/[pkg-listmaster]/trunk/spamassassin_config/common/url_spam

Diff of /trunk/spamassassin_config/common/url_spam

Parent Directory | Revision Log | View Patch Patch

-revision 50 by zobel,
Thu Oct  4 08:00:15 2007 UTC
+revision 203 by don,
Tue May  6 01:01:29 2008 UTC
 Line 66 
 describe CANDYHOS      spams from korea, host
  score CANDYHOS          5
  # blarson 2005-12-08
+ # don 2007-11-21 -- combine other rule; increment score
  body GEOCITIES          /http\:\/\/.*geocities/i
  describe GEOCITIES      geocities url
- score GEOCITIES         1.6
+ score GEOCITIES         2.5
  # blarson 2005-12-24
  body EMPTYURL           /\bhttp:\/\/(?:www\.)?$/i
-Line 116 
 describe BESTLOANS     Best loans url
+Line 117 
 describe BESTLOANS     Best loans url
  score BESTLOANS         2
  # blarson 2007-07-22 2007-09-12
- body PENPRO             /\@(?:penmailpro|OnsetIng|openprotection|NearOut|SuperOnset)\.info\b/i
+ body PENPRO             /\@(?:penmailpro|OnsetIng|openprotection|NearOut|SuperOnset|medicalgloveonline|YourOnset|GreatGloveCell|thegloveworks|asiafriendworld|NaturalImprove|charmshine|healthinsweb)\.info\b/i
  describe PENPRO         penmailpro spam
  score PENPRO            3.5
-Line 156 
 describe SPAMARREST    forwards thier spam
+Line 157 
 describe SPAMARREST    forwards thier spam
  score SPAMARREST        4
  # blarson 2007-09-14
- body FROMAD             /\bhttp\:\/\/(?:budhipps|fromad|conavel|cliensy|comnoe)\.com\b/i
+ body FROMAD             /\bhttp\:\/\/(?:budhipps|fromad|conavel|cliensy|comnoe|mybudshop)\.com\b/i
  describe FROMAD         more penis spam
  score FROMAD            4
- # blarson 2007-09-14
- uridnsbl URIBL_CNKR     cn-kr.blackholes.us.    A
- body    URIBL_CNKR      eval:check_uridnsbl('URIBL_CNKR')
- describe URIBL_CNKR     china or korea hosted web site
- tflags  URIBL_CNKR      net
- score URIBL_CNKR        2.5
- # blarson 2007-09-14
- uridnsbl_skip_domain    debian.org debian.net
- # blarson 2007-09-14
- uridnsbl        URIBL_SBL       sbl.spamhaus.org.       A
- body            URIBL_SBL       eval:check_uridnsbl('URIBL_SBL')
- describe        URIBL_SBL       Contains an URL listed in the SBL blocklist
- tflags          URIBL_SBL       net
- #reuse          URIBL_SBL
- score           URIBL_SBL       3.5
  # blarson 2007-09-17
- body MYCHEAP            /\b(?:my)?cheap(?:oem|soft)(?:now)?\s*\.\s*com\b/i
+ body MYCHEAP            /\b(?:my)?cheap(?:xp|adobe)?(?:oem|soft)+(?:now|ware)?(?:(?:4|for)?less)?\d*\s*\.\s*com\b/i
  describe MYCHEAP        software spam
  score MYCHEAP           4
-Line 198 
 header MAKEUP          subject =~ /makeup\.com/i
+Line 181 
 header MAKEUP          subject =~ /makeup\.com/i
  describe MAKEUP         makeup.com url
  score MAKEUP            3
+ # blarson 2007-10-04
+ body SUBT               /\bsubtracthold\.com\b/i
+ describe SUBT           subtracthold.com
+ score SUBT              4
  body GRAPHICMAIL        /\bhttp\:\/\/www\.graphicmail\.de\b/i
  describe GRAPHICMAIL    graphicmail.de
- score                   4
+ score   GRAPHICMAIL     4
  body WWWRO              /\b(?:www\.|https?\:.*)\w+\.ro\b/i
  describe WWWRO          romanian web site
  score WWWRO             2
+ # blarson 2007-10-10
+ body CLEANDOM           /http\:\/\/\{_clean_domains\}/
+ describe CLEANDOM       broken spamware
+ score CLEANDOM          4
+ # blarson 2007-10-11
+ body SOFTNLSE           /\bsoftnlse\s*\.\s*com\b/i
+ describe SOFTNLSE       softnlse.com
+ score SOFTNLSE          4
+ # blarson 2007-10-13
+ body MUSVID             /\b(?:MusicAndVideoWorld|usa-bestsellers)\.com/i
