/[pkg-listmaster]/trunk/spamassassin_config/common/phrase_spam
ViewVC logotype

Contents of /trunk/spamassassin_config/common/phrase_spam

Parent Directory Parent Directory | Revision Log Revision Log

Revision 68 - (hide annotations) (download)
Sat Oct 13 20:40:52 2007 UTC (5 years, 7 months ago) by don
File size: 15681 byte(s) 
add SOFTNLSE rule; add WBRS rule
1 don 67 #
2     Added some rules from Rule du Jour that I've been testing for a while
3 don 2
4     #Monotone (from airmax.cf)
5     body MONOTONE_WORDS_2_15 /^([a-z]{2,20}[\s\.]+){15}/
6     describe MONOTONE_WORDS_2_15 Lines with many (long) lowercase words (15+ words, 2+ letters)
7     body MONOTONE_WORDS_2_30 /^([a-z]{2,20}[\s\.]+){30}/
8     describe MONOTONE_WORDS_2_30 Lines with many (long) lowercase words (30+ words, 2+ letters)
9     body MONOTONE_WORDS_3_20 /^([a-z]{3,20}[\s\.]+){20}/
10     describe MONOTONE_WORDS_3_20 Lines with many (long) lowercase words (20+ words, 3+ letters)
11     body MONOTONE_WORDS_5_8 /^([a-z]{5,20}[\s\.]+){8}/
12     describe MONOTONE_WORDS_5_8 Lines with many (long) lowercase words (8+ words, 5+ letters)
13     body MONOTONE_WORDS_5_12 /^([a-z]{5,20}[\s\.]+){12}/
14     describe MONOTONE_WORDS_5_12 Lines with many (long) lowercase words (12+ words, 5+ letters)
15     body MONOTONE_WORDS_5_20 /^([a-z]{5,20}[\s\.]+){20}/
16     describe MONOTONE_WORDS_5_20 Lines with many (long) lowercase words (20+ words, 5+ letters)
17    
18     # Lots of auto-responders seem to have this
19     body MDO_AUTORESP1 /online form/i
20     score MDO_AUTORESP1 0.1
21    
22     body MDO_AUTORESP2 /large amount of (spam|virus)/i
23     score MDO_AUTORESP2 0.1
24    
25     body MDO_AUTORESP3 /(electronically|automatically) (generated|created) (email|ack)/i
26     score MDO_AUTORESP3 0.1
27    
28     body MDO_AUTORESP4 /(respond|answer) your enquiry/i
29     score MDO_AUTORESP4 0.1
30    
31     body MDO_AUTORESP5 /(email|enquiry) has been received/i
32     score MDO_AUTORESP5 0.1
33    
34     body MDO_AUTORESP6 /will be answered within/i
35     score MDO_AUTORESP6 0.1
36    
37     body MDO_AUTORESP7 /the e-mail address to which you have written does not support incoming messages/i
38     score MDO_AUTORESP7 0.1
39    
40     meta MDO_AUTORESP_META1 (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1
41     score MDO_AUTORESP_META1 2.0
42    
43     body MURPHY_DIPLOMA /Diploma/
44     describe MURPHY_DIPLOMA No Diploma
45     score MURPHY_DIPLOMA 1
46    
47     body MURPHY_CALORIES /calories/
48     describe MURPHY_CALORIES No Calories
49     score MURPHY_CALORIES 1
50    
