You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2007/07/05 02:37:09 UTC
svn commit: r553353 - in /spamassassin/rules/trunk/sandbox/felicity:
70_other.cf sandbox-felicity.pm
Author: felicity
Date: Wed Jul 4 17:37:08 2007
New Revision: 553353
URL: http://svn.apache.org/viewvc?view=rev&rev=553353
Log:
go ahead and try a few pdf-spam rules
Modified:
spamassassin/rules/trunk/sandbox/felicity/70_other.cf
spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?view=diff&rev=553353&r1=553352&r2=553353
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Wed Jul 4 17:37:08 2007
@@ -245,9 +245,23 @@
header TVD_RATWARE_MSGID_02 Message-ID =~ /^[^<]*<[a-z]+\@/
########################################################################
-#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
-#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
-#endif
+loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+body QP_LENGTH_77_78 eval:check_quotedprintable_length('77','78')
+body QP_LENGTH_78_79 eval:check_quotedprintable_length('78','79')
+body QP_LENGTH_79_80 eval:check_quotedprintable_length('79','80')
+body QP_LENGTH_80_81 eval:check_quotedprintable_length('80','81')
+body QP_LENGTH_81_82 eval:check_quotedprintable_length('81','82')
+body QP_LENGTH_82_83 eval:check_quotedprintable_length('82','83')
+body QP_LENGTH_83_84 eval:check_quotedprintable_length('83','84')
+body QP_LENGTH_84_85 eval:check_quotedprintable_length('84','85')
+body QP_LENGTH_85_86 eval:check_quotedprintable_length('85','86')
+body QP_LENGTH_86_87 eval:check_quotedprintable_length('86','87')
+body QP_LENGTH_87_88 eval:check_quotedprintable_length('87','88')
+body QP_LENGTH_88_89 eval:check_quotedprintable_length('88','89')
+body QP_LENGTH_89_90 eval:check_quotedprintable_length('89','90')
+body QP_LENGTH_90_INF eval:check_quotedprintable_length('90')
+endif
########################################################################
ifplugin Mail::SpamAssassin::Plugin::MIMEEval
@@ -314,3 +328,53 @@
ifplugin Mail::SpamAssassin::Plugin::BodyEval
body TVD_STOCK1 eval:check_stock_info('2')
endif
+
+
+# fine, let's aim at some of the PDF spam that's around these days
+
+# 3.366 3.6797 1.3100 0.737 0.59 0.00 TVD_PDF_01
+# 0.919 1.0598 0.0000 1.000 0.61 0.00 TVD_PDF_02
+# 1.597 1.8161 0.1611 0.919 0.86 0.00 TVD_PDF_03
+# 0.919 1.0598 0.0000 1.000 0.61 0.00 TVD_PDF_20
+header TVD_PDF_01 Message-Id =~ /<[0-9A-F]{8}\.\d{7}\@/
+header TVD_PDF_02 Subject =~ /\.pdf/
+header TVD_PDF_03 Content-Type =~ /boundary="-{12}\d{24}"/
+meta TVD_PDF_20 TVD_PDF_01 && TVD_PDF_02 && TVD_PDF_03
+
+# 0.919 1.0598 0.0000 1.000 0.61 0.00 TVD_PDF_21
+# 1.133 1.2977 0.0537 0.960 0.71 0.00 TVD_PDF_22
+# 0.919 1.0598 0.0000 1.000 0.61 0.00 TVD_PDF_23
+meta TVD_PDF_21 TVD_PDF_01 && TVD_PDF_02
