You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2015/12/17 22:37:28 UTC

svn commit: r1720668 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Thu Dec 17 21:37:28 2015
New Revision: 1720668

URL: http://svn.apache.org/viewvc?rev=1720668&view=rev
Log:
tweak GOOG_MALWARE_DNLD per new sample

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1720668&r1=1720667&r2=1720668&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Dec 17 21:37:28 2015
@@ -1887,7 +1887,7 @@ describe  DUP_SUSP_HDR
 score     DUP_SUSP_HDR                  2.500	# limit
 
 # seen 10/2014: "https://www.google.com/url?q=https://copy.com/ApbFn2848pQm/ShippingInvoice_6974.PDF.scr?download=1&sa=D&sntz=1&usg=AFQjCNGhvWhljnujQlP85tA6YUsddfuJow"
-uri       __GOOG_MALWARE_DNLD           m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
+uri       __GOOG_MALWARE_DNLD           m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&/]download;i
 meta      GOOG_MALWARE_DNLD             __GOOG_MALWARE_DNLD
 describe  GOOG_MALWARE_DNLD             File download via Google - Malware?
 score     GOOG_MALWARE_DNLD             5.000   # limit