You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2004/09/14 20:30:52 UTC
svn commit: rev 46032 - in spamassassin/trunk: . lib/Mail/SpamAssassin/Plugin rules
Author: felicity
Date: Tue Sep 14 11:30:51 2004
New Revision: 46032
Added:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MSExec.pm
spamassassin/trunk/rules/25_msexec.cf
Modified:
spamassassin/trunk/MANIFEST
spamassassin/trunk/rules/init.pre
Log:
add MSExec plugin to implement the previously removed MICROSOFT_EXECUTABLE rule
Modified: spamassassin/trunk/MANIFEST
==============================================================================
--- spamassassin/trunk/MANIFEST (original)
+++ spamassassin/trunk/MANIFEST Tue Sep 14 11:30:51 2004
@@ -1,48 +1,36 @@
BUGS
-CREDITS
-Changes
-INSTALL
-INSTALL.VMS
-LICENSE
-MANIFEST
-MANIFEST.SKIP
-Makefile.PL
-NOTICE
-PACKAGING
-README
-STATUS
-TRADEMARK
-UPGRADE
-USAGE
-build/README
build/cf_to_html
build/convert_pods_to_doc
build/find_meta_missing_dependencies
build/get_version
build/md5sum.pl
build/preprocessor
+build/README
build/sha1sum.pl
build/tag_nightly_mc
build/tag_weekly_mc
build/update_devel
build/update_stable
build/update_website_docs
+Changes
contrib/mbox-to-check
contrib/run-corpora
contrib/run-masses
+CREDITS
+INSTALL
+INSTALL.VMS
ldap/README
ldap/README.testing
ldap/sa_test.ldif
-lib/Mail/SpamAssassin.pm
lib/Mail/SpamAssassin/ArchiveIterator.pm
lib/Mail/SpamAssassin/AutoWhitelist.pm
lib/Mail/SpamAssassin/Bayes.pm
-lib/Mail/SpamAssassin/BayesStore.pm
lib/Mail/SpamAssassin/BayesStore/DBM.pm
+lib/Mail/SpamAssassin/BayesStore.pm
lib/Mail/SpamAssassin/BayesStore/SQL.pm
-lib/Mail/SpamAssassin/Conf.pm
lib/Mail/SpamAssassin/Conf/LDAP.pm
lib/Mail/SpamAssassin/Conf/Parser.pm
+lib/Mail/SpamAssassin/Conf.pm
lib/Mail/SpamAssassin/Conf/SQL.pm
lib/Mail/SpamAssassin/Constants.pm
lib/Mail/SpamAssassin/DBBasedAddrList.pm
@@ -50,48 +38,51 @@
lib/Mail/SpamAssassin/EvalTests.pm
lib/Mail/SpamAssassin/HTML.pm
lib/Mail/SpamAssassin/Locales.pm
-lib/Mail/SpamAssassin/Locker.pm
lib/Mail/SpamAssassin/Locker/Flock.pm
+lib/Mail/SpamAssassin/Locker.pm
lib/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
lib/Mail/SpamAssassin/Locker/Win32.pm
lib/Mail/SpamAssassin/MailingList.pm
-lib/Mail/SpamAssassin/Message.pm
lib/Mail/SpamAssassin/Message/Metadata.pm
lib/Mail/SpamAssassin/Message/Metadata/Received.pm
lib/Mail/SpamAssassin/Message/Node.pm
+lib/Mail/SpamAssassin/Message.pm
lib/Mail/SpamAssassin/NetSet.pm
lib/Mail/SpamAssassin/PerMsgLearner.pm
lib/Mail/SpamAssassin/PerMsgStatus.pm
lib/Mail/SpamAssassin/PersistentAddrList.pm
-lib/Mail/SpamAssassin/Plugin.pm
+lib/Mail/SpamAssassin/PluginHandler.pm
lib/Mail/SpamAssassin/Plugin/Hashcash.pm
+lib/Mail/SpamAssassin/Plugin/MSExec.pm
+lib/Mail/SpamAssassin/Plugin.pm
lib/Mail/SpamAssassin/Plugin/RelayCountry.pm
lib/Mail/SpamAssassin/Plugin/SPF.pm
lib/Mail/SpamAssassin/Plugin/Test.pm
lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
-lib/Mail/SpamAssassin/PluginHandler.pm
+lib/Mail/SpamAssassin.pm
lib/Mail/SpamAssassin/Reporter.pm
lib/Mail/SpamAssassin/SQLBasedAddrList.pm
lib/Mail/SpamAssassin/TextCat.pm