51     header MURPHY_CONTENT_GIF Content-Type =~ /image\/gif/
52     describe MURPHY_CONTENT_GIF Content contains image/gif
53     score MURPHY_CONTENT_GIF 1
54    
55     # cable tv spam -- pasc 04/05/11-12
56     body MDO_CABLE_TV1 /pay.?per.?view/i
57     score MDO_CABLE_TV1 0.5
58    
59     body MDO_CABLE_TV2 /mature.?channel/i
60     score MDO_CABLE_TV2 0.5
61    
62     body MDO_CABLE_TV3 /c(\@|a)ble/i
63     score MDO_CABLE_TV3 0.5
64    
65     body MDO_CABLE_TV4 /rem(o|0)te.?control/i
66     score MDO_CABLE_TV4 0.5
67    
68     meta MDO_CABLE_META1 (MDO_CABLE_TV1 || MDO_CABLE_TV2 || MDO_CABLE_TV4) && (MDO_CABLE_TV3)
69     describe MDO_CABLE_META1 Too much cable stuff
70     score MDO_CABLE_META1 3
71    
72     header MDO_TAGSPAM1 Subject =~ /Unknown Tag *free* Please Fix/
73     score MDO_TAGSPAM1 4
74    
75     body MDO_BAD_WORD1 /PORTFOLIO/i
76     score MDO_BAD_WORD1 2.8
77    
78     # blarson, 2004-04-30 -> lists --pasc 04/05/11
79     body AFFILIATEID /affiliate.?id/i
80     describe AFFILIATEID affiliate id
81     score AFFILIATEID 3
82    
83     # joy, 2003-08-30, 2003-09-21
84     header FW Subject =~ /^Fw: /
85     describe FW Sounds like a Fw: spam
86     score FW 3
87    
88     # blarson 2007-07-13
89     header REFWD subject =~ /\b(?:RE|FWD)\:\s*$/i
90     describe REFWD re or fwd nothing
91 don 63 score REFWD 3.5
92 don 2
93     # blarson 2005-11-11
94     header ONEWORD subject =~ /^(?:Fw:|re:)?\s*\w+\s*$/i
95     describe ONEWORD one word subject
96     score ONEWORD 1
97    
98     # robot101, 2003-09-22
99     header CROSSWALK X-UnityUser =~ /^Crosswalk.com, Inc/
100     describe CROSSWALK Crosswalk bible mailing list
101     score CROSSWALK 3
102    
103     header CROSSWALK_SPAM From =~ /Crosswalk/
104     describe CROSSWALK_SPAM Crosswalk Spam
105     score CROSSWALK_SPAM 1
106    
107     # -- joy, 2003-06-28
108     header BOMDIA Subject =~ /Bom dia /
109     describe BOMDIA Bom dia, usually some Romanic language spam
110     score BOMDIA 2
111    
112     header RCVD_FROM_UNCONF_HOST Received =~ /^from localhost.localdomain/
113     describe RCVD_FROM_UNCONF_HOST Mail comes from a host with unconfigured mailer daemon
114     score RCVD_FROM_UNCONF_HOST 2
115    
116     # joy, 2003/01/25
117     body ECOSPAM /Corridas de Toros para los turistas Ingleses en Barcelona/
118     describe ECOSPAM Eco-spam all right
119     score ECOSPAM 5.0
120    
121     # cjwatson, 2003/02/24
122     body SPANISH_FORM_CGI /Este formulario fue enviado por/
123     describe SPANISH_FORM_CGI "Below is the result of your feedback form", eh?
