You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2014/02/13 22:04:55 UTC
svn commit: r1568036 - /spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf

Author: kmcgrail
Date: Thu Feb 13 21:04:55 2014
New Revision: 1568036

URL: http://svn.apache.org/r1568036
Log:
Adding rule file for Amir Caspi rules

Added:
    spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf

Added: spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf?rev=1568036&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf Thu Feb 13 21:04:55 2014
@@ -0,0 +1,156 @@
+# SpamAssassin rules file: kam sandbox
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </...@LICENSE>
+#
+###########################################################################
+
+#THIS IS A SANDBOX FOR Amir Caspi's rules - cepheid@3phase.com 
+
+# Spammy URI patterns
+    # http://sequncilk.info/outl
+uri __AC_OUTL_URI	/\/outl\b/
+    # http://sequncilk.info/outi
+uri __AC_OUTI_URI	/\/outi\b/
+    # http://coarsely.moneusel.in/web/campaign/NDF8MjR8MTYwMg,,/land/rY2VwaGVpZEAzcGhhc2UuY29tu/
+uri __AC_LAND_URI	/\/land\//
+    # http://almond.potauron.in/web/campaign/NTEyfDI0fDE1OTE,/unsub/qY2VwaGVpZEAzcGhhc2UuY29tu/
+uri __AC_UNSUB_URI	/\/unsub\//
+    # http://nottingham.axonanip.in/report/
+uri __AC_REPORT_URI	/\/report\//
+	# http://privatizer.bolorn.net/php/off/97.25/top/
+uri __AC_PHPOFFTOP_URI	/\/php\/off\/[0-9.]+\/top\//
+	# http://courtdays.bolorn.net/php/off/97.25/sub/
+uri __AC_PHPOFFSUB_URI	/\/php\/off\/[0-9.]+\/sub\//
+    # http://www.shoosecalehhd.us/3345/174/380/1411/2938.11tt1747757AAF11.php
+uri __AC_NUMS_URI	/(?:\/[0-9]+){5}\.[0-9a-zA-Z]+\.(:?php|html)\b/
+    # http://charmaine.connectmediajk.biz/PsQ-bx161ZWh1ZEAzcGhhc2UuY29tmbe
+uri __AC_SEQHASH_URI	/\/[A-Za-z0-9]{3}-[A-Za-z0-9]+AzcGhhc2UuY29t[A-Za-z0-9]{3}\b/
+    #  http://www.efordold.me/?r=1&h=13579&s=70266-5&e=ZWh1ZEAzcGhhc2UuY29t
+uri __AC_RHASH_URI	/\/\?r=[0-9]+&h=[0-9]{4,}&s=[0-9]{4,}-[0-9]+&e=[A-Za-z0-9]+AzcGhhc2UuY29t/
+    # http://efordold.me/?h=13579&e=ZWh1ZEAzcGhhc2UuY29t&ar=20713376%2Fvuxtxusnr_ut6umoosrtv%7E53umtfupqnwsyppywn_umlslxpq%2Fypsl_uypvzrr_tztdyumo_toqpqm_tmtceu_tt7uoqq_msm_%2Futdfw3yu_8k_vj_84_je_8_buutyxuo_tlltxveumpmmte3u%2Flt0x0ut0xut7eum_tty1u_ttf1um_tlt2utezdeuteutyutw%2F2utv3utvaut0u_wcvty8uoa2vdz_ox97tdy97utd3aut09ul%2Ftcdautd3ummssrntw3utwv8utweut80utecegutfnutaeut263yutdzeum
+uri __AC_RHASH2_URI	/\/\?h=[0-9]{4,}&e=[A-Za-z0-9]+AzcGhhc2UuY29t&ar=[A-Za-z0-9%_]{50,}/
+    # http://www.chubbydiet.biz/11VP6856DOBTTT53RYM380F1073AHG1687LCS12K1907471II3470154694.php
+uri __AC_LONGSEQ_URI	/\/[A-Z0-9]{50,}\.(?:php|html|cgi)\b/
+    # http://www.losefast.us/1a83066009e4c6a4463ef4bb01/C/
+uri __AC_1SEQC_URI	/\/1[a-z0-9]8[a-z0-9_]{20,}\/C\//
+    # http://www.search-lots-archiv.com/1c8481478cf46e0b6d9dd0e40801/V/F5B03UPMP/8BJ6447LN.jpg
+uri __AC_1SEQV_URI	/\/1[a-z0-9]8[a-z0-9_]{20,}\/V\//
+    # http://www.losefast.us/r/move/254/42182/61283
+uri __AC_RMOVE_URI	/\/r\/move\/[0-9]+\//
+    # http://www.flaxchid.com/mo.n+new1844407650e8crit-ical.32153002was/es?t.816265832
+uri __AC_PUNCTNUMS_URI	/\.com\/[A-Za-z+=\/.?_-]{4,}[0-9]{9,12}[a-z0-9]{1,2}[A-Za-z+=\/.?_-]+[0-9]{7,9}[A-Za-z+=\/.?_-]{6,}[0-9]{7,9}\b/
+    #http://approbativeness57.isfient.me/caller-vulgarize-thriller-formality/forget-diet-pills-and-exercise-get-350-recipes-and-a-paleo-meal-plan/359297028/unjustifiedness.aspx
+uri __AC_NDOMLONGNASPX_URI	/[A-Za-z]+[0-9]{2}\.[A-Za-z0-9-]+\.me\/(?:[A-Za-z0-9-]{10,}\/){2}[0-9]{8,}\/[A-Za-z]+\.aspx/
+    #http://www.honkzoo.org/chd196h4d60c7347h484h886d5b
+uri __AC_CHDSEQ_URI	/\/chd[a-z0-9]{20,}/
+    #http://www.honkzoo.org/mhd196h4d60c7347h484h03c00c
+uri __AC_MHDSEQ_URI	/\/mhd[a-z0-9]{20,}/
+    #http://www.altkangaroo.com/uhd228h4da2fd0c5h49bhff5c2f
+uri __AC_UHDSEQ_URI	/\/uhd[a-z0-9]{20,}/
+
+
