You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2021/04/29 14:46:42 UTC

svn commit: r1889299 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Thu Apr 29 14:46:42 2021
New Revision: 1889299

URL: http://svn.apache.org/viewvc?rev=1889299&view=rev
Log:
Push google phishing rule for publication; FP Avoidance tuning; add rule for evaluation

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1889299&r1=1889298&r2=1889299&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Apr 29 14:46:42 2021
@@ -3512,8 +3512,9 @@ tflags      GOOG_STO_HTML_PHISH_MANY  pu
 
 uri         __URI_GOOG_STO_EMAIL       m;^https?://storage\.googleapis\.com/.*[a-z0-9]@(?:[a-z0-9]{2,20}\.){1,3}[a-z]{2,3};i
 meta        GOOG_STO_EMAIL_PHISH       __URI_GOOG_STO_EMAIL && (__PDS_FROM_NAME_TO_DOMAIN || __SUBJ_HAS_TO_1)
-describe    GOOG_STO_EMAIL_PHISH       Phishing with google content URI having email address
-score       GOOG_STO_EMAIL_PHISH       2.00	# limit
+describe    GOOG_STO_EMAIL_PHISH       Possible phishing with google hosted content URI having email address
+score       GOOG_STO_EMAIL_PHISH       3.00	# limit
+tflags      GOOG_STO_EMAIL_PHISH       publish
 
 
 # download-a-file pitch, malware? 11/2020
@@ -3763,7 +3764,7 @@ header     __HAS_X_ANTIABUSE           e
 header     __HAS_X_AUTHED_SENDER       exists:X-Authenticated-Sender
 header     __HAS_HEADER_STARTS_NUM     ALL =~ /^\d[-a-z0-9]*:/ism
 
-meta       HAS_X_OUTGOING_SPAM_STAT    __HAS_X_OUTGOING_SPAM_STAT && !MAILING_LIST_MULTI && !__HAS_X_MAILMAN_VERSION && !__AUTOREPLY_ASU && !__THREAD_INDEX_GOOD && !__HAS_X_LOOP 
+meta       HAS_X_OUTGOING_SPAM_STAT    __HAS_X_OUTGOING_SPAM_STAT && !MAILING_LIST_MULTI && !__HAS_X_MAILMAN_VERSION && !__AUTOREPLY_ASU && !__THREAD_INDEX_GOOD && !__HAS_X_LOOP && !__DOC_ATTACH && !__PDF_ATTACH 
 describe   HAS_X_OUTGOING_SPAM_STAT    Has header claiming outbound spam scan - why trust the results?
 score      HAS_X_OUTGOING_SPAM_STAT    2.000	# limit
 tflags     HAS_X_OUTGOING_SPAM_STAT    publish
@@ -3866,6 +3867,8 @@ meta       XM_LIGHT_HEAVY              _
 describe   XM_LIGHT_HEAVY              Special edition of a MUA
 score      XM_LIGHT_HEAVY              2.500	# limit
 
+meta       XM_LONG_DUP_TO              __XM_VERY_LONG && __DUPLICATE_HEADER_TO 
+
 # public PDF hosting abused for phishing redirects
 uri        __OPENTEXT_PDF              m;://core.opentext.com/pdfjs/web/viewer.html?shortLink=;i