124     score SPANISH_FORM_CGI 4.0
125    
126     # joy, 2003-06-18
127     body TRAFFICMAGNET /Become a TrafficMagnet Reseller/
128     describe TRAFFICMAGNET SpamMagnet
129     score TRAFFICMAGNET 4
130    
131     # joy, 2003-06-27
132     header BKR Subject =~ /^bkr/
133     describe BKR bkr spam
134     score BKR 4
135    
136     # joy, 2003-06-27
137     header RISEANDSHINE Subject =~ /^Rise and Shine in 15 minutes/
138     describe RISEANDSHINE Rise and Shine in 15 minutes spam
139     score RISEANDSHINE 4
140    
141     # joy, 2003-09-20
142     header UNIVDIP Subject =~ /U N I V E R S I T Y . D I P L O M A S/i
143     describe UNIVDIP university diplomas spam
144     score UNIVDIP 4
145    
146     # joy, 2003-09-21
147     header YOUTHERE Subject =~ /^(Re: )?You/i
148     describe YOUTHERE Who, me? Likely spam
149     score YOUTHERE 2
150    
151     # cjwatson, 2003-11-20
152     header HOUSECLEANING Subject =~ /^Affordable Housecleaning Service/
153     describe HOUSECLEANING let's clean out the spam instead
154     score HOUSECLEANING 3
155    
156     # cjwatson, 2003-12-11
157     header OTC_FIRST Subject =~ /OTC FIRST ALERT/
158     describe OTC_FIRST OTC spam
159     score OTC_FIRST 3
160    
161     # joy, 2004-01-03
162     body AVAILABLENOW /available now/i
163     describe AVAILABLENOW must be selling some shit
164     score AVAILABLENOW 1
165    
166     # cjwatson, 2004-01-16
167     body TEDIOUS_WITTER /If not i included it below so let me know if you like it/
168     describe TEDIOUS_WITTER annoying wittering spam, mypillsource.com I think
169     score TEDIOUS_WITTER 2
170    
171     # cjwatson, 2004-03-12
172     # blarson 2004-06-09
173     header UNI_DIPLOMA Subject =~ /\b(university|college)\s+(diploma|cert|degree)/i
174     describe UNI_DIPLOMA Got one, thanks
175     score UNI_DIPLOMA 4
176    
177     # blarson 2004-04-27
178     body UNI2 /university\s+(diploma|cert|degree)/i
179     describe UNI2 Got one, thanks
180     score UNI2 4
181    
182     # cjwatson, 2004-03-12
183     header JOB_CONFIRM Subject =~ /Job confirmation/
184     describe JOB_CONFIRM Got one of these too, thanks
185     score JOB_CONFIRM 3
186    
187     # blarson 2005-09-20
188     header MESSAGESUB subject =~ /^\s*\(?message\s*(subject)?\)?$/i
189     describe MESSAGESUB really descriptive subject
190     score MESSAGESUB 3
191    
192 don 16 # don 2007-09-20
193     header SENTMESSAGE subject =~ /(sent you a( personal|) message|would like to chat)/i
194     describe SENTMESSAGE Sent you a message (like duh?)
195     score SENTMESSAGE 2
196    
197     # blarson 2006-03-16 2007-09-18
198     body DEARDIGIT /^(?:well\s+)?(?:Dear|Hey|H[ea]y?ll?.?o|To|Attention|Hi+|Hey+a?|Bonjorno|(?:Yo\s*)+|(?:g[o0]+d\s*)?(?:d?ay|morning|evening?|afternoon|night)|what.?i?s\s+up|wa(?:s|z)+up|greetings?|Salutations|(Mail|News)\s+to|how(?:.?s|\s+is)?\s*(?:(?:it)?(?:\s+is)??\s*going|have\s+you\s+been|are you).?\s*(?:there|to\s+you)?|compliments|Regards|Adieu)\,?\s+(?:Account\s+\#?|\=?3d|)(?:bro|there|sir|Mr\.?)\s*?\d{3,}/i
199 don 2 describe DEARDIGIT Dear number
200     score DEARDIGIT 3.9
201    
202     # blarson 2004-11-08
203     header SIZEMATTERS subject =~ /^S.ze matters$/i
204     describe SIZEMATTERS Size matters spammer
205     score SIZEMATTERS 3
206    
207     # cjwatson 2005-01-02
208     header RNDMX subject =~ /^<rndmx/
209     describe RNDMX weird empty spam
210     score RNDMX 4
211    
212     # blarson 2005-01-06