+meta 		AC_SPAMMY_URI_PATTERNS1 (__AC_OUTL_URI && __AC_OUTI_URI)
+describe 	AC_SPAMMY_URI_PATTERNS1	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS1	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS1	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS2 (__AC_LAND_URI && __AC_UNSUB_URI && __AC_REPORT_URI)
+describe 	AC_SPAMMY_URI_PATTERNS2	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS2	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS2	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS3 (__AC_PHPOFFTOP_URI && __AC_PHPOFFSUB_URI)
+describe 	AC_SPAMMY_URI_PATTERNS3	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS3	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS3	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS4 __AC_NUMS_URI
+describe 	AC_SPAMMY_URI_PATTERNS4	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS4	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS4	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS5 (__AC_SEQHASH_URI || __AC_SEQHASH_URIb || __AC_SEQHASH_URIc) 
+describe 	AC_SPAMMY_URI_PATTERNS5	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS5	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS5	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS6 (__AC_RHASH_URI || __AC_RHASH_URIb || __AC_RHASH_URIc) 
+describe 	AC_SPAMMY_URI_PATTERNS6	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS6	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS6	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS7 (__AC_RHASH2_URI || __AC_RHASH2_URIb || __AC_RHASH2_URIc)
+describe 	AC_SPAMMY_URI_PATTERNS7	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS7	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS7	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS8 __AC_LONGSEQ_URI
+describe 	AC_SPAMMY_URI_PATTERNS8	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS8	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS8	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS9 (__AC_1SEQC_URI && (__AC_1SEQV_URI || __AC_RMOVE_URI))
+describe 	AC_SPAMMY_URI_PATTERNS9	link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS9	4.0
+tflags 		AC_SPAMMY_URI_PATTERNS9	publish
+
+meta 		AC_SPAMMY_URI_PATTERNS10 __AC_PUNCTNUMS_URI
+describe 	AC_SPAMMY_URI_PATTERNS10 link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS10 4.0
+tflags 		AC_SPAMMY_URI_PATTERNS10 publish
+
+meta 		AC_SPAMMY_URI_PATTERNS11 __AC_NDOMLONGNASPX_URI
+describe 	AC_SPAMMY_URI_PATTERNS11 link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS11 4.0
+tflags 		AC_SPAMMY_URI_PATTERNS11 publish
+
+meta 		AC_SPAMMY_URI_PATTERNS12 (__AC_CHDSEQ_URI && __AC_MHDSEQ_URI && __AC_UHDSEQ_URI)
+describe 	AC_SPAMMY_URI_PATTERNS12 link combos match highly spammy template
+score 		AC_SPAMMY_URI_PATTERNS12 4.0
+tflags 		AC_SPAMMY_URI_PATTERNS12 publish
+
+
+# Enhance Bayes scoring for super-spammy mails
+# see /var/lib/spamassassin/3.003002/updates_spamassassin_org/23_bayes.cf
+# and $samedir/50_scores.cf
+ifplugin Mail::SpamAssassin::Plugin::Bayes
+  body BAYES_99           eval:check_bayes('0.99', '0.999')
+  body BAYES_999          eval:check_bayes('0.999', '1.00')
+  tflags BAYES_99	learn,publish
+  tflags BAYES_999	learn,publish
+  describe BAYES_99       Bayes spam probability is 99 to 99.9%
+  describe BAYES_999      Bayes spam probability is 99.9 to 100%
+  score BAYES_99   0  0  4.3    4.0
+  score BAYES_999  0  0  4.8    4.5
+endif
+
+# Too many newlines...
+rawbody AC_BR_BONANZA   /(?:<br>\s*){30}/i
+describe AC_BR_BONANZA  Too many newlines in a row... spammy template
+score AC_BR_BONANZA     0.001
+tflags AC_BR_BONANZA	publish
+
+# Too many containers
+rawbody AC_DIV_BONANZA  /(?:<div>(?:\s*<\/div>)?\s*){10}/i
+describe AC_DIV_BONANZA Too many divs in a row... spammy template
+score AC_DIV_BONANZA    0.001
+tflags AC_DIV_BONANZA	publish