You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2019/03/23 05:45:55 UTC

svn commit: r1856107 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Sat Mar 23 05:45:55 2019
New Revision: 1856107

URL: http://svn.apache.org/viewvc?rev=1856107&view=rev
Log:
Tuning Bitcoin extortion rules to respond to spammer changes

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1856107&r1=1856106&r2=1856107&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sat Mar 23 05:45:55 2019
@@ -1952,6 +1952,17 @@ describe       BITCOIN_SPAM_10  BitCoin
 score          BITCOIN_SPAM_10  2.500	# limit
 tflags         BITCOIN_SPAM_10  publish
 
+meta           BITCOIN_SPAM_11  __BITCOIN_ID && HTML_MESSAGE && __HTML_SHRT_CMNT_OBFU
+describe       BITCOIN_SPAM_11  BitCoin spam pattern 11
+score          BITCOIN_SPAM_11  2.500	# limit
+tflags         BITCOIN_SPAM_11  publish
+
+meta           BITCOIN_SPAM_12  __BITCOIN_ID && __BOGUS_MIME_HDR_MANY
+describe       BITCOIN_SPAM_12  BitCoin spam pattern 12
+score          BITCOIN_SPAM_12  2.500	# limit
+tflags         BITCOIN_SPAM_12  publish
+
+
 ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
   body           __MY_VICTIM            /(?:<H><I>|<H><E><L><L><O>),?(?:\s<M><Y>)?\s(?:<V><I><C><T><I><M>|<P><R><E><Y>)/i
   replace_rules  __MY_VICTIM
@@ -2583,7 +2594,7 @@ if can(Mail::SpamAssassin::Conf::feature
   # more-precise version of __OBFUSCATING_COMMENT_A
   rawbody    __HTML_SHRT_CMNT_OBFU       /\w<!--\s*\w+\s*-->\w/
   tflags     __HTML_SHRT_CMNT_OBFU       multiple maxhits=10
-  meta       __HTML_SHRT_CMNT_OBFU_MANY  __HTML_SHRT_CMNT_OBFU > 9 && HTML_MESSAGE
+  meta       __HTML_SHRT_CMNT_OBFU_MANY  __HTML_SHRT_CMNT_OBFU > 5 && HTML_MESSAGE
   meta       HTML_SHRT_CMNT_OBFU_MANY    __HTML_SHRT_CMNT_OBFU_MANY
   describe   HTML_SHRT_CMNT_OBFU_MANY    Obfuscation with many short HTML comments
   score      HTML_SHRT_CMNT_OBFU_MANY    2.500	# limit
@@ -2661,6 +2672,10 @@ if can(Mail::SpamAssassin::Conf::feature
   meta       ZW_OBFU_FREEM              __UNICODE_OBFU_ZW && __freemail_hdr_replyto 
   describe   ZW_OBFU_FREEM              Obfuscated text + freemail
   score      ZW_OBFU_FREEM              2.000	# limit
+
+  full       __BOGUS_MIME_HDR            /\bContent-[XYZ]-[a-z]{6,15}:\s+[a-z]{6,15}\b/
+  tflags     __BOGUS_MIME_HDR            multiple maxhits=8
+  meta       __BOGUS_MIME_HDR_MANY       __BOGUS_MIME_HDR > 7
 endif