You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/06/25 21:05:48 UTC
svn commit: r1834374 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Jun 25 21:05:48 2018
New Revision: 1834374
URL: http://svn.apache.org/viewvc?rev=1834374&view=rev
Log:
Tweaking invisible-HTML-text obfuscation rules, adding a new test rule
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1834374&r1=1834373&r2=1834374&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Jun 25 21:05:48 2018
@@ -1981,14 +1981,25 @@ score GOOG_REDIR_HTML_ONLY
# low S/O, apparently lots of invisible ham...
-rawbody __STY_INVIS /\bstyle\s*=(?:3d)?\s*"\s*(?:visibility\s*:\s*hidden\s*;|display\s*:\s*none\s*;|background\s*:)/i
-tflags __STY_INVIS multiple, maxhits=6
-meta __STY_INVIS_MANY __STY_INVIS > 5
-#meta HTML_TEXT_INVISIBLE __STY_INVIS_MANY
-#describe HTML_TEXT_INVISIBLE Hidden text
-#score HTML_TEXT_INVISIBLE 2.000 # limit
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+ rawbody __STY_INVIS /\bstyle\s*=\s*"[^">]{0,80}(?:visibility\s*:\s*hidden\s*;|display\s*:\s*none\s*;)/i
+ tflags __STY_INVIS multiple, maxhits=6
+ meta __STY_INVIS_MANY __STY_INVIS > 5
+ #meta HTML_TEXT_INVISIBLE __STY_INVIS_MANY
+ #describe HTML_TEXT_INVISIBLE Hidden text
+ #score HTML_TEXT_INVISIBLE 2.000 # limit
+endif
# try it on span tags only...
-rawbody __SPAN_INVIS /<span\s[^>]{0,80}style\s*=(?:3d)?\s*"\s*(?:visibility\s*:\s*hidden\s*;|display\s*:\s*none\s*;|background\s*:)/i
+rawbody __SPAN_INVIS /<span\s[^>]{0,200}style\s*=\s*"[^">]{0,80}(?:visibility\s*:\s*hidden\s*;|display\s*:\s*none\s*;)[^>]{1,200}>\w/i
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+ rawbody __FONT_INVIS /<font\s[^>]{1,80}(?:font-size\s*:\s*[01]px\s*;|color\s*:\s*transparent\s*;)[^>]{1,80}>\w/i
+ tflags __FONT_INVIS multiple, maxhits=6
+ meta __FONT_INVIS_MANY __FONT_INVIS > 5
+ #meta HTML_TEXT_INVISIBLE __FONT_INVIS
+ #describe HTML_TEXT_INVISIBLE Hidden text
+ #score HTML_TEXT_INVISIBLE 2.000 # limit
+endif
# Adapted from SARE rules __SARE_HTML_SINGLET*
rawbody __HTML_SINGLET />\s*(?:[a-z"]|&\#(?:\d+|x[0-9a-f]+);)\s*</i