You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2012/12/24 21:19:27 UTC

svn commit: r1425678 - in /spamassassin/trunk: rules/73_sandbox_manual_scores.cf rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Mon Dec 24 20:19:26 2012
New Revision: 1425678

URL: http://svn.apache.org/viewvc?rev=1425678&view=rev
Log:
Force publication of EMAIL_URI_PHISH

Modified:
    spamassassin/trunk/rules/73_sandbox_manual_scores.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rules/73_sandbox_manual_scores.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/73_sandbox_manual_scores.cf?rev=1425678&r1=1425677&r2=1425678&view=diff
==============================================================================
--- spamassassin/trunk/rules/73_sandbox_manual_scores.cf (original)
+++ spamassassin/trunk/rules/73_sandbox_manual_scores.cf Mon Dec 24 20:19:26 2012
@@ -60,7 +60,10 @@ score FILL_THIS_FORM           0.001
 # jhardin
 # 1.000 S/O, hits only <= 6 points, but GA is not publishing it!
 # perhaps because very few examples in spam corpus
-score GOOGLE_DOCS_PHISH        3.00
+# 12/24/12 GA likes it now
+#score GOOGLE_DOCS_PHISH        3.00
+# similar: .990 S/O, hits primarily spam <= 3 points
+score EMAIL_URI_PHISH 	       2.50
 
 # hege
 # FPs reported [bug 6417], GA assigning 3+ points

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1425678&r1=1425677&r2=1425678&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Dec 24 20:19:26 2012
@@ -1002,7 +1002,7 @@ meta        __GOOGLE_DOCS_PHISH_1  __URI
 meta        __GOOGLE_DOCS_PHISH_2  __URI_GOOGLE_DOC && __EMAIL_PHISH
 meta        GOOGLE_DOCS_PHISH    (__GOOGLE_DOCS_PHISH_1 || __GOOGLE_DOCS_PHISH_2)
 describe    GOOGLE_DOCS_PHISH    E-mail account phishing via a Google Docs form
-score       GOOGLE_DOCS_PHISH    3.00	# limit, until reviewed
+score       GOOGLE_DOCS_PHISH    3.00	# limit
 tflags      GOOGLE_DOCS_PHISH    publish	# Force publication - great S/O, hits only <= 6 points
 
 meta        URI_GOOGLE_DOCS      __URI_GOOGLE_DOC && !__DKIM_EXISTS && !__TO_EQ_FROM_DOM && !__DOS_REF_TODAY && !__DOS_BODY_FRI && !__DOS_BODY_WED && !__freemail_safe_fwd && !__TO_EQ_FROM_DOM && !__HAS_ERRORS_TO
@@ -1011,8 +1011,9 @@ score       URI_GOOGLE_DOCS      1.00	# 
 
 meta        __EMAIL_URI_PHISH    __HAS_ANY_URI && !__URI_GOOGLE_DOC && __EMAIL_PHISH
 meta        EMAIL_URI_PHISH      __EMAIL_URI_PHISH && !ALL_TRUSTED && !__UNSUB_LINK && !__TAG_EXISTS_CENTER && !__HAS_SENDER && !__CAN_HELP && !__VIA_ML && !__RCD_RDNS_MTA_MESSY && !__UPPERCASE_URI && !__HAS_CC
-score       EMAIL_URI_PHISH      2.00	# limit
+score       EMAIL_URI_PHISH      2.50	# limit
 describe    EMAIL_URI_PHISH      Email account phishing using hosted form
+tflags      EMAIL_URI_PHISH      publish	# Force publication - very good S/O, hits mainly <= 3 points
 
 # suggested by MPerkel on the users list 11/10/2012
 uri         __URI_PROTO_MC       /^(?!(?-i:(?:[Hh]ttps?|HTTPS?):))https?:/i