You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2010/02/14 01:18:18 UTC
svn commit: r909937 - in /spamassassin/trunk/rulesrc/sandbox/jhardin: 20_lotsa_money.cf 20_misc_testing.cf

Author: jhardin
Date: Sun Feb 14 00:18:17 2010
New Revision: 909937

URL: http://svn.apache.org/viewvc?rev=909937&view=rev
Log:
Tweak lotsa_money and misc rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=909937&r1=909936&r2=909937&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Sun Feb 14 00:18:17 2010
@@ -184,7 +184,7 @@
 body     __SCAM           /\bscam(?:me[dr])?s?\b/i
 body     __UN             /\bunited\snations?\b/i
 body     __AFR_UNION      /\bafrican\sunion\b/i
-body     __COMPENSATION   /\bcompensat(?:e|ion)\b/i
+body     __COMPENSATION   /\b(?:compensat(?:e|ion)|recompensed?)\b/i
 body     __FRAUD          /\b(?:de)?fraud/i
 #meta     MONEY_FRAUD_COMP  LOTS_OF_MONEY && __BARRISTER && (__SCAM || __FRAUD) && (__UN || __AFR_UNION) && __COMPENSATION
 #describe MONEY_FRAUD_COMP  Lots of money from a fraud compensation

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=909937&r1=909936&r2=909937&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Feb 14 00:18:17 2010
@@ -183,21 +183,21 @@
 tflags         __SPAN_BEG_TEXT     multiple
 rawbody        __SPAN_END_TEXT     /[^;>]<\/(?i:span)>[a-z]{3}/
 tflags         __SPAN_END_TEXT     multiple
-meta           MANY_SPAN_IN_TEXT   (__SPAN_BEG_TEXT > 5) && (__SPAN_END_TEXT > 5)
+meta           MANY_SPAN_IN_TEXT   (__SPAN_BEG_TEXT > 4) && (__SPAN_END_TEXT > 4)
 describe       MANY_SPAN_IN_TEXT   Many <SPAN> tags embedded within text
 
 rawbody        __FEEDPROXY         m;http://feedproxy\.google\.com/;
 tflags         __FEEDPROXY         multiple
-meta           MANY_GOOG_PROXY     __FEEDPROXY > 5
+meta           MANY_GOOG_PROXY     __FEEDPROXY > 4
 describe       MANY_GOOG_PROXY     Many Google feedproxy URIs
 
-rawbody        __TINY_FLOAT         /\bstyle\s*=\s*"[^"]{0,40}?(?:(?:FONT-SIZE\s*:\s+\dpx|FLOAT\s*:\s+(?:right|left))(?:;\s+)?(?:(?!(?:FONT-SIZE|FLOAT))\w+:\s+\w+;?\s*)*){2}/i
-tflags         __TINY_FLOAT         multiple
-meta           TINY_FLOAT           __TINY_FLOAT > 0
+rawbody        TINY_FLOAT         /\bstyle\s*=\s*"[^"]{0,40}?(?:(?:FONT-SIZE\s*:\s+\dpx|FLOAT\s*:\s+(?:right|left))(?:;\s+)?(?:(?!(?:FONT-SIZE|FLOAT))\w+:\s+\w+;?\s*)*){2}/i
+#tflags         __TINY_FLOAT         multiple
+#meta           TINY_FLOAT           __TINY_FLOAT > 0
 describe       TINY_FLOAT           Has small-font floating HTML elements - text obfuscation?
 score          TINY_FLOAT           2.00
-meta           MANY_TINY_FLOAT      __TINY_FLOAT > 5
-describe       MANY_TINY_FLOAT      Many small-font floating HTML elements
+#meta           MANY_TINY_FLOAT      __TINY_FLOAT > 5
+#describe       MANY_TINY_FLOAT      Many small-font floating HTML elements
 
