You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2021/04/29 14:46:42 UTC
svn commit: r1889299 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Thu Apr 29 14:46:42 2021
New Revision: 1889299
URL: http://svn.apache.org/viewvc?rev=1889299&view=rev
Log:
Push google phishing rule for publication; FP Avoidance tuning; add rule for evaluation
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1889299&r1=1889298&r2=1889299&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Apr 29 14:46:42 2021
@@ -3512,8 +3512,9 @@ tflags GOOG_STO_HTML_PHISH_MANY pu
uri __URI_GOOG_STO_EMAIL m;^https?://storage\.googleapis\.com/.*[a-z0-9]@(?:[a-z0-9]{2,20}\.){1,3}[a-z]{2,3};i
meta GOOG_STO_EMAIL_PHISH __URI_GOOG_STO_EMAIL && (__PDS_FROM_NAME_TO_DOMAIN || __SUBJ_HAS_TO_1)
-describe GOOG_STO_EMAIL_PHISH Phishing with google content URI having email address
-score GOOG_STO_EMAIL_PHISH 2.00 # limit
+describe GOOG_STO_EMAIL_PHISH Possible phishing with google hosted content URI having email address
+score GOOG_STO_EMAIL_PHISH 3.00 # limit
+tflags GOOG_STO_EMAIL_PHISH publish
# download-a-file pitch, malware? 11/2020
@@ -3763,7 +3764,7 @@ header __HAS_X_ANTIABUSE e
header __HAS_X_AUTHED_SENDER exists:X-Authenticated-Sender
header __HAS_HEADER_STARTS_NUM ALL =~ /^\d[-a-z0-9]*:/ism
-meta HAS_X_OUTGOING_SPAM_STAT __HAS_X_OUTGOING_SPAM_STAT && !MAILING_LIST_MULTI && !__HAS_X_MAILMAN_VERSION && !__AUTOREPLY_ASU && !__THREAD_INDEX_GOOD && !__HAS_X_LOOP
+meta HAS_X_OUTGOING_SPAM_STAT __HAS_X_OUTGOING_SPAM_STAT && !MAILING_LIST_MULTI && !__HAS_X_MAILMAN_VERSION && !__AUTOREPLY_ASU && !__THREAD_INDEX_GOOD && !__HAS_X_LOOP && !__DOC_ATTACH && !__PDF_ATTACH
describe HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
score HAS_X_OUTGOING_SPAM_STAT 2.000 # limit
tflags HAS_X_OUTGOING_SPAM_STAT publish
@@ -3866,6 +3867,8 @@ meta XM_LIGHT_HEAVY _
describe XM_LIGHT_HEAVY Special edition of a MUA
score XM_LIGHT_HEAVY 2.500 # limit
+meta XM_LONG_DUP_TO __XM_VERY_LONG && __DUPLICATE_HEADER_TO
+
# public PDF hosting abused for phishing redirects
uri __OPENTEXT_PDF m;://core.opentext.com/pdfjs/web/viewer.html?shortLink=;i