You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2015/12/17 22:37:28 UTC
svn commit: r1720668 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Thu Dec 17 21:37:28 2015
New Revision: 1720668
URL: http://svn.apache.org/viewvc?rev=1720668&view=rev
Log:
tweak GOOG_MALWARE_DNLD per new sample
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1720668&r1=1720667&r2=1720668&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Dec 17 21:37:28 2015
@@ -1887,7 +1887,7 @@ describe DUP_SUSP_HDR
score DUP_SUSP_HDR 2.500 # limit
# seen 10/2014: "https://www.google.com/url?q=https://copy.com/ApbFn2848pQm/ShippingInvoice_6974.PDF.scr?download=1&sa=D&sntz=1&usg=AFQjCNGhvWhljnujQlP85tA6YUsddfuJow"
-uri __GOOG_MALWARE_DNLD m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
+uri __GOOG_MALWARE_DNLD m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&/]download;i
meta GOOG_MALWARE_DNLD __GOOG_MALWARE_DNLD
describe GOOG_MALWARE_DNLD File download via Google - Malware?
score GOOG_MALWARE_DNLD 5.000 # limit