213     header VERIFYCAT subject =~ /verifycation mail/
214     describe VERIFYCAT verifycation spam
215     score VERIFYCAT 4
216    
217     # blarson 2005-01-10
218     header D0WNLOAD subject =~ /\bd[o0]wn[l1][o0]ad.*(?:m[o0]v[i1]e|mp3|tune|music)/i
219     describe D0WNLOAD download spam
220     score D0WNLOAD 3
221    
222     # blarson 2005-02-11
223     header REDUCESPAM subject =~ /Reduce Spam\b/i
224     describe REDUCESPAM reduce spam spam
225     score REDUCESPAM 2
226    
227     # blarson 2005-04-15
228     body DIRT /\.(?:the|\d|)dirty?\d+\.info\//
229     describe DIRT dirty spammer
230     score DIRT 3
231    
232     # blarson 2005-04-17
233     body RNDWORD /^RND_WORD\s*$/
234     describe RNDWORD RND_WORD
235 don 8 score RNDWORD 3
236 don 2
237     # blarson 2005-08-18
238     header D3GREE subject =~ /\bd(?:3gres?|esgre|eerge|eeerg|reege|egres)e?s?\b/i
239     describe D3GREE Want a used paper from someone who can't spell
240     score D3GREE 3
241    
242     # blarson 2005-08-19
243     body FINALNOTE /\bfinal\s+notif/i
244     describe FINALNOTE yet another final notification
245     score FINALNOTE 2
246    
247     # blarson 2005-08-23
248     header HIITS subject =~ /\bHi\! It\'s\b/i
249     describe HIITS hi its
250     score HIITS 3
251    
252     # blarson 2005-08-23
253     header GOTONE subject =~ /\bgot one$/i
254     describe GOTONE got this spam already
255     score GOTONE 3
256    
257     # blarson 2005-09-06
258     body IMMEDIATEREV /^ATTENTION- For your immediate review:/
259     describe IMMEDIATEREV immediate discard
260     score IMMEDIATEREV 3
261    
262     # blarson 2005-09-12
263     body CLIENTALERT /^(?:CLIENT ALERT|ATTENTION CLIENT)/i
264     describe CLIENTALERT client alert
265     score CLIENTALERT 3
266    
267     # cjwatson 2005-10-20
268     header DEBIANTUX23 From =~ /DebianTux23|wieseltux23/i
269     describe DEBIANTUX23 Linux spammer, sigh
270     score DEBIANTUX23 5
271    
272     # blarson 2005-10-29
273     body SHITBRO /^\s*sh[i1]+t\s+bro/i
274     describe SHITBRO shitty spam
275     score SHITBRO 3
276    
277     # blarson 2005-12-05
278     header POPPROG subject =~ /popular programs for everyday use/i
279     describe POPPROG unpopular spam
280     score POPPROG 3
281    
282     # blarson 2006-02-03
283     body GREET /^\%(?:GREET|EXIT)/
284     describe GREET broken spamware
285     score GREET 3
286    
287     # blarson 2006-10-18
288     header WROTE subject =~ /\bwrote\:\s*$/i
289     describe WROTE stock scam
290     score WROTE 2
291    
292     body DEGREE_SPAM /earn.+degree.+transcripts/i
293     describe DEGREE_SPAM earn a degree with transcripts spam
294     score DEGREE_SPAM 2.5
295    
296     # blarson 2006-10-23
297     body BLUEPILL /blue pill/i
298     describe BLUEPILL Blue pill spam
299     score BLUEPILL 2
300    
301     # blarson 2006-11-04
302     header PHOTOQUEST subject =~ /question about your photo/i
303     describe PHOTOQUEST questioning photo
304     score PHOTOQUEST 2
305    
306     # blarson 2006-11-08
307     body KBDP /Knowledge Based Degree Program/i
308     describe KBDP degree spam
309     score KBDP 4
310    
311     # blarson 2006-11-13
312     body CRITERIAHAS /\bOur criteria has changed\b/i
313     describe CRITERIAHAS Diploma salesman with bad english
314     score CRITERIAHAS 3
315    
316     # blarson 2006-11-18
317     body TORA08 /\b\d{6} \d{7} \d{6} \d \d{7} \d{7}/
318     describe TORA08 TORA.08 spam
319     score TORA08 3