+meta TVD_PDF_22 TVD_PDF_01 && TVD_PDF_03
+meta TVD_PDF_23 TVD_PDF_02 && TVD_PDF_03
+
+# 1.133 1.2977 0.0537 0.960 0.71 0.00 TVD_PDF_22B
+# 0.919 1.0598 0.0000 1.000 0.61 0.00 TVD_PDF_23B
+# 3.518 3.9094 0.9557 0.804 1.00 0.00 TVD_PDF_03B
+# 1.032 1.1894 0.0000 1.000 0.80 0.00 TVD_PDF_25B
+header TVD_PDF_03B Content-Type =~ /boundary="-{2,}\d{8,}"/
+meta TVD_PDF_22B TVD_PDF_01 && TVD_PDF_03B
+meta TVD_PDF_23B TVD_PDF_02 && TVD_PDF_03B
+meta TVD_PDF_25B TVD_PDF_22B && TVD_PDF_24
+
+# 1.035 1.1910 0.0107 0.991 0.76 0.00 __TVD_PDF_ATT_AP
+# 74.260 77.0441 56.0399 0.579 0.51 0.00 __TVD_PDF_ATT_TP
+# 2.051 1.5519 5.3152 0.226 0.00 0.00 __TVD_PDF_CT_MM
+# 1.035 1.1910 0.0107 0.991 0.76 0.00 TVD_PDF_24
+# 0.001 0.0016 0.0000 1.000 0.43 0.00 TVD_PDF_25
+header __TVD_PDF_CT_MM Content-Type =~ /^multipart\/mixed/i
+mimeheader __TVD_PDF_ATT_TP Content-Type =~ /^text\/plain/i
+mimeheader __TVD_PDF_ATT_AP Content-Type =~ /^application\/pdf/i
+meta TVD_PDF_24 __TVD_PDF_CT_MM && __TVD_PDF_ATT_TP && __TVD_PDF_ATT_AP
+meta TVD_PDF_25 TVD_PDF_22 && TVD_PDF_24
+
+# 1.032 1.1894 0.0000 1.000 0.80 0.00 TVD_PDF_26
+# 1.032 1.1894 0.0000 1.000 0.80 0.00 TVD_PDF_26B
+meta TVD_PDF_26 __TVD_PDF_CT_MM && TVD_PDF_03 && __TVD_PDF_ATT_AP
+meta TVD_PDF_26B __TVD_PDF_CT_MM && TVD_PDF_03B && __TVD_PDF_ATT_AP
+
+# 98.910 98.7434 100.0000 0.497 0.00 0.00 __TVD_PDF_04
+# 1.025 1.1812 0.0000 1.000 0.00 0.00 TVD_PDF_27
+# body fails due to subject ...
+rawbody __TVD_PDF_04 /\S{4}/
+meta TVD_PDF_27 __TVD_PDF_CT_MM && __TVD_PDF_ATT_TP && __TVD_PDF_ATT_AP && !__TVD_PDF_04
Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?view=diff&rev=553353&r1=553352&r2=553353
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Wed Jul 4 17:37:08 2007
@@ -37,9 +37,46 @@
bless ($self, $class);
# the important bit!
- #$self->register_eval_rule ("check_base64_length");
+ $self->register_eval_rule ("check_quotedprintable_length");
return $self;
}
+
+sub check_quotedprintable_length {
+ my $self = shift;
+ my $pms = shift;
+ shift; # body array, unnecessary
+ my $min = shift;
+ my $max = shift;
+
+ if (!defined $pms->{quotedprintable_length}) {
+ $pms->{quotedprintable_length} = $self->_check_quotedprintable_length($pms->{msg});
+ }
+
+ return 0 if (defined $max && $pms->{quotedprintable_length} > $max);
+ return $pms->{quotedprintable_length} >= $min;
+}
+
+sub _check_quotedprintable_length {
+ my $self = shift;
+ my $msg = shift;
+
+ my $result = 0;
+
+ foreach my $p ($msg->find_parts(qr@.@, 1)) {
+ my $ctype=
+ Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
+
+ my $cte = lc $p->get_header('content-transfer-encoding') || '';
+ next if ($cte !~ /^quoted-printable$/);
+ foreach my $l ( @{$p->raw()} ) {
+ my $len = length $l;
+ $result = $len if ($len > $result);
+ }
+ }
+
+ return $result;
+}
+
1;