You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2009/09/04 15:49:19 UTC

svn commit: r811401 - in /spamassassin/trunk/rulesrc/sandbox/jhardin: 20_fillform.cf 20_lotsa_money.cf 20_tbird_image_spam.cf

Author: jhardin
Date: Fri Sep  4 13:49:18 2009
New Revision: 811401

URL: http://svn.apache.org/viewvc?rev=811401&view=rev
Log:
Tweak lots_of_money and tbird forgery ruleset test metas

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf?rev=811401&r1=811400&r2=811401&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf Fri Sep  4 13:49:18 2009
@@ -50,11 +50,11 @@
   # All variations together
   replace_tag FF_ALL (?:<FF_A1>|<FF_A2>|<FF_N1>|<FF_P1>|<FF_M1>|<FF_L1>|<FF_F1>|<FF_F2>|<FF_F3>|<FF_F4>|<FF_F5>)
 
-  # 3+ fields (low reliability, but add a few points anyway)
-  describe FILL_THIS_FORM_SHORT Fill in a form, 3+ questions
-  body     FILL_THIS_FORM_SHORT /(?:<FF_LNNO>?<FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>|<ANDOR>)){3,}/i
-  replace_rules   FILL_THIS_FORM_SHORT
-  score    FILL_THIS_FORM_SHORT 0.20
+  ## 3+ fields (low reliability, but add a few points anyway)
+  #describe FILL_THIS_FORM_SHORT Fill in a form, 3+ questions
+  #body     FILL_THIS_FORM_SHORT /(?:<FF_LNNO>?<FF_YOUR><FF_ALL><FF_SUFFIX>(?:<FF_BLANK2>|<ANDOR>)){3,}/i
+  #replace_rules   FILL_THIS_FORM_SHORT
+  #score    FILL_THIS_FORM_SHORT 0.20
 
   # 5+ fields (high reliability)
   describe FILL_THIS_FORM_LONG Fill in a form, 5+ questions

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=811401&r1=811400&r2=811401&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Fri Sep  4 13:49:18 2009
@@ -13,57 +13,60 @@
   describe LOTS_OF_MONEY    Huge... sums of money
   score    LOTS_OF_MONEY    0.01
 
-  # now combine with other stuff in metas to weed out FPs
+endif
+
+# now combine with other stuff in metas to weed out FPs
+ifplugin Mail::SpamAssassin::Plugin::FreeMail
   meta     MONEY_FREEMAIL   LOTS_OF_MONEY && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
   describe MONEY_FREEMAIL   Lots of money from someone using free email?
+endif
 
-  meta     MONEY_FROM_MISSP LOTS_OF_MONEY && __FROM_MISSPACED
-  describe MONEY_FROM_MISSP Lots of money and misspaced From
-
-  meta     MONEY_FORM       LOTS_OF_MONEY && (FILL_THIS_FORM_LONG || FILL_THIS_FORM_ML)
-  describe MONEY_FORM       Lots of money if you fill out a form
+meta     MONEY_FROM_MISSP LOTS_OF_MONEY && __FROM_MISSPACED
+describe MONEY_FROM_MISSP Lots of money and misspaced From
 
-  # The ADVANCE_FEE rules should probably be updated with LOTS_OF_MONEY
-  meta     MONEY_FEE        LOTS_OF_MONEY && (ADVANCE_FEE_2 || ADVANCE_FEE_3 || ADVANCE_FEE_4)
-  describe MONEY_FEE        Lots of money if you first pay a fee
-
-  body     LOTTO_WINNINGS   /claim your (?:win+ings|money|prize)/i
-  describe LOTTO_WINNINGS   Claim your winnings
-  score    LOTTO_WINNINGS   0.25
-
-  body     LOTTO_WIN_01     /\bwin+ing\s(?:prize|number|notification|draw|check|cheque|details|information)/i
-  describe LOTTO_WIN_01     Winning *
-  score    LOTTO_WIN_01     0.20
-
-  body     LOTTO_AGENT      /\b(?:claim(?:s|ing)?|fiduciary)\s?(?:agent|manager|officer)/i
-  describe LOTTO_AGENT      Claims Agent
-  score    LOTTO_AGENT      0.50
-
-  body     LOTTO_DEPT       /\b(?:claim(?:s|ing)?|fiduciary)\s?(?:department|unit|group)/i
-  describe LOTTO_DEPT       Claims Department
-  score    LOTTO_DEPT       0.20
-
-  header   LOTTO_AGENT_FM   From =~ /(?:claim(?:s|ing)?|fiduciary|dispatch)[\s_]?(?:agent|manager|officer)/i
-  describe LOTTO_AGENT_FM   Claims Agent
-  score    LOTTO_AGENT_FM   0.50
-
-  header   LOTTO_AGENT_RPLY Reply-To =~ /(?:claim(?:s|ing)?|fiduciary|dispatch)[\s_]?(?:agent|manager|officer)/i
-  describe LOTTO_AGENT_RPLY Claims Agent
-  score    LOTTO_AGENT_RPLY 0.50
-
-  body     LOTTO_ADMITS     /\b(?:online|ballot|(?:inter)?national|internet)\slottery/i
-  describe LOTTO_ADMITS     Admits to being a lottery
-  score    LOTTO_ADMITS     0.20
-
-  meta     MONEY_LOTTERY    LOTS_OF_MONEY && (LOTTO_WINNINGS || LOTTO_WIN_01 || LOTTO_AGENT || LOTTO_DEPT || LOTTO_AGENT_FM || LOTTO_AGENT_RPLY || LOTTO_ADMITS || DEAR_WINNER)
-  describe MONEY_LOTTERY    Lots of money from a lottery
-
-  body     __DEAL           /\b(?:business|financial|this)\s(?:deal|transaction)/i
-  body     __HUSH_HUSH      /\b(?:confidential|private|secre(?:t|cy)|sensitive)\b/i
-  body     __NO_RISK        /\b(?:no\srisk|risk[-\s]free)/i
-  meta     MONEY_DEAL       LOTS_OF_MONEY && __DEAL && __HUSH_HUSH && __NO_RISK
-  describe MONEY_DEAL       Lots of money in a secret deal
+meta     MONEY_FORM       LOTS_OF_MONEY && (FILL_THIS_FORM_LONG || FILL_THIS_FORM_ML)
+describe MONEY_FORM       Lots of money if you fill out a form
 
