You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/10/05 20:55:39 UTC

svn commit: r1842983 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Fri Oct  5 20:55:39 2018
New Revision: 1842983

URL: http://svn.apache.org/viewvc?rev=1842983&view=rev
Log:
Add an obfuscated bitcoin rule based on a users list suggestion

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1842983&r1=1842982&r2=1842983&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Fri Oct  5 20:55:39 2018
@@ -1868,6 +1868,15 @@ body           __BITCOIN_ID     /\b(?<!=
 meta           BTC_ORG          __BITCOIN_ID && __HAS_ORGANIZATION
 describe       BTC_ORG          Bitcoin wallet ID + unusual header
 
+# bitcoin obfuscation - tip o' the hat to Steve Zinski on the users list, with a little cleanup
+# __BTC_OBFU_4 may duplicate (to a degree) FUZZY_BITCOIN, clean up if this performs well
+body           __BTC_OBFU_2     /\b\W{0,10}b(?!itcoin)\W{0,10}i\W{0,10}t\W{0,10}c\W{0,10}o\W{0,10}i\W{0,10}n\W{0,10}\b/i
+body           __BTC_OBFU_3     /\b\W{0,10}b(?!tc\b)\W{0,10}t\W{0,10}c\W{0,10}\b/i
+body           __BTC_OBFU_4     /\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i
+meta           OBFU_BITCOIN     ( __BITCOIN_ID && ( __BTC_OBFU_2 || __BTC_OBFU_3 || __BTC_OBFU_4 ) )
+describe       OBFU_BITCOIN     Obfuscated BitCoin references
+score          OBFU_BITCOIN     2.000	# limit
+
 
 #body          NUM_FREE         /\b\d+free/i
 #describe      NUM_FREE         Number + free