lib/Mail/SpamAssassin/Util.pm
lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
-masses/CORPUS_POLICY
-masses/CORPUS_SUBMIT
-masses/CORPUS_SUBMIT_NIGHTLY
-masses/Makefile
-masses/README
-masses/README.perceptron
+LICENSE
+Makefile.PL
+MANIFEST
+MANIFEST.SKIP
masses/compare-models
masses/config.set0
masses/config.set1
masses/config.set2
masses/config.set3
-masses/corpora/README
masses/corpora/fuzzy-hash-maildir
masses/corpora/mass-find-nonspam
+masses/corpora/README
masses/corpora/remove-tests-from-logs
masses/corpora/uniq-mailbox
masses/corpora/uniq-maildirs
+masses/CORPUS_POLICY
+masses/CORPUS_SUBMIT
+masses/CORPUS_SUBMIT_NIGHTLY
masses/cpucount
masses/extract-message-from-mbox
masses/extract-results
@@ -105,9 +96,10 @@
masses/hit-frequencies
masses/lint-rules-from-freqs
masses/logs-to-c
+masses/Makefile
masses/mass-check
-masses/mass-check-results-to-mbox
masses/mass-check.cf
+masses/mass-check-results-to-mbox
masses/mboxget
masses/mk-baseline-results
masses/model-statistics
@@ -115,28 +107,33 @@
masses/parse-rules-for-masses
masses/perceptron.c
masses/post-ga-analysis.pl
+masses/README
+masses/README.perceptron
masses/rewrite-cf-with-new-scores
masses/rule-dev/maildir-scan-headers
-masses/rule-qa/README.nightly
+masses/rule-qa/corpus.example
masses/rule-qa/corpus-hourly
masses/rule-qa/corpus-nightly
masses/rule-qa/corpus-tagtime
-masses/rule-qa/corpus.example
masses/rule-qa/markup-rules-file-with-freqs
masses/rule-qa/post-bugs-for-retired-tests
+masses/rule-qa/README.nightly
masses/runGA
masses/score-ranges-from-freqs
masses/tenpass/10pass-compute-tcr
masses/tenpass/10pass-run
-masses/tenpass/README
masses/tenpass/compute-current-tcr
+masses/tenpass/README
masses/tenpass/split-log-into-buckets
masses/tenpass/split-log-into-buckets-random
masses/uniq-scores
masses/validate-model
ninjabutton.png
ninjabutton.xcf
+NOTICE
+PACKAGING
procmailrc.example
+README
rules/10_misc.cf
rules/20_anti_ratware.cf
rules/20_body_tests.cf
@@ -154,6 +151,7 @@
rules/23_bayes.cf
rules/25_body_tests_es.cf
rules/25_hashcash.cf
+rules/25_msexec.cf
rules/25_spf.cf
rules/25_uribl.cf
rules/30_text_de.cf
@@ -162,15 +160,15 @@
rules/30_text_pl.cf
rules/50_scores.cf
rules/60_whitelist.cf
-rules/STATISTICS-set1.txt
-rules/STATISTICS-set2.txt
-rules/STATISTICS-set3.txt
-rules/STATISTICS.txt
rules/init.pre
rules/languages
rules/local.cf
rules/name-triplets.txt
rules/regression_tests.cf
+rules/STATISTICS-set1.txt
+rules/STATISTICS-set2.txt
+rules/STATISTICS-set3.txt
+rules/STATISTICS.txt
rules/triplets.txt
rules/user_prefs.template
sa-learn.raw
@@ -178,10 +176,6 @@
sample-spam.txt
spamassassin.raw
spamassassin.spec
-spamc/Makefile.in
-spamc/Makefile.win
-spamc/README.qmail
-spamc/README.win
spamc/acconfig.h
spamc/config.h.in
spamc/config.h.win
@@ -190,41 +184,43 @@
spamc/configure.pl
spamc/libspamc.c
spamc/libspamc.h
+spamc/Makefile.in
+spamc/Makefile.win
spamc/qmail-spamc.c
-spamc/replace/README.getopt
+spamc/README.qmail
+spamc/README.win
spamc/replace/getopt.c
spamc/replace/getopt.h
+spamc/replace/README.getopt
spamc/spamc.c
spamc/spamc.pod
spamc/utils.c
spamc/utils.h
spamc/version.h.in