320    
321     # blarson 2006-11-21
322     body SERIOUSBRO /^Seriously bro\b/i
323     describe SERIOUSBRO Seriously bro
324     score SERIOUSBRO 3
325    
326     # blarson 2006-12-06
327     body INSETET /\bwilson\@insitetcnologia\.com\.br\b/
328     describe INSETET please send spammer
329     score INSETET 4
330    
331     # blarson 2006-12-09
332     body USUARIO /\bEl usuario destinatario no es un usuario valido/
333     describe USUARIO No such user -- sent in infinite loop
334     score USUARIO 3
335    
336     # don 2006-12-13
337     body NOMAILRECBI /no recibi tu mail/i
338     describe NOMAILRECBI No recbi of mail -- was closing way to many bugs
339     score NOMAILRECBI 3
340    
341     # blarson 2007-02-13
342     header URHELP subject =~ /\bi need ur help\b/
343     describe URHELP blank spam
344     score URHELP 3
345    
346     # blarson 2006-12-08
347     header ACRO8PR0 subject =~ /\bAcr[0o]bat\s*[78]\s+(?:PR[0O]\b|\$?\d+\$?)/i
348     describe ACRO8PR0 sales spam
349     score ACRO8PR0 4
350    
351 don 63 # blarson 2007-10-05
352 don 68 body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U)\b/
353 don 2 describe WBRS stock spam
354 don 8 score WBRS 4
355 don 2
356 don 16 body FOURLA /\b([A-Z]\s?){4}\b/
357     describe FOURLA Four letter acronym (stock spam?)
358 don 67 score FOURLA 0.1
359 don 16
360 don 67 meta STOCKLIKE (FOURLA && (MONEY || SUBJMONEY))
361 don 33 describe STOCKLIKE Four letter acronyms with money; stock scam
362     score STOCKLIKE 2
363    
364 don 2 # blarson 2007-01-26
365     header ACROBAT8 subject =~ /\badobe acr[o0]bat 8\b/i
366     describe ACROBAT8 more sales spam
367     score ACROBAT8 3
368    
369     # blarson 2007-03-14
370     header VLSTA subject =~ /VlSTA|0FFlCE|ACR0B8T/i
371     describe VLSTA misspelled microshit software
372     score VLSTA 3
373    
374     # blarson 2007-04-19
375     header ANGEKUEN subject =~ /\bTrauer angekuendigt\b/
376     describe ANGEKUEN german spam
377     score ANGEKUEN 3
378    
379     # blarson 2007-05-06
380     body INTCAFE /\binternet caff?e\b/i
381     describe INTCAFE internet cafe spam
382     score INTCAFE 2
383    
384     # blarson 2007-07-14
385     header VERIFIC subject =~ /Your email requires verification/
386     describe VERIFIC some people prefer you get their spam
387     score VERIFIC 3
388    
389     # blarson 2007-07-14
390     header WHITELIST subject =~ /You have been added to .* whitelist/
391     describe WHITELIST whitelist spam
392     score WHITELIST 3
393    
394     # blarson 2007-07-15
395     body CASNIO /^Please be advised that your casnio account is still inactive/
396     describe CASNIO casnio account
397     score CASNIO 3
398    
399     # don 2007-07-17
400     header AUTOREPLY subject =~ /\bauto(?:mated|matic|)[\s-]+re(?:spon[cs]e|ply)\b/i
401     describe AUTOREPLY Automatic reply
402     score AUTOREPLY 2
403    
404     # blarson 2007-07-18
405     body CONFSERV /^Thanks for using our confidential service/
406     describe CONFSERV confidential service
407     score CONFSERV 3
408    
409     # blarson 2007-07-18
410     body CONTENC /^Confirmation has been enclosed/
411     describe CONTENC more pdf spam
412     score CONTENC 4
413    
414     # blarson 2007-07-23
415     header PHONE subject =~ /\b(tele)?phone\b/i
416     describe PHONE phone spam
417     score PHONE 2
418    
419     # blarson 2007-07-30
420     body ASPDF /^We send our messages as Portable Document Format/
