You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2016/09/05 16:22:26 UTC
svn commit: r1759330 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Sep 5 16:22:26 2016
New Revision: 1759330
URL: http://svn.apache.org/viewvc?rev=1759330&view=rev
Log:
FROM_FULLN_URL doesn't pan out; tweak URI_DATA
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1759330&r1=1759329&r2=1759330&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Sep 5 16:22:26 2016
@@ -1169,8 +1169,8 @@ score URI_MALWARE_BH 1.0 # lim
# suggested by https://isc.sans.edu/diary.html?storyid=13996
uri __URI_DATA /^data:[a-z]/i
meta URI_DATA __URI_DATA && !ALL_TRUSTED && !__RCD_RDNS_MAIL_MESSY && !__HAS_ERRORS_TO && !__VIA_ML && !__ENV_AND_HDR_FROM_MATCH
-describe URI_DATA "data:" URI : possible malware or phish
-score URI_DATA 2.500 # limit
+describe URI_DATA "data:" URI - possible malware or phish
+score URI_DATA 3.250 # limit
tflags URI_DATA publish
@@ -2202,10 +2202,11 @@ score MIMEOLE_DIRECT_TO_MX 2
# suggested 9/2016 by ChipM in personal email
# would be a LOT nicer if rules could use other rules' captures
-full __FROM_FULLN_URL m;^From:\s+"?([a-z]+)\s([a-z]+)\b.*?https?://[^/]+/\1[_.]\2\b;ism
-meta FROM_FULLN_URL __FROM_FULLN_URL && !__THREADED
-describe FROM_FULLN_URL From address full name is in body URL - possible phishing
-score FROM_FULLN_URL 2.000 # limit
+# terrible S/O
+#full __FROM_FULLN_URL m;^From:\s+"?([a-z]+)\s([a-z]+)\b.*?https?://[^/]+/\1[_.]\2\b;ism
+#meta FROM_FULLN_URL __FROM_FULLN_URL && !__THREADED
+#describe FROM_FULLN_URL From address full name is in body URL - possible phishing
+#score FROM_FULLN_URL 2.000 # limit