You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2007/07/05 02:37:09 UTC

svn commit: r553353 - in /spamassassin/rules/trunk/sandbox/felicity: 70_other.cf sandbox-felicity.pm

Author: felicity
Date: Wed Jul  4 17:37:08 2007
New Revision: 553353

URL: http://svn.apache.org/viewvc?view=rev&rev=553353
Log:
go ahead and try a few pdf-spam rules

Modified:
    spamassassin/rules/trunk/sandbox/felicity/70_other.cf
    spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm

Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?view=diff&rev=553353&r1=553352&r2=553353
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Wed Jul  4 17:37:08 2007
@@ -245,9 +245,23 @@
 header TVD_RATWARE_MSGID_02	Message-ID =~ /^[^<]*<[a-z]+\@/
 
 ########################################################################
-#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
-#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
-#endif
+loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+body QP_LENGTH_77_78	eval:check_quotedprintable_length('77','78')
+body QP_LENGTH_78_79	eval:check_quotedprintable_length('78','79')
+body QP_LENGTH_79_80	eval:check_quotedprintable_length('79','80')
+body QP_LENGTH_80_81	eval:check_quotedprintable_length('80','81')
+body QP_LENGTH_81_82	eval:check_quotedprintable_length('81','82')
+body QP_LENGTH_82_83	eval:check_quotedprintable_length('82','83')
+body QP_LENGTH_83_84	eval:check_quotedprintable_length('83','84')
+body QP_LENGTH_84_85	eval:check_quotedprintable_length('84','85')
+body QP_LENGTH_85_86	eval:check_quotedprintable_length('85','86')
+body QP_LENGTH_86_87	eval:check_quotedprintable_length('86','87')
+body QP_LENGTH_87_88	eval:check_quotedprintable_length('87','88')
+body QP_LENGTH_88_89	eval:check_quotedprintable_length('88','89')
+body QP_LENGTH_89_90	eval:check_quotedprintable_length('89','90')
+body QP_LENGTH_90_INF	eval:check_quotedprintable_length('90')
+endif
 ########################################################################
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEEval
@@ -314,3 +328,53 @@
 ifplugin Mail::SpamAssassin::Plugin::BodyEval
 body TVD_STOCK1    eval:check_stock_info('2')
 endif
+
+
+# fine, let's aim at some of the PDF spam that's around these days
+
+#  3.366   3.6797   1.3100    0.737   0.59    0.00  TVD_PDF_01
+#  0.919   1.0598   0.0000    1.000   0.61    0.00  TVD_PDF_02
+#  1.597   1.8161   0.1611    0.919   0.86    0.00  TVD_PDF_03
+#  0.919   1.0598   0.0000    1.000   0.61    0.00  TVD_PDF_20
+header TVD_PDF_01 Message-Id =~ /<[0-9A-F]{8}\.\d{7}\@/
+header TVD_PDF_02 Subject =~ /\.pdf/
+header TVD_PDF_03 Content-Type =~ /boundary="-{12}\d{24}"/
+meta TVD_PDF_20 TVD_PDF_01 && TVD_PDF_02 && TVD_PDF_03
+
+#  0.919   1.0598   0.0000    1.000   0.61    0.00  TVD_PDF_21
+#  1.133   1.2977   0.0537    0.960   0.71    0.00  TVD_PDF_22
+#  0.919   1.0598   0.0000    1.000   0.61    0.00  TVD_PDF_23
+meta TVD_PDF_21 TVD_PDF_01 && TVD_PDF_02
+meta TVD_PDF_22 TVD_PDF_01 && TVD_PDF_03
+meta TVD_PDF_23 TVD_PDF_02 && TVD_PDF_03
+
+#  1.133   1.2977   0.0537    0.960   0.71    0.00  TVD_PDF_22B
+#  0.919   1.0598   0.0000    1.000   0.61    0.00  TVD_PDF_23B
+#  3.518   3.9094   0.9557    0.804   1.00    0.00  TVD_PDF_03B
+#  1.032   1.1894   0.0000    1.000   0.80    0.00  TVD_PDF_25B
+header TVD_PDF_03B Content-Type =~ /boundary="-{2,}\d{8,}"/
+meta TVD_PDF_22B TVD_PDF_01 && TVD_PDF_03B
+meta TVD_PDF_23B TVD_PDF_02 && TVD_PDF_03B
+meta TVD_PDF_25B TVD_PDF_22B && TVD_PDF_24
+
+#  1.035   1.1910   0.0107    0.991   0.76    0.00  __TVD_PDF_ATT_AP
+# 74.260  77.0441  56.0399    0.579   0.51    0.00  __TVD_PDF_ATT_TP
+#  2.051   1.5519   5.3152    0.226   0.00    0.00  __TVD_PDF_CT_MM
+#  1.035   1.1910   0.0107    0.991   0.76    0.00  TVD_PDF_24
+#  0.001   0.0016   0.0000    1.000   0.43    0.00  TVD_PDF_25
+header __TVD_PDF_CT_MM	Content-Type =~ /^multipart\/mixed/i
+mimeheader __TVD_PDF_ATT_TP	Content-Type =~ /^text\/plain/i
+mimeheader __TVD_PDF_ATT_AP	Content-Type =~ /^application\/pdf/i
+meta TVD_PDF_24 __TVD_PDF_CT_MM && __TVD_PDF_ATT_TP && __TVD_PDF_ATT_AP
+meta TVD_PDF_25 TVD_PDF_22 && TVD_PDF_24
+
+#  1.032   1.1894   0.0000    1.000   0.80    0.00  TVD_PDF_26
+#  1.032   1.1894   0.0000    1.000   0.80    0.00  TVD_PDF_26B
+meta TVD_PDF_26 __TVD_PDF_CT_MM && TVD_PDF_03 && __TVD_PDF_ATT_AP
+meta TVD_PDF_26B __TVD_PDF_CT_MM && TVD_PDF_03B && __TVD_PDF_ATT_AP
+
+# 98.910  98.7434  100.0000    0.497   0.00    0.00  __TVD_PDF_04
+#  1.025   1.1812   0.0000    1.000   0.00    0.00  TVD_PDF_27
+# body fails due to subject ...
+rawbody __TVD_PDF_04	/\S{4}/
+meta TVD_PDF_27 __TVD_PDF_CT_MM && __TVD_PDF_ATT_TP && __TVD_PDF_ATT_AP && !__TVD_PDF_04

Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?view=diff&rev=553353&r1=553352&r2=553353
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Wed Jul  4 17:37:08 2007
@@ -37,9 +37,46 @@
   bless ($self, $class);
 
   # the important bit!
-  #$self->register_eval_rule ("check_base64_length");
+  $self->register_eval_rule ("check_quotedprintable_length");
 
   return $self;
 }
+
+sub check_quotedprintable_length {
+  my $self = shift;
+  my $pms = shift;
+  shift; # body array, unnecessary
+  my $min = shift;
+  my $max = shift;
+
+  if (!defined $pms->{quotedprintable_length}) {
+    $pms->{quotedprintable_length} = $self->_check_quotedprintable_length($pms->{msg});
+  }
+
+  return 0 if (defined $max && $pms->{quotedprintable_length} > $max);
+  return $pms->{quotedprintable_length} >= $min;
+}
+
+sub _check_quotedprintable_length {
+  my $self = shift;
+  my $msg = shift;
+
+  my $result = 0;
+
+  foreach my $p ($msg->find_parts(qr@.@, 1)) {
+    my $ctype=
+      Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
+
+    my $cte = lc $p->get_header('content-transfer-encoding') || '';
+    next if ($cte !~ /^quoted-printable$/);
+    foreach my $l ( @{$p->raw()} ) {
+      my $len = length $l;
+      $result = $len if ($len > $result);
+    }
+  }
+  
+  return $result;
+}
+
 
 1;