-endif
+# The ADVANCE_FEE rules should probably be updated with LOTS_OF_MONEY
+meta     MONEY_FEE        LOTS_OF_MONEY && (ADVANCE_FEE_2 || ADVANCE_FEE_3 || ADVANCE_FEE_4)
+describe MONEY_FEE        Lots of money if you first pay a fee
+
+# The existing LOTTO rules should be updated if this works out
+body     LOTTO_WINNINGS   /claim your (?:win+ings|money|prize)/i
+describe LOTTO_WINNINGS   Claim your winnings
+score    LOTTO_WINNINGS   0.25
+
+body     LOTTO_WIN_01     /\bwin+ing\s(?:prize|number|notification|draw|check|cheque|details|information)/i
+describe LOTTO_WIN_01     Winning *
+score    LOTTO_WIN_01     0.20
+
+body     LOTTO_AGENT      /\b(?:claim(?:s|ing)?|fiduciary)\s?(?:agent|manager|officer)/i
+describe LOTTO_AGENT      Claims Agent
+score    LOTTO_AGENT      0.50
+
+body     LOTTO_DEPT       /\b(?:claim(?:s|ing)?|fiduciary)\s?(?:department|unit|group)/i
+describe LOTTO_DEPT       Claims Department
+score    LOTTO_DEPT       0.20
+
+header   LOTTO_AGENT_FM   From =~ /(?:claim(?:s|ing)?|fiduciary|dispatch)[\s_]?(?:agent|manager|officer)/i
+describe LOTTO_AGENT_FM   Claims Agent
+score    LOTTO_AGENT_FM   0.50
+
+header   LOTTO_AGENT_RPLY Reply-To =~ /(?:claim(?:s|ing)?|fiduciary|dispatch)[\s_]?(?:agent|manager|officer)/i
+describe LOTTO_AGENT_RPLY Claims Agent
+score    LOTTO_AGENT_RPLY 0.50
+
+body     LOTTO_ADMITS     /\b(?:online|ballot|(?:inter)?national|internet)\slottery/i
+describe LOTTO_ADMITS     Admits to being a lottery
+score    LOTTO_ADMITS     0.20
+
+meta     MONEY_LOTTERY    LOTS_OF_MONEY && (LOTTO_WINNINGS || LOTTO_WIN_01 || LOTTO_AGENT || LOTTO_DEPT || LOTTO_AGENT_FM || LOTTO_AGENT_RPLY || LOTTO_ADMITS || DEAR_WINNER)
+describe MONEY_LOTTERY    Lots of money from a lottery
+
+body     __DEAL           /\b(?:business|financial|this)\s(?:deal|transaction)/i
+body     __HUSH_HUSH      /\b(?:confidential|private|secre(?:t|cy)|sensitive)\b/i
+body     __NO_RISK        /\b(?:no\srisk|risk[-\s]free)/i
+meta     MONEY_DEAL       LOTS_OF_MONEY && __DEAL && __HUSH_HUSH && __NO_RISK
+describe MONEY_DEAL       Lots of money in a secret deal
 
 

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf?rev=811401&r1=811400&r2=811401&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf Fri Sep  4 13:49:18 2009
@@ -28,8 +28,8 @@
 
 # Try it against other stuff, too,
 # "To without <>" might be useful outside the context of image spam
-meta       TO_NO_BRKTS_HTML        __TO_NO_ARROWS_R && HTML_MESSAGE
-score      TO_NO_BRKTS_HTML        0.20
+meta       TO_NO_BRKTS_HTML_IMG    __TO_NO_ARROWS_R && HTML_MESSAGE && __ONE_IMG
+score      TO_NO_BRKTS_HTML_IMG    0.20
 
 meta       TO_NO_BRKTS_HTML_ONLY   __TO_NO_ARROWS_R && MIME_HTML_ONLY
 score      TO_NO_BRKTS_HTML_ONLY   0.20
@@ -40,6 +40,14 @@
 meta       TO_NO_BRKTS_NORDNS      __TO_NO_ARROWS_R && RDNS_NONE
 score      TO_NO_BRKTS_NORDNS      0.20
 
+ifplugin Mail::SpamAssassin::Plugin::FreeMail
+  meta       TO_NO_BRKTS_FREEMAIL    __TO_NO_ARROWS_R && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
+  score      TO_NO_BRKTS_FREEMAIL    0.20
+endif
+
+meta       TO_NO_BRKTS_FROM_MSSP   __TO_NO_ARROWS_R && __FROM_MISSPACED
+score      TO_NO_BRKTS_FROM_MSSP   0.20
+
 
 
 # The boundary *does* FP on legit mail.  However, all of KB's recent samples