You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2021/01/12 18:44:43 UTC
svn commit: r1885404 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Tue Jan 12 18:44:43 2021
New Revision: 1885404

URL: http://svn.apache.org/viewvc?rev=1885404&view=rev
Log:
FP Avoidance tuning

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1885404&r1=1885403&r2=1885404&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Tue Jan 12 18:44:43 2021
@@ -1945,7 +1945,8 @@ ifplugin Mail::SpamAssassin::Plugin::Rep
   meta          FUZZY_WELLSFARGO         __FUZZY_WELLSFARGO_BODY || __FUZZY_WELLSFARGO_FROM
   describe      FUZZY_WELLSFARGO         Obfuscated "Wells Fargo"
 
-  body          FUZZY_PORN          /<P>(?!ornograph)<O><R><N><O><G><R><A><P><H>/i
+  body          __FUZZY_PORN        /<P>(?!ornograph)<O><R><N><O><G><R><A><P><H>/i
+  meta          FUZZY_PORN          __FUZZY_PORN && !( __ENV_AND_HDR_FROM_MATCH && __SENDER_BOT )
   replace_rules FUZZY_PORN      
   describe      FUZZY_PORN          Obfuscated "Pornography" or "Pornographic"
   #tflags        FUZZY_PORN          publish
@@ -2109,7 +2110,7 @@ else
 endif
 meta           __EXTORT_MANY          (__MY_MALWARE + __PAY_ME + __MY_VICTIM + __YOUR_WEBCAM + __YOUR_ONAN + __YOUR_PERSONAL + __HOURS_DEADLINE + __YOUR_PASSWORD + LOCALPART_IN_SUBJECT + __DESTROY_ME + __DESTROY_YOU + __EXPLOSIVE_DEVICE) > 2
 
-meta           BITCOIN_EXTORT_01      __BITCOIN_ID && __EXTORT_MANY
+meta           BITCOIN_EXTORT_01      (__BITCOIN_ID && __EXTORT_MANY) && !( __FROM_FULL_NAME && __SENDER_BOT && __SINGLE_WORD_LINE && __MIME_HTML && __PHPMAILER_MUA )
 describe       BITCOIN_EXTORT_01      Extortion spam, pay via BitCoin
 score          BITCOIN_EXTORT_01      5.000	# limit
 tflags         BITCOIN_EXTORT_01      publish
@@ -3494,9 +3495,6 @@ describe   MIXED_HREF_CASE             H
 score      MIXED_HREF_CASE             2.000	 # limit
 tflags     MIXED_HREF_CASE             publish
 
-# noticed in a couple of 419 spams
-header     __REPTO_ADDR_MALF_ENC       Reply-To:addr =~ /^=\?[^?]+\?.\?[^?]+\?=$/
-
 # phishing content
 uri        __URI_FIREBASEAPP           m,://[^.]+\.firebaseapp\.com/,
 meta       URI_FIREBASEAPP             __URI_FIREBASEAPP