You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by ax...@apache.org on 2011/11/16 08:50:07 UTC
svn commit: r1202567 - /spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf
Author: axb
Date: Wed Nov 16 07:50:07 2011
New Revision: 1202567
URL: http://svn.apache.org/viewvc?rev=1202567&view=rev
Log: (empty)
Modified:
spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf
Modified: spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf?rev=1202567&r1=1202566&r2=1202567&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/axb/20_axb_misc.cf Wed Nov 16 07:50:07 2011
@@ -16,19 +16,11 @@ header AXB_FR0M_FAKE From:na
describe AXB_FR0M_FAKE Forged domain in name
-# 2011-09-27
-header AXB_XM_BULKWARE_DEFAULT X-Mailer =~ /^Default$/
-describe AXB_XM_BULKWARE_DEFAULT Bulkware fingerprint
-
# 2011-09-26
rawbody AXB_B_RAW_CTRLCLICK /\bControl\.invoke\(\'MessagePartBody\'\,\'_onBodyClick\'\,event\)\;\"\>/
describe AXB_B_RAW_CTRLCLICK Suspicious fingerprint
-# 2011-09-21
-header AXB_X_PHPSCRP_WRDPRESS X-PHP-Script =~ /\/wp\-content\/themes\//
-describe AXB_X_PHPSCRP_WRDPRESS Possibly Abused Wordpress site
-
# 2011-09-14 - Suggested by rfg / patternity
header AXB_XM_SENTBY exists:X-Mailer-Sent-By
@@ -40,30 +32,29 @@ header AXB_XPHP_ORISCRIPT_RC
describe AXB_XPHP_ORISCRIPT_RC Possibly hacked webmail
# 2011-08-02
-header AXB_XM_QCVR X-Mailer =~ /\bQuickConveyor\b/
-describe AXB_XM_QCVR Bulk fingerprint
+# header AXB_XM_QCVR X-Mailer =~ /\bQuickConveyor\b/
+# describe AXB_XM_QCVR Bulk fingerprint
# 2011-07-27
-header AXB_XRCVD_XYZCRP Received =~ /\(envelope\-sender \<\#\@\[\]\>\)/
-describe AXB_XRCVD_XYZCRP sender fingerprint
+# header AXB_XRCVD_XYZCRP Received =~ /\(envelope\-sender \<\#\@\[\]\>\)/
+# describe AXB_XRCVD_XYZCRP sender fingerprint
# 2011-07-08
-header AXB_XRCVD_APACHE_CTRIP Received =~ /\bfrom apache by ctrip\.com\b/i
-describe AXB_XRCVD_APACHE_CTRIP possibly forged ctrip sender - apache
+# header AXB_XRCVD_APACHE_CTRIP Received =~ /\bfrom apache by ctrip\.com\b/i
+# describe AXB_XRCVD_APACHE_CTRIP possibly forged ctrip sender - apache
-header AXB_XMID_PFIX_CTRIP Message-ID =~ /\<[A-F0-9]{8}.[0-9]{6}\@ctrip\.com\>/
-describe AXB_XMID_PFIX_CTRIP possibly forged ctrip sender - postfix
+# header AXB_XMID_PFIX_CTRIP Message-ID =~ /\<[A-F0-9]{8}.[0-9]{6}\@ctrip\.com\>/
+# describe AXB_XMID_PFIX_CTRIP possibly forged ctrip sender - postfix
-header AXB_XMID_EXIM_CTRIP Message-ID =~ /\<[A-F0-9]{32}\@ctrip\.com\>/
-describe AXB_XMID_EXIM_CTRIP possibly forged ctrip sender - exim
+# header AXB_XMID_EXIM_CTRIP Message-ID =~ /\<[A-F0-9]{32}\@ctrip\.com\>/
+# describe AXB_XMID_EXIM_CTRIP possibly forged ctrip sender - exim
-header AXB_X_PHPS_CTRIP X-PHP-Script =~ /\bctrip\.com\/sendmail\.php\b/
-describe AXB_X_PHPS_CTRIP possibly forged ctrip sender - php
+# header AXB_X_PHPS_CTRIP X-PHP-Script =~ /\bctrip\.com\/sendmail\.php\b/
+# describe AXB_X_PHPS_CTRIP possibly forged ctrip sender - php
-########### ARG.. when will I learn to copy/paste :-(
-header AXB_XRCVD_FRMCTRIP Received =~ /from ctrip\.com\b/
-describe AXB_XRCVD_FRMCTRIP possibly forged ctrip sender - rcvd
+# header AXB_XRCVD_FRMCTRIP Received =~ /from ctrip\.com\b/
+# describe AXB_XRCVD_FRMCTRIP possibly forged ctrip sender - rcvd
#