You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2015/01/24 22:04:10 UTC

svn commit: r1654576 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Sat Jan 24 21:04:09 2015
New Revision: 1654576

URL: http://svn.apache.org/r1654576
Log:
STYLE_GIBBERISH skip comments, add duplicated-header rule

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1654576&r1=1654575&r2=1654576&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sat Jan 24 21:04:09 2015
@@ -606,13 +606,13 @@ describe       GAPPY_PILLS
 
 body           __STYLE_TAG_IN_BODY      /<style(?:[^>]{0,30})?>/i
 body           __BODY_XHTML             /<x-html>/i
-rawbody        __STYLE_GIBBERISH_1      /<style[^>]{0,30}>(?:\s{0,80}(?!<\/style>)[^\s:;]){150}/im
+rawbody        __STYLE_GIBBERISH_1      /<style[^>]{0,30}>(?:\s{0,80}(?!<\/style>)(?:\/\*(?:\s|[^*<]|(?!\*\/)\*|(?!<\/style>)<){0,200}\*\/)){0,4}(?:\s{0,80}(?!<\/style>|\/\*)[^\s:;,]){150}/im
 rawbody        __STYLE_GIBBERISH_2      /\.style\w{0,20}\s{1,10}\{[^:;]{200}/im
 rawbody        __STYLE_GIBBERISH_3      /<style[^>]{0,30}>\s{0,30}(?:[\w:]{1,30}\s{0,10}\{[^}]{1,50}\}\s{0,80}){1,5}(?:[\w,.']{1,30}\s{1,10}){40}/im
 meta           __STYLE_GIBBERISH        (__STYLE_GIBBERISH_1 || __STYLE_GIBBERISH_2 || __STYLE_GIBBERISH_3)
 meta           STYLE_GIBBERISH          __STYLE_GIBBERISH && (__BODY_XHTML || !__STYLE_TAG_IN_BODY) && !__RCD_RDNS_MX_MESSY && !__HAS_THREAD_INDEX && !__ANY_OUTLOOK_MUA && !__MIME_QP && !__THREADED 
 describe       STYLE_GIBBERISH          Nonsense in HTML <STYLE> tag
-score          STYLE_GIBBERISH          4.00	# limit
+score          STYLE_GIBBERISH          3.50	# limit
 tflags         STYLE_GIBBERISH          publish
 
 body           __SCRIPT_TAG_IN_BODY     /<script>/i
@@ -1846,6 +1846,11 @@ body      __MYSTERY_SHOPPER
 
 header    __HAS_NO_RELAY                X-No-Relay =~ /./
 
+header    __DUP_SUSP_HDR                ALL =~ /\n(X-No-Relay)\s*:[ 	][^\n]{1,100}\n\1\s*:[ 	]/ism
+meta      DUP_SUSP_HDR                  __DUP_SUSP_HDR
+describe  DUP_SUSP_HDR                  Duplicate suspicious message headers
+score     DUP_SUSP_HDR                  0.500	# limit
+
 # seen 10/2014: "https://www.google.com/url?q=https://copy.com/ApbFn2848pQm/ShippingInvoice_6974.PDF.scr?download=1&sa=D&sntz=1&usg=AFQjCNGhvWhljnujQlP85tA6YUsddfuJow"
 uri       __GOOG_MALWARE_DNLD           m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
 meta      GOOG_MALWARE_DNLD             __GOOG_MALWARE_DNLD