You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2013/03/31 03:36:24 UTC
svn commit: r1462870 - in /spamassassin/trunk/rulesrc/sandbox/jhardin:
20_advance_fee_reevolved.cf 20_lotsa_money.cf 20_misc_testing.cf
Author: jhardin
Date: Sun Mar 31 01:36:24 2013
New Revision: 1462870
URL: http://svn.apache.org/r1462870
Log:
More FP avoidance, add scored URI_BITLY, test a scored ADV_FEE_2 rule
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf?rev=1462870&r1=1462869&r2=1462870&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf Sun Mar 31 01:36:24 2013
@@ -24,8 +24,9 @@
#
meta __ADVANCE_FEE_2_NEW (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT + U
NCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 1) && !__THREAD_INDEX_GOOD
-#meta ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW
-#describe ADVANCE_FEE_2_NEW Appears to be advance fee fraud (Nigerian 419)
+meta T_ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW && !__SUBSCRIPTION_INFO && !__DKIM_EXISTS && !__HAS_SENDER && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_STYLE && !__HTML_LINK_IMAGE && !__COMMENT_EXISTS && !__HAS_X_LOOP
+describe T_ADVANCE_FEE_2_NEW Appears to be advance fee fraud (Nigerian 419)
+score T_ADVANCE_FEE_2_NEW 2.50 # limit
meta __ADVANCE_FEE_3_NEW (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH + __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT + U
NCLAIMED_MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 2) && !__THREAD_INDEX_GOOD
meta ADVANCE_FEE_3_NEW __ADVANCE_FEE_3_NEW && !__HTML_LINK_IMAGE && !__TAG_EXISTS_CENTER && !__COMMENT_EXISTS && !__VIA_ML && !__THREADED && !__UNSUB_LINK && !__UPPERCASE_URI && !__SURVEY && !__HAS_SENDER && !__HAS_X_LOOP
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=1462870&r1=1462869&r2=1462870&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Sun Mar 31 01:36:24 2013
@@ -49,7 +49,7 @@ describe MONEY_FORM Lots of mon
#score MONEY_FORM 3.0
meta __MONEY_FORM_SHORT LOTS_OF_MONEY && __FILL_THIS_FORM_SHORT
-meta MONEY_FORM_SHORT __MONEY_FORM_SHORT && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__HTML_LINK_IMAGE && !__UPPERCASE_URI && !__THREADED && !__COMMENT_EXISTS && !__TAG_EXISTS_CENTER
+meta MONEY_FORM_SHORT __MONEY_FORM_SHORT && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__HTML_LINK_IMAGE && !__UPPERCASE_URI && !__THREADED && !__COMMENT_EXISTS && !__TAG_EXISTS_CENTER && !__THREAD_INDEX_GOOD
describe MONEY_FORM_SHORT Lots of money if you fill out a short form
#score MONEY_FORM_SHORT 0.5
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1462870&r1=1462869&r2=1462870&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Mar 31 01:36:24 2013
@@ -600,7 +600,9 @@ describe IMAGESHACK_URI
#describe DYNDNS_URIS Has multiple dyndns.org URIs
uri __BITLY_URI /\/\/bit\.ly\//i
-#describe __BITLY_URI URI contains bit.ly
+meta BITLY_URI __BITLY_URI && !__SUBSCRIPTION_INFO && !__HAS_ANY_EMAIL && !__HAS_REPLY_TO && !__UNSUB_LINK && !__RCD_RDNS_MAIL_MESSY && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__TO_NO_BRKTS_HTML_ONLY && !__NOT_SPOOFED
+describe BITLY_URI URI contains bit.ly
+score BITLY_URI 2.25 # limit
uri __URI_OBFU_DOM /:\/\/(?:\w+\.)+(?:com|gov|net|org)(?:\.\w+){3,}\//i
meta URI_OBFU_DOM __URI_OBFU_DOM && !__VIA_ML
@@ -850,9 +852,9 @@ score TVD_SPACE_RATIO_MINFP 3.5
# sample from users list: Subject: Sta ffWork sFastToSen dTab le tsGood s
header __SUBJ_BROKEN_WORD Subject =~ /\s(?!i[PTM][aoh][bcdou])[a-z]{1,3}[A-Z][a-z]{2}/
tflags __SUBJ_BROKEN_WORD multiple maxhits=2
-meta SUBJ_BROKEN_WORD __SUBJ_BROKEN_WORD && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__MIME_QP && !__DOS_HAS_LIST_UNSUB && !__HAS_IN_REPLY_TO && !__THREADED && !__MSGID_JAVAMAIL && !__DKIM_EXISTS && !__RCD_RDNS_MAIL_MESSY && !__LOCAL_PP_NONPPURL
+meta SUBJ_BROKEN_WORD __SUBJ_BROKEN_WORD && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__MIME_QP && !__DOS_HAS_LIST_UNSUB && !__HAS_IN_REPLY_TO && !__THREADED && !__MSGID_JAVAMAIL && !__DKIM_EXISTS && !__RCD_RDNS_MAIL_MESSY && !__MSGID_OK_DIGITS
describe SUBJ_BROKEN_WORD Subject contains odd word break
-meta SUBJ_BROKEN_WORDS __SUBJ_BROKEN_WORD > 1 && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__MIME_QP && !__DOS_HAS_LIST_UNSUB && !__HAS_IN_REPLY_TO && !__THREADED && !__MSGID_JAVAMAIL && !__DKIM_EXISTS && !__RCD_RDNS_MAIL_MESSY && !__LOCAL_PP_NONPPURL
+meta SUBJ_BROKEN_WORDS __SUBJ_BROKEN_WORD > 1 && !__RP_MATCHES_RCVD && !__COMMENT_EXISTS && !__MIME_QP && !__DOS_HAS_LIST_UNSUB && !__HAS_IN_REPLY_TO && !__THREADED && !__MSGID_JAVAMAIL && !__DKIM_EXISTS && !__RCD_RDNS_MAIL_MESSY && !__MSGID_OK_DIGITS
describe SUBJ_BROKEN_WORDS Subject contains multiple odd word breaks
# felicity TVD_SUBJ_NUM_OBFU as subrule
@@ -1111,3 +1113,4 @@ score FOUND_YOU 3.25 # li
describe FOUND_YOU I found you...
+