You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2019/01/31 04:58:40 UTC

svn commit: r1852571 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Thu Jan 31 04:58:40 2019
New Revision: 1852571

URL: http://svn.apache.org/viewvc?rev=1852571&view=rev
Log:
Tuning Bitcoin extortion rules to respond to spammer changes

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1852571&r1=1852570&r2=1852571&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Jan 31 04:58:40 2019
@@ -1952,7 +1952,7 @@ ifplugin Mail::SpamAssassin::Plugin::Rep
   replace_rules  __MY_VICTIM
   body           __MY_MALWARE           /\s(?:(?:<I>\s<P><U><T>\s<A>\s|<M><Y>\s(?:<P><E><R><S><O><N><A><L>\s)?)(?:<M><A><L><W><A><R><E>|<V><I><R><U><S>|<S><P><Y>\s?<W><A><R><E>)|<A><P><P><L><I><C><A><T><I><O><N>[^\.]{1,30}(?:<E><N><A><B><L><E>(?:<D>|<S>)|<A><L><L><O><W>)\s<M><E>\s<T><O>\s(?:<A><C><C><E><S><S>|<C><O><N><T><R><O><L>)|<I>\s(?:<C><O><N><T><A><M><I><N><A><T><E><D>|<I><N><F><E><C><T><E><D>)\s<Y><O><U><R>\s(?:<M><A><C><H><I><N><E>|<C><O><M><P><U><T><E><R>)|Anwendung\s[^\.]{1,50}\sich\sauf\salle\sIhre\sdarauf\sgespeicherten\sDateien\szugreifen\skann)[\s\.,]/i
   replace_rules  __MY_MALWARE
-  body           __PAY_ME               /\s(?:<P><A><Y>\s<M><E>|(?:(?:<S><E><N><D>|<T><R><A><N><S><M><I><T>)\s<M><E>|<T><R><A><N><S><F><E><R>\s<T><H><E>\s<A><M><O><U><N><T>\s<O><F>|<D><E><N>\s<B><E><T><R><A><G>\s<V><O><N>)\s(?:[\d,'.]+\s?(?:<U><S><D>|<E><U><R>)|<B><I><T><C><O><I><N>))\s/i
+  body           __PAY_ME               /\s(?:<P><A><Y>\s<M><E>|(?:(?:<S><E><N><D>|<T><R><A><N><S><M><I><T>)\s<M><E>|<T><R><A><N><S><F><E><R>\s<T><H><E>\s<A><M><O><U><N><T>\s<O><F>|<D><E><N>\s<B><E><T><R><A><G>\s<V><O><N>)\s(?:[\d,'.]+\s?(?:<U><S><D>|<E><U><R>?(?:<O><S>)?)|<B><I><T><C><O><I><N>))\s/i
   replace_rules  __PAY_ME
   body           __YOUR_PASSWORD        /\s<Y><O><U><R>\s<P><A><S><S><W><O><R><D>/i
   replace_rules  __YOUR_PASSWORD
@@ -1969,7 +1969,7 @@ ifplugin Mail::SpamAssassin::Plugin::Rep
 else
   body           __MY_VICTIM            /\b(?:hi|hello),?(?:\smy)?\s(?:victim|prey)\b/i
   body           __MY_MALWARE           /\b(?:(?:I\sput\sa\s|my\s(?:personal\s)?)(?:malware|virus|spy\s?ware)|application[^\.]{1,30}(?:enable[sd]|allows)\sme\sto\s(?:access|control)|I\s(?:contaminated|infected)\syour\s(?:machine|computer)|Anwendung\s[^\.]{1,50}\sich\sauf\salle\sIhre\sdarauf\sgespeicherten\sDateien\szugreifen\skann)\b/i
-  body           __PAY_ME               /\b(?:pay\sme|(?:(?:send|transmit)\sme|transfer\sthe\samount\sof|den\sbetrag\svon)\s(?:[\d,'.]+\s?(?:usd|eur)|bitcoin))\b/i
+  body           __PAY_ME               /\b(?:pay\sme|(?:(?:send|transmit)\sme|transfer\sthe\samount\sof|den\sbetrag\svon)\s(?:[\d,'.]+\s?(?:usd|eur?(?:os)?)|bitcoin))\b/i
   body           __YOUR_PASSWORD        /\byour\spassword\b/i
   body           __YOUR_WEBCAM          /\b(?:from|your)\swebcam\b/i
   body           __YOUR_ONAN            /\byour?\s(?:mast[ur]{2}bati(?:on|ng)|onanism|solitary\ssex|hand\sfucking)\b/i