You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2008/08/18 16:49:07 UTC
svn commit: r686777 - /spamassassin/rules/trunk/sandbox/jm/20_basic.cf
Author: jm
Date: Mon Aug 18 07:49:07 2008
New Revision: 686777
URL: http://svn.apache.org/viewvc?rev=686777&view=rev
Log:
add some test rules based on recent spam; MSNBC_THREAD_INDEX, MSNBC_HDR_ORDER, MSNBC_MESSAGEGUID, JM_HOODIA, BBC_RCVD_NCHAR_RAW
Modified:
spamassassin/rules/trunk/sandbox/jm/20_basic.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?rev=686777&r1=686776&r2=686777&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Mon Aug 18 07:49:07 2008
@@ -305,3 +305,13 @@
header FAKE_OUTBLAZE_RCVD_168_2 X-Spam-Relays-Untrusted =~ /168city\./
header FAKE_OUTBLAZE_RCVD_PURIN_2 X-Spam-Relays-Untrusted =~ /purinmail\./
+# some rules from the MSNBC spam run (Rustock trojan)
+header MSNBC_THREAD_INDEX ALL =~ /\nthread-index: /s
+header MSNBC_HDR_ORDER ALL =~ /\nContent-Transfer-Encoding: 7bit\nX-Mailer: Microsoft CDO for Windows 2000\nContent-Class: urn:content-classes:message\nImportance: normal\nPriority: normal\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119\n/s
+header MSNBC_MESSAGEGUID exists:messageGUID
+
+body JM_HOODIA /Hoodia has been showned on/
+
+# "BBC news headlines" botnet uses this broken template
+header BBC_RCVD_NCHAR_RAW Received =~ / with (?:esmtp|ESMTP) \({nChar\[8-12\]} {nChar\[4-6\]}\)/
+