 
 # endless requests on the users list...
@@ -262,23 +262,23 @@
 endif
 
 # stock spam disclaimer obfuscation
-body           GAPPY_TRADING              /\b(?!trading)t[^a-z\s]?r[^a-z\s]?a[^a-z\s]?d[^a-z\s]?i[^a-z\s]?n[^a-z\s]?g/i
-body           GAPPY_SECURITIES           /\b(?!securities)s[^a-z\s]?e[^a-z\s]?c[^a-z\s]?u[^a-z\s]?r[^a-z\s]?i[^a-z\s]?t[^a-z\s]?i[^a-z\s]?e[^a-z\s]?s/i
-body           GAPPY_RISK                 /\b(?!risky?)r[^a-z\s]?i[^a-z\s]?s[^a-z\s]?k(?:[^a-z\s]?y)?/i
-body           GAPPY_SELLING              /\b(?!selling)s[^a-z\s]?e[^a-z\s]?l[^a-z\s]?l[^a-z\s]?i[^a-z\s]?n[^a-z\s]?g/i
-body           GAPPY_HUNDRED              /\b(?!hundred)h[^a-z\s]?u[^a-z\s]?n[^a-z\s]?d[^a-z\s]?r[^a-z\s]?e[^a-z\s]?d/i
-body           GAPPY_THOUSAND             /\b(?!thousand)t[^a-z\s]?h[^a-z\s]?o[^a-z\s]?u[^a-z\s]?s[^a-z\s]?a[^a-z\s]?n[^a-z\s]?d/i
-body           GAPPY_EXPENSES             /\b(?!expenses)e[^a-z\s]?x[^a-z\s]?p[^a-z\s]?e[^a-z\s]?n[^a-z\s]?s[^a-z\s]?e[^a-z\s]?s/i
-body           GAPPY_DOLLARS              /\b(?!dollars)d[^a-z\s]?o[^a-z\s]?l[^a-z\s]?l[^a-z\s]?a[^a-z\s]?r[^a-z\s]?s/i
-
-describe       GAPPY_TRADING              Possible obfuscated stock disclaimer
-describe       GAPPY_SECURITIES           Possible obfuscated stock disclaimer
-describe       GAPPY_RISK                 Possible obfuscated stock disclaimer
-describe       GAPPY_SELLING              Possible obfuscated stock disclaimer
-describe       GAPPY_HUNDRED              Possible obfuscated stock disclaimer
-describe       GAPPY_THOUSAND             Possible obfuscated stock disclaimer
-describe       GAPPY_EXPENSES             Possible obfuscated stock disclaimer
-describe       GAPPY_DOLLARS              Possible obfuscated stock disclaimer
+# body           GAPPY_TRADING              /\b(?!trading)t[^a-z\s]?r[^a-z\s]?a[^a-z\s]?d[^a-z\s]?i[^a-z\s]?n[^a-z\s]?g/i
+# body           GAPPY_SECURITIES           /\b(?!securities)s[^a-z\s]?e[^a-z\s]?c[^a-z\s]?u[^a-z\s]?r[^a-z\s]?i[^a-z\s]?t[^a-z\s]?i[^a-z\s]?e[^a-z\s]?s/i
+# body           GAPPY_RISK                 /\b(?!risky?)r[^a-z\s]?i[^a-z\s]?s[^a-z\s]?k(?:[^a-z\s]?y)?/i
+# body           GAPPY_SELLING              /\b(?!selling)s[^a-z\s]?e[^a-z\s]?l[^a-z\s]?l[^a-z\s]?i[^a-z\s]?n[^a-z\s]?g/i
+# body           GAPPY_HUNDRED              /\b(?!hundred)h[^a-z\s]?u[^a-z\s]?n[^a-z\s]?d[^a-z\s]?r[^a-z\s]?e[^a-z\s]?d/i
+# body           GAPPY_THOUSAND             /\b(?!thousand)t[^a-z\s]?h[^a-z\s]?o[^a-z\s]?u[^a-z\s]?s[^a-z\s]?a[^a-z\s]?n[^a-z\s]?d/i
+# body           GAPPY_EXPENSES             /\b(?!expenses)e[^a-z\s]?x[^a-z\s]?p[^a-z\s]?e[^a-z\s]?n[^a-z\s]?s[^a-z\s]?e[^a-z\s]?s/i
+# body           GAPPY_DOLLARS              /\b(?!dollars)d[^a-z\s]?o[^a-z\s]?l[^a-z\s]?l[^a-z\s]?a[^a-z\s]?r[^a-z\s]?s/i
+# 
+# describe       GAPPY_TRADING              Possible obfuscated stock disclaimer
+# describe       GAPPY_SECURITIES           Possible obfuscated stock disclaimer
+# describe       GAPPY_RISK                 Possible obfuscated stock disclaimer
+# describe       GAPPY_SELLING              Possible obfuscated stock disclaimer
+# describe       GAPPY_HUNDRED              Possible obfuscated stock disclaimer
+# describe       GAPPY_THOUSAND             Possible obfuscated stock disclaimer
+# describe       GAPPY_EXPENSES             Possible obfuscated stock disclaimer
+# describe       GAPPY_DOLLARS              Possible obfuscated stock disclaimer
 
 # talking about a stock symbol
 body           __DISCUSS_STOCK            /(?:[a-z]{2,}\s|^)[A-Z]{4}(?:\s[a-z]{2,}|[,.!])/
@@ -290,4 +290,7 @@
 rawbody        STYLE_GIBBERISH            /<style[^>]{0,30}>[^:;<]{80}/im
 tflags         STYLE_GIBBERISH            nopublish
 
+rawbody        MANY_DIV                   /(?:<div[^>]{0,30}>\s{0,20}){30}/im
+tflags         MANY_DIV                   nopublish
+