You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by qu...@apache.org on 2004/11/22 05:40:41 UTC
svn commit: r106155 - /spamassassin/trunk/rules/70_testing.cf
Author: quinlan
Date: Sun Nov 21 20:40:40 2004
New Revision: 106155
Modified:
spamassassin/trunk/rules/70_testing.cf
Log:
put back some good rules I didn't intend to remove
Modified: spamassassin/trunk/rules/70_testing.cf
Url: http://svn.apache.org/viewcvs/spamassassin/trunk/rules/70_testing.cf?view=diff&rev=106155&p1=spamassassin/trunk/rules/70_testing.cf&r1=106154&p2=spamassassin/trunk/rules/70_testing.cf&r2=106155
==============================================================================
--- spamassassin/trunk/rules/70_testing.cf (original)
+++ spamassassin/trunk/rules/70_testing.cf Sun Nov 21 20:40:40 2004
@@ -283,6 +283,7 @@
body T_HOT_NASTY /\b(?=[dehklnswxy])(?:horny|nasty|hot|wild|young|horniest|nastiest|hottest|wildest|youngest|naughty|dirtiest|slutty|kinky|lusty|extreme|xxx+)\b.{0,9}\b(?=[acfghilmpsvx])(?:virgins?\b|asian|cheerleader|sex|selection|fuck|fucking|anal\b|lesb(?:ian|o)|incest|chicks?|pics|movies|video|gay\b|porn|h[a\@]rdcore|schoolgirls|amateur|slut|adult|cum\b|xxx|sites?|hotties|shit)/i
body T_BEST_PORN /\b(?:best|biggest|largest|most|free|ultimate)\b.{0,9}\b(?:virgins?\b|anal\b|lesbians?|incest|porno?|h[a\@]rdcore|sluts?|xxx+)/i
+body T_EMPTY_URI_SRC eval:html_test('blank_uri')
body T_EMPTY_URI_SRC_IMG eval:html_text_match('blank_uri', '^img$')
body T_EMPTY_URI_SRC_IFRAME eval:html_text_match('blank_uri', '^iframe$')
@@ -297,6 +298,24 @@
# bug 3570
# anti-phishing rules, will probably have a low hit-rate
+#
+# 1.415 1.7346 0.0000 1.000 0.85 0.01 T_FORGED_MSGID_HOTMAIL
+# 1.351 1.6569 0.0000 1.000 0.84 0.01 T_FORGED_MSGID_YAHOO
+# 0.443 0.5433 0.0000 1.000 0.73 0.01 T_FORGED_MSGID_EXCITE
+# 0.198 0.2423 0.0000 1.000 0.66 0.01 T_FORGED_MSGID_MSN
+# 0.057 0.0698 0.0000 1.000 0.55 0.01 T_FORGED_EBAY
+# 0.052 0.0642 0.0000 1.000 0.55 0.01 T_FORGED_MSGID_AOL
+# 0.047 0.0573 0.0000 1.000 0.54 0.01 T_FORGED_CITI
+# 0.034 0.0412 0.0000 1.000 0.52 0.01 T_FORGED_SUNTRUST
+# 0.016 0.0191 0.0000 1.000 0.49 0.01 T_FORGED_ABOUT
+# 0.009 0.0112 0.0000 1.000 0.48 0.01 T_FORGED_PAYPAL
+
+header __RCVD_PAYPAL Received =~ /\.paypal\.com\b/i
+header __FROM_PAYPAL From =~ /[\@\.]paypal\.com\b/i
+uri __URI_PAYPAL m{^https?://.{0,32}\bpaypal\.com\b}i
+meta T_FORGED_PAYPAL (__FROM_PAYPAL && __URI_PAYPAL && !__RCVD_PAYPAL)
+describe T_FORGED_PAYPAL Message appears to be forged, (paypal.com)
+
header __RCVD_EBAY Received =~ /(?:email)?[^\s@]ebay\.com\b/i
header __FROM_EBAY From =~ /\@(?:email)?ebay\.com\b/i
uri __URI_EBAY m{^https?://.{0,32}\bebay\.com\b}i
@@ -314,6 +333,37 @@
uri __URI_SUNTRUST m{^https?://.{0,32}\bsuntrust\.com\b}i
meta T_FORGED_SUNTRUST (__FROM_SUNTRUST && __URI_SUNTRUST && !__RCVD_SUNTRUST)
describe T_FORGED_SUNTRUST Message appears to be forged, (suntrust.com)
+
+header __RCVD_ABOUT_COM Received =~ /\babout\.com\b/i
+header __FROM_ABOUT_COM From =~ /\babout\.com\b/i
+uri __URI_ABOUT_COM m{^https?://.{0,32}\babout\.com\b}i
+meta T_FORGED_ABOUT (!__RCVD_ABOUT_COM && __FROM_ABOUT_COM && !__URI_ABOUT_COM)
+describe T_FORGED_ABOUT Message appears to be forged, (about.com)
+
+header __AT_YAHOO_MSGID MESSAGEID =~ /\@yahoo\.com\b/i
+header __FROM_YAHOO_COM From =~ /\@yahoo\.com\b/i
+meta T_FORGED_MSGID_YAHOO (__AT_YAHOO_MSGID && !__FROM_YAHOO_COM)
+describe T_FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com)
+
+header __AT_MSN_MSGID MESSAGEID =~ /\@msn\.com\b/i
+header __FROM_MSN_COM From =~ /\@msn\.com\b/i
+meta T_FORGED_MSGID_MSN (__AT_MSN_MSGID && (!__FROM_MSN_COM && !__FROM_HOTMAIL_COM && !__FROM_YAHOO_COM))
+describe T_FORGED_MSGID_MSN Message-ID is forged, (msn.com)
+
+header __AT_HOTMAIL_MSGID MESSAGEID =~ /\@hotmail\.com\b/i
+header __FROM_HOTMAIL_COM From =~ /\@hotmail\.com\b/i
+meta T_FORGED_MSGID_HOTMAIL (__AT_HOTMAIL_MSGID && (!__FROM_HOTMAIL_COM && !__FROM_MSN_COM && !__FROM_YAHOO_COM))
+describe T_FORGED_MSGID_HOTMAIL Message-ID is forged, (hotmail.com)
+
+header __AT_AOL_MSGID MESSAGEID =~ /\@aol\.com\b/i
+header __FROM_AOL_COM From =~ /\@aol\.com\b/i
+meta T_FORGED_MSGID_AOL (__AT_AOL_MSGID && !__FROM_AOL_COM)
+describe T_FORGED_MSGID_AOL Message-ID is forged, (aol.com)
+
+header __AT_EXCITE_MSGID MESSAGEID =~ /\@excite\.com\b/i
+header __MY_RCVD_EXCITE Received =~ /\.excite\.com\b/i
+meta T_FORGED_MSGID_EXCITE (__AT_EXCITE_MSGID && !__MY_RCVD_EXCITE)
+describe T_FORGED_MSGID_EXCITE Message-ID is forged, (excite.com)
uri T_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i
describe T_SPOOF_COM2OTH a.com.b.c