spamc/version.h.pl
+spamd/netbsd-rc-script.sh
spamd/PROTOCOL
spamd/README
spamd/README.SuSE
spamd/README.vpopmail
-spamd/netbsd-rc-script.sh
spamd/redhat-rc-script.sh
spamd/slackware-rc-script.sh
spamd/solaris-rc-script.sh
spamd/spamd.raw
spamd/suse-ancient-rc-script.sh
-sql/README
-sql/README.awl
-sql/README.bayes
sql/awl_mysql.sql
sql/awl_pg.sql
sql/bayes_mysql.sql
sql/bayes_pg.sql
+sql/README
+sql/README.awl
+sql/README.bayes
sql/userpref_mysql.sql
sql/userpref_pg.sql
-t/README
-t/SATest.pl
-t/SATest.pm
+STATUS
t/basic_lint.t
-t/bayesdbm.t
t/bayesdbm_flock.t
+t/bayesdbm.t
t/bayessql.t
t/body_mod.t
t/cidrs.t
@@ -274,16 +270,16 @@
t/data/spam/011
t/data/spam/012
t/data/spam/013
-t/data/spam/badmime.txt
t/data/spam/badmime2.txt
+t/data/spam/badmime.txt
t/data/spam/base64.txt
t/data/spam/bsmtp
t/data/spam/dnsbl.eml
t/data/spam/gtube.eml
t/data/testplugin.pm
t/data/whitelists/action.eff.org
-t/data/whitelists/amazon_co_uk_ship
t/data/whitelists/amazon_com_ship
+t/data/whitelists/amazon_co_uk_ship
t/data/whitelists/cert.org
t/data/whitelists/debian_bts_reassign
t/data/whitelists/linuxplanet
@@ -303,8 +299,8 @@
t/data/whitelists/winxpnews.com
t/data/whitelists/yahoo-inc.com
t/db_awl_path.t
-t/db_based_whitelist.t
t/db_based_whitelist_ips.t
+t/db_based_whitelist.t
t/dnsbl.t
t/forged_rcvd.t
t/gtube.t
@@ -315,28 +311,41 @@
t/lang_pl_tests.t
t/mimeparse.t
t/nonspam.t
-t/plugin.t
+tools/bayes_dump_to_trusted_networks
+tools/check_whitelist
+tools/convert_awl_dbm_to_sql
+tools/desc_length.pl
+tools/mboxsplit
+tools/README.speedtest
+tools/sa-stats.pl
+tools/speedtest
+tools/split_corpora
+tools/test_extract
+tools/triplets.pl
t/plugin_file.t
+t/plugin.t
t/prefs_include.t
+TRADEMARK
t/razor2.t
t/rcvd_parser.t
+t/README
t/recips.t
t/relative_scores.t
-t/report_safe.t
-t/reportheader.t
t/reportheader_8bit.t
+t/reportheader.t
+t/report_safe.t
t/rule_names.t
t/rule_tests.t
t/rule_types.t
+t/SATest.pl
+t/SATest.pm
t/sha1.t
-t/spam.t
-t/spamc.t
t/spamc_B.t
-t/spamc_E.t
-t/spamc_c.t
t/spamc_c_stdout_closed.t
+t/spamc_c.t
+t/spamc_E.t
t/spamc_l.t
-t/spamd.t
+t/spamc.t
t/spamd_allow_user_rules.t
t/spamd_hup.t
t/spamd_ldap.t
@@ -345,14 +354,16 @@
t/spamd_parallel.t
t/spamd_port.t
t/spamd_protocol_10.t
-t/spamd_report.t
t/spamd_report_ifspam.t
+t/spamd_report.t
t/spamd_ssl.t
t/spamd_stop.t
t/spamd_symbols.t
t/spamd_syslog.t
+t/spamd.t
t/spamd_unix.t
t/spamd_utf8.t
+t/spam.t
t/spf.t
t/sql_based_whitelist.t
t/strip2.t
@@ -364,14 +375,5 @@
t/whitelist_from.t
t/whitelist_to.t
t/zz_cleanup.t
-tools/README.speedtest
-tools/bayes_dump_to_trusted_networks
-tools/check_whitelist
-tools/convert_awl_dbm_to_sql
-tools/desc_length.pl
-tools/mboxsplit
-tools/sa-stats.pl
-tools/speedtest
-tools/split_corpora
-tools/test_extract
-tools/triplets.pl
+UPGRADE
+USAGE
Added: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MSExec.pm
==============================================================================
--- (empty file)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MSExec.pm Tue Sep 14 11:30:51 2004
@@ -0,0 +1,77 @@
+=head1 NAME
+