421     describe ASPDF more pdf spam
422     score ASPDF 3
423    
424     # blarson 2007-08-20
425     body DELAFT /Please delete your private message after reading/
426     describe DELAFT more pdf spam
427     score DELAFT 3
428    
429 don 16 # blarson 2007-09-13
430 don 66 header OFF1CE subject =~ /\b[O0Q]f+[1i7l|]ce\s*\W?2[O0Qk]+7\b/i
431 don 16 describe OFF1CE off1ce spam
432     score OFF1CE 4
433    
434     # blarson 2007-09-13
435     header SOFTSALE subject =~ /\bsoftware sales\b/i
436     describe SOFTSALE software spam
437     score SOFTSALE 3
438    
439     # blarson 2007-09-18
440     body SUPERMACHO /\bBe a supermacho/i
441     describe SUPERMACHO supermacho
442     score SUPERMACHO 4
443    
444     # blarson 2007-09-19
445     body BIGINTER /\bBig international commercial organization\b/i
446     describe BIGINTER job spam
447     score BIGINTER 4
448    
449     # blarson 2007-09-20
450     header HASSENT subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note)|would like to chat)\b/i
451     describe HASSENT sent a message
452     score HASSENT 4
453    
454     # blarson 2007-09-20
455     header ORDERNUM subject =~ /\b(?:Order|Recipet)\s*.?\d{3,}/i
456     describe ORDERNUM order number
457     score ORDERNUM 3
458    
459     # don 2007-09-20
460     header DICTIONARYSEQ subject =~ /\b(\w{3})\w*(?:\s+\1\w*){2}/i
461     describe DICTIONARYSEQ Ventricular Vents Venting Ventures
462     score DICTIONARYSEQ 3.5
463    
464     # blarson 2007-09-21
465     header NOLET subject =~ /^\W{4,}$/
466     describe NOLET swearing subject
467     score NOLET 2
468    
469     # blarson 2007-09-21
470     body SSIST /^ssistant Manager/
471     describe SSIST ssistant Manager
472     score SSIST 4
473    
474     # blarson 2007-09-21
475     body GRADUATEUNDER /\bgraduate in under\b/i
476     describe GRADUATEUNDER graduate in under
477     score GRADUATEUNDER 3
478 don 24
479     # blarson 2007-09-24
480     header NOINVEST subject =~ /\b(?:no investment|high.paid)\b/i
481     describe NOINVEST no investment
482     score NOINVEST 4
483    
484     # blarson 2007-09-25
485     header INTEXP subject =~ /\b[I|]nternet Exp[l|]orer\b/i
486     describe INTEXP |nternet Exp|orer
487     score INTEXP 2
488 don 27
489     # don 2007-09-29
490     header WORKATHOME subject =~ /work\Wat\Whome/i
491     describe WORKATHOME Work at home
492 don 30 score WORKATHOME 4
493 don 34
494     # don 2007-10-01
495     body PHONENUMBER /\b1[\-\.\s]?8[07]+[\-\.\s]?\d+/
496     describe PHONENUMBER Toll free phone number
497     score PHONENUMBER 1.5
498 don 37
499     # don 2007-10-02
500 don 39 body GERMANSPAM /Zerix Intern/i
501 don 37 describe GERMANSPAM Um... no clue what that is.
502     score GERMANSPAM 3
503 zobel 49
504     body URBANNEWS /UrbaNNews\.ro/
505     describe URBANNEWS URBANNEWS Newsletter
506     score URBANNEWS 3
507 don 56
508 don 63 # blarson 2007-10-05
509     header JOBS subject =~ /\b(?:job|Employ(?:ers|ment|ee))s?\b/i
510     describe JOBS job spam
511     score JOBS 1
512    
513 don 56 # don 2007-10-09
514     header FREEPASSWORD subject =~ /your\s*free\s*password/i
515     describe FREEPASSWORD We don't need free password
516     score FREEPASSWORD 3
517    
518 don 62 # don 2007-10-11
519     header AFRICABYBIKE subject =~ /africa\s*by\s*bike/i
520     describe AFRICABYBIKE We don't care about africa by bike or car or bus or train
521     score AFRICABYBIKE 4
522    
  ViewVC Help
Powered by ViewVC 1.1.5