You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2012/12/24 21:19:27 UTC
svn commit: r1425678 - in /spamassassin/trunk:
rules/73_sandbox_manual_scores.cf rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Dec 24 20:19:26 2012
New Revision: 1425678
URL: http://svn.apache.org/viewvc?rev=1425678&view=rev
Log:
Force publication of EMAIL_URI_PHISH
Modified:
spamassassin/trunk/rules/73_sandbox_manual_scores.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rules/73_sandbox_manual_scores.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/73_sandbox_manual_scores.cf?rev=1425678&r1=1425677&r2=1425678&view=diff
==============================================================================
--- spamassassin/trunk/rules/73_sandbox_manual_scores.cf (original)
+++ spamassassin/trunk/rules/73_sandbox_manual_scores.cf Mon Dec 24 20:19:26 2012
@@ -60,7 +60,10 @@ score FILL_THIS_FORM 0.001
# jhardin
# 1.000 S/O, hits only <= 6 points, but GA is not publishing it!
# perhaps because very few examples in spam corpus
-score GOOGLE_DOCS_PHISH 3.00
+# 12/24/12 GA likes it now
+#score GOOGLE_DOCS_PHISH 3.00
+# similar: .990 S/O, hits primarily spam <= 3 points
+score EMAIL_URI_PHISH 2.50
# hege
# FPs reported [bug 6417], GA assigning 3+ points
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1425678&r1=1425677&r2=1425678&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Dec 24 20:19:26 2012
@@ -1002,7 +1002,7 @@ meta __GOOGLE_DOCS_PHISH_1 __URI
meta __GOOGLE_DOCS_PHISH_2 __URI_GOOGLE_DOC && __EMAIL_PHISH
meta GOOGLE_DOCS_PHISH (__GOOGLE_DOCS_PHISH_1 || __GOOGLE_DOCS_PHISH_2)
describe GOOGLE_DOCS_PHISH E-mail account phishing via a Google Docs form
-score GOOGLE_DOCS_PHISH 3.00 # limit, until reviewed
+score GOOGLE_DOCS_PHISH 3.00 # limit
tflags GOOGLE_DOCS_PHISH publish # Force publication - great S/O, hits only <= 6 points
meta URI_GOOGLE_DOCS __URI_GOOGLE_DOC && !__DKIM_EXISTS && !__TO_EQ_FROM_DOM && !__DOS_REF_TODAY && !__DOS_BODY_FRI && !__DOS_BODY_WED && !__freemail_safe_fwd && !__TO_EQ_FROM_DOM && !__HAS_ERRORS_TO
@@ -1011,8 +1011,9 @@ score URI_GOOGLE_DOCS 1.00 #
meta __EMAIL_URI_PHISH __HAS_ANY_URI && !__URI_GOOGLE_DOC && __EMAIL_PHISH
meta EMAIL_URI_PHISH __EMAIL_URI_PHISH && !ALL_TRUSTED && !__UNSUB_LINK && !__TAG_EXISTS_CENTER && !__HAS_SENDER && !__CAN_HELP && !__VIA_ML && !__RCD_RDNS_MTA_MESSY && !__UPPERCASE_URI && !__HAS_CC
-score EMAIL_URI_PHISH 2.00 # limit
+score EMAIL_URI_PHISH 2.50 # limit
describe EMAIL_URI_PHISH Email account phishing using hosted form
+tflags EMAIL_URI_PHISH publish # Force publication - very good S/O, hits mainly <= 3 points
# suggested by MPerkel on the users list 11/10/2012
uri __URI_PROTO_MC /^(?!(?-i:(?:[Hh]ttps?|HTTPS?):))https?:/i