@@ -2,10 +2,15 @@
 # meta        GB_MALWARE_DROPBOX_JAR_URI	( __MALWARE_DROPBOX_JAR_URI && (HTML_SHORT_LINK_IMG_1 || HTML_SHORT_LINK_IMG_2 || HTML_SHORT_LINK_IMG_3) )
 # describe    GB_MALWARE_DROPBOX_JAR_URI Dropbox that forces user to download jar file
 
-uri         GB_GOOGLE_OBFU	/^https:\/\/www\.google\.([a-z]{2,3})\/url\?sa=t\&rct=j\&q=\&esrc=s\&source=web\&cd=([0-9])+\&cad=rja\&uact=([0-9]+)\&ved=(.*)\&url=https?:\/\/(.*)&usg=(.*)/
-describe    GB_GOOGLE_OBFU	Obfuscate url through Google redirect
-score       GB_GOOGLE_OBFU      0.75 # limit
-tflags      GB_GOOGLE_OBFU      publish
+uri         GB_GOOGLE_OBFUR	/^https:\/\/www\.google\.([a-z]{2,3})\/url\?sa=t\&rct=j\&q=\&esrc=s\&source=web\&cd=([0-9])+\&cad=rja\&uact=([0-9]+)\&ved=.{1,50}\&url=https?:\/\/.{1,50}&usg=.{1,50}/
+describe    GB_GOOGLE_OBFUR	Obfuscate url through Google redirect
+score       GB_GOOGLE_OBFUR     0.75 # limit
+tflags      GB_GOOGLE_OBFUR     publish
+
+uri         GB_GOOGLE_OBFUS	/^https:\/\/www\.google\.([a-z]{2,3})\/search\?ei=.{1,50}\&gs_l=.{1,20}/
+describe    GB_GOOGLE_OBFUS	Obfuscate url through Google search
+score       GB_GOOGLE_OBFUS     0.75 # limit
+#tflags      GB_GOOGLE_OBFUS     publish
 
 header      __COPY_OF       Subject =~ /Copy of:|offers for you/
 meta        GB_COPY_OF_SHORT   ( __URL_SHORTENER && __COPY_OF && __KAM_BODY_LENGTH_LT_1024 )