You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/12/10 20:04:25 UTC
svn commit: r1848629 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Dec 10 20:04:25 2018
New Revision: 1848629
URL: http://svn.apache.org/viewvc?rev=1848629&view=rev
Log:
Tweaking obfuscation rules
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1848629&r1=1848628&r2=1848629&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Dec 10 20:04:25 2018
@@ -2163,9 +2163,9 @@ endif
rawbody __HTML_SINGLET />\s*(?:[a-z"]|&\#(?:\d+|x[0-9a-f]+);)\s*</i
tflags __HTML_SINGLET multiple, maxhits=21
meta __HTML_SINGLET_MANY __HTML_SINGLET > 20
-#meta HTML_SINGLET_MANY __HTML_SINGLET_MANY
-#describe HTML_SINGLET_MANY Many single-letter HTML format blocks
-#score HTML_SINGLET_MANY 1.000 # limit
+meta HTML_SINGLET_MANY __HTML_SINGLET_MANY && !__STY_INVIS && !ALL_TRUSTED
+describe HTML_SINGLET_MANY Many single-letter HTML format blocks
+score HTML_SINGLET_MANY 2.500 # limit
meta SINGLETS_LOW_CONTRAST __HTML_SINGLET_MANY && __HTML_FONT_LOW_CONTRAST_MINFP
describe SINGLETS_LOW_CONTRAST Single-letter formatted HTML + hidden text
@@ -2548,6 +2548,10 @@ if can(Mail::SpamAssassin::Conf::feature
rawbody __HTML_SHRT_CMNT_OBFU /\w<!--\s*\w+\s*-->\w/
tflags __HTML_SHRT_CMNT_OBFU multiple maxhits=10
meta __HTML_SHRT_CMNT_OBFU_MANY __HTML_SHRT_CMNT_OBFU > 9 && HTML_MESSAGE
+ meta HTML_SHRT_CMNT_OBFU_MANY __HTML_SHRT_CMNT_OBFU_MANY
+ describe HTML_SHRT_CMNT_OBFU_MANY Obfuscation with many short HTML comments
+ score HTML_SHRT_CMNT_OBFU_MANY 2.500 # limit
+ tflags HTML_SHRT_CMNT_OBFU_MANY publish
endif
header __FROM_ADDR_WS From:addr =~ /\s/
@@ -2602,7 +2606,7 @@ if can(Mail::SpamAssassin::Conf::feature
body __UNICODE_OBFU_ASC /[a-z0-9\s](?:\xd0[\xb0\xb5\xbe]|\xd1[\x80\x81])+[a-z0-9]{1,8}(?:\xd0[\xb0\xb5\xbe]|\xd1[\x80\x81])+[a-z0-9\s]/i
tflags __UNICODE_OBFU_ASC multiple maxhits=10
meta __UNICODE_OBFU_ASC_MANY __UNICODE_OBFU_ASC > 9
- meta UNICODE_OBFU_ASC __UNICODE_OBFU_ASC && !__SPAN_BEG_TEXT && !HTML_IMAGE_ONLY_32 && !__RCD_RDNS_MAIL
+ meta UNICODE_OBFU_ASC __UNICODE_OBFU_ASC && !__SPAN_BEG_TEXT && !HTML_IMAGE_ONLY_32
describe UNICODE_OBFU_ASC Obfuscating text with unicode
score UNICODE_OBFU_ASC 2.500 # limit
tflags UNICODE_OBFU_ASC publish