You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/10/05 20:55:39 UTC
svn commit: r1842983 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Fri Oct 5 20:55:39 2018
New Revision: 1842983
URL: http://svn.apache.org/viewvc?rev=1842983&view=rev
Log:
Add an obfuscated bitcoin rule based on a users list suggestion
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1842983&r1=1842982&r2=1842983&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Fri Oct 5 20:55:39 2018
@@ -1868,6 +1868,15 @@ body __BITCOIN_ID /\b(?<!=
meta BTC_ORG __BITCOIN_ID && __HAS_ORGANIZATION
describe BTC_ORG Bitcoin wallet ID + unusual header
+# bitcoin obfuscation - tip o' the hat to Steve Zinski on the users list, with a little cleanup
+# __BTC_OBFU_4 may duplicate (to a degree) FUZZY_BITCOIN, clean up if this performs well
+body __BTC_OBFU_2 /\b\W{0,10}b(?!itcoin)\W{0,10}i\W{0,10}t\W{0,10}c\W{0,10}o\W{0,10}i\W{0,10}n\W{0,10}\b/i
+body __BTC_OBFU_3 /\b\W{0,10}b(?!tc\b)\W{0,10}t\W{0,10}c\W{0,10}\b/i
+body __BTC_OBFU_4 /\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i
+meta OBFU_BITCOIN ( __BITCOIN_ID && ( __BTC_OBFU_2 || __BTC_OBFU_3 || __BTC_OBFU_4 ) )
+describe OBFU_BITCOIN Obfuscated BitCoin references
+score OBFU_BITCOIN 2.000 # limit
+
#body NUM_FREE /\b\d+free/i
#describe NUM_FREE Number + free