+ describe MUSVID         MusicAndVideoWorld.com
+ score MUSVID            4
+ # blarson 2007-10-16
+ body PLATSOFT           /\btheplatinumsoft\.com\b/i
+ describe PLATSOFT       theplatinumsoft.com
+ score PLATSOFT          4
+ # blarson 2007-10-22
+ body BLOGSPOT           /\bblogspot\.com\b/i
+ describe BLOGSPOT       spammers are hosting on blogspot
+ score BLOGSPOT          3
+ # blarson 2007-10-25
+ body PILLUS             /PILL-US\.COM\b/i
+ describe PILLUS         PILL-US spam
+ score PILLUS            4
+ # blarson 2007-10-25
+ body BETWEENTO          /\bhttp\:\/\/betweento\.com\b/i
+ describe BETWEENTO      betweento.com
+ score BETWEENTO         4
+ # don 2007-10-25
+ body MASZON             /mc?a(szon|yvidol|ttk)\.(com|org|net)/i
+ describe MASZON         pron spam
+ score MASZON            4
+ # blarson 2007-10-27
+ body GMAIL              /\@gmail\.com\b/i
+ describe GMAIL          @gmail.com
+ score GMAIL             1
+ # blarson 2007-10-28
+ body MAILRU             /\@mail\.ru\b/i
+ describe MAILRU         @mail.ru
+ score MAILRU            3
+ # blarson 2007-10-31
+ body ADOBE4LESS         /\b(?:adobe4less|realnewsoft|newmicrosoftdeals|kvaka-soft)\s*[.,]\s*com\b/i
+ describe ADOBE4LESS     adobe4less . com
+ score ADOBE4LESS        4
+ # blarson 2007-11-01
+ body RMAPPLY            /http\:\/\/rmapply\.com\b/i
+ describe RMAPPLY        http://rmapply.com
+ score RMAPPLY           4
+ # blarson 2007-11-04
+ header HANOIFASH        subject =~ /WWW\.HANOI-FASHION\.COM/i
+ describe HANOIFASH      WWW.HANOI-FASHION.COM
+ score HANOIFASH         4
+ # blarson 2007-11-06
+ body ONLINEMED          /\b(?:onlinemedicalkey|pharm\w*|webvinz|wendebay|webdcd|vowelstep|wclth|duringgear|broadbasic|instantsuffix|magnetdouble|drugsdirecteat)\s*\.\s*com\b/i
+ describe ONLINEMED      onlinemedicalkey.com
+ score ONLINEMED         4
+ # blarson 2007-11-15
+ body GETUP              /\bgetupgradednow\.com\b/i
+ describe GETUP          getupgradednow.com
+ score GETUP             4
+ # blarson (pusling's idea) 2007-11-16
+ body SPACECOM           /^[\w\d]+\s\.\scom\b/
+ describe SPACECOM       whatever . com
+ score SPACECOM          3
+ # don -- flowgoaway.com doesn't appear to be a working RBL anymore (if it ever was?)
+ # blarson 2007-11-20
+ # uridnsbl URIBL_FLO    flowgoaway.com. A
+ # body  URIBL_FLO       eval:check_uridnsbl('URIBL_FLO')
+ # describe URIBL_FLO    web site in flowgoaway.com
+ # tflags        URIBL_FLO       net
+ # score URIBL_FLO               1
+ # blarson 2007-11-20
+ body SOFTROU            /\bwww\.softrou\.com\b/i
+ describe SOFTROU        www.softrou.com
+ score SOFTROU           3
+ # blarson 2007-11-20
+ body GOOGLEPAGES        /\bgooglepages\.com\b/i
+ describe GOOGLEPAGES    spammers use googlepages
+ score GOOGLEPAGES       2
+ # blarson 2007-12-07
+ body SOFTBESTGRAND      /\bsoft(?:bestgrand|wareonlinemuch)\.com\b/
+ describe SOFTBESTGRAND  softbestgrand.com
+ score SOFTBESTGRAND     4
+ # blarson 2007-12-10
+ body PCSOFTCHEAP        /\b(?:pcsoftcheap|cheapezsoft|cheapsoftxp|adobe4cheap|phonowa|saleonsoftware|bestdealoem|realcheapsoft|krasniyles|cheapxp4pc|supercheapoem|lowpriceoem|realcheapoem|cheapadobedeal|softwarefoundation|2008oem|xpxmas|cheap2008soft|snowysoftware|2008adobe|adobe2008|cheapgetsoftone|x(?:higher|main|prime)(?:soft|software|easy)|softonlinepc|andsoftware|softonlinedownload|kunchakoem|erhere\w|kiroemch|phonowd|cheap(?:soft|oem|software)here|softwarenowprox|xprosoftonlinedl|siniyglaz|popandosoem|xsoftprodepot|triudava|krasniynos|fastsoftnow|cheapeasy