+MSExec - determine if the message includes a Microsoft executable file
+
+This rule works by checking for 3 possibilities in the message in any
+application/* or text/* part in the message:
+
+=over 4
+
+=item - in text parts, look for a uuencoded executable start string
+
+=item - in application parts, look for filenames ending in an executable extension
+
+=item - in application parts, look for a base64 encoded executable start string
+
+=back
+
+=head1 SYNOPSIS
+
+ loadplugin Mail::SpamAssassin::Plugin::MSExec
+ body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
+
+=cut
+
+package Mail::SpamAssassin::Plugin::MSExec;
+
+use Mail::SpamAssassin::Plugin;
+use strict;
+use bytes;
+
+use vars qw(@ISA);
+@ISA = qw(Mail::SpamAssassin::Plugin);
+
+# constructor: register the eval rule
+sub new {
+ my $class = shift;
+ my $mailsaobject = shift;
+
+ # some boilerplate...
+ $class = ref($class) || $class;
+ my $self = $class->SUPER::new($mailsaobject);
+ bless ($self, $class);
+
+ $self->register_eval_rule ("check_microsoft_executable");
+
+ return $self;
+}
+
+sub check_microsoft_executable {
+ my ($self, $permsgstatus) = @_;
+
+ foreach my $p ($permsgstatus->{msg}->find_parts(qr/^(application|text)\b/)) {
+ my ($ctype, $boundary, $charset, $name) =
+ Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
+
+ if (lc $ctype eq 'application/octet-stream') {
+ $name ||= '';
+ $name = lc $name;
+
+ # file extension indicates an executable ...
+ return 1 if ($name =~ /\.(?:scr|bat|com|pif|exe)$/);
+
+ # base64 attached executable ...
+ my $cte = lc $p->get_header('content-transfer-encoding') || '';
+ return 1 if ($cte =~ /base64/ && $p->raw()->[0] =~ /^TV[opqr].A..[AB].[AQgw][A-H].A/);
+ }
+ elsif ($ctype =~ /^text\b/i) {
+ # uuencoded executable ...
+ foreach (@{$p->raw()}) {
+ return 1 if (/^M35[GHIJK].`..`..*````/);
+ }
+ }
+ }
+ return 0;
+}
+
+1;
Added: spamassassin/trunk/rules/25_msexec.cf
==============================================================================
--- (empty file)
+++ spamassassin/trunk/rules/25_msexec.cf Tue Sep 14 11:30:51 2004
@@ -0,0 +1,33 @@
+# SpamAssassin - MSExec rules
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Copyright 2004 Apache Software Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </...@LICENSE>
+#
+###########################################################################
+
+# Requires the Mail::SpamAssassin::Plugin::MSExec plugin be loaded.
+
+ifplugin Mail::SpamAssassin::Plugin::MSExec
+
+body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
+describe MICROSOFT_EXECUTABLE Message includes Microsoft executable program
+score MICROSOFT_EXECUTABLE 0.100
+
+endif # Mail::SpamAssassin::Plugin::MSExec
Modified: spamassassin/trunk/rules/init.pre
==============================================================================
--- spamassassin/trunk/rules/init.pre (original)
+++ spamassassin/trunk/rules/init.pre Tue Sep 14 11:30:51 2004
@@ -28,3 +28,7 @@
#
loadplugin Mail::SpamAssassin::Plugin::SPF
+# MSExec - do simple checks to see if the message includes a Microsoft
+# executable file
+#
+#loadplugin Mail::SpamAssassin::Plugin::MSExec