You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/11/07 01:38:11 UTC

svn commit: r1845977 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Wed Nov  7 01:38:11 2018
New Revision: 1845977

URL: http://svn.apache.org/viewvc?rev=1845977&view=rev
Log:
More bitcoin rule tweaks

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1845977&r1=1845976&r2=1845977&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Wed Nov  7 01:38:11 2018
@@ -1940,6 +1940,11 @@ describe       BITCOIN_SPAM_08  BitCoin
 score          BITCOIN_SPAM_08  1.500	# limit
 tflags         BITCOIN_SPAM_08  publish
 
+meta           BITCOIN_SPAM_09  __BITCOIN_ID && __DESTROY_ME
+describe       BITCOIN_SPAM_09  BitCoin spam pattern 09
+score          BITCOIN_SPAM_09  1.500	# limit
+tflags         BITCOIN_SPAM_09  publish
+
 
 ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
   body           __MY_VICTIM            /(?:<H><I>|<H><E><L><L><O>),?(?:\s<M><Y>)?\s<V><I><C><T><I><M>/i
@@ -1968,17 +1973,17 @@ else
   body           __YOUR_PERSONAL        /\byour\spersonal\s(?:info(?:rmation)?|data)\b/i
   body           __HOURS_DEADLINE       /\b(?:give\syou|you\shave)\s\d+\shours\b/i
 endif
-meta           BITCOIN_EXTORT_01      __BITCOIN_ID && __MY_MALWARE && __PAY_ME && ( __MY_VICTIM + __YOUR_WEBCAM + __YOUR_ONAN + __YOUR_PERSONAL + __HOURS_DEADLINE + __YOUR_PASSWORD + LOCALPART_IN_SUBJECT) > 2
+meta           BITCOIN_EXTORT_01      __BITCOIN_ID && __MY_MALWARE && ( __PAY_ME + __MY_VICTIM + __YOUR_WEBCAM + __YOUR_ONAN + __YOUR_PERSONAL + __HOURS_DEADLINE + __YOUR_PASSWORD + LOCALPART_IN_SUBJECT + __DESTROY_ME ) > 2
 describe       BITCOIN_EXTORT_01      Extortion spam, pay via BitCoin
-score          BITCOIN_EXTORT_01      4.750	# limit
+score          BITCOIN_EXTORT_01      5.000	# limit
 tflags         BITCOIN_EXTORT_01      publish
 
-meta           BITCOIN_PAY_ME         __BITCOIN_ID && __PAY_ME
+meta           BITCOIN_PAY_ME         __BITCOIN_ID && __PAY_ME && !BITCOIN_EXTORT_01
 describe       BITCOIN_PAY_ME         Pay me via BitCoin
 score          BITCOIN_PAY_ME         2.500	# limit
 tflags         BITCOIN_PAY_ME         publish
 
-meta           BITCOIN_MALWARE        __BITCOIN_ID && __MY_MALWARE && !__NOT_SPOOFED
+meta           BITCOIN_MALWARE        __BITCOIN_ID && __MY_MALWARE && !BITCOIN_EXTORT_01 && !__NOT_SPOOFED
 describe       BITCOIN_MALWARE        BitCoin + malware
 score          BITCOIN_MALWARE        3.000	# limit
 tflags         BITCOIN_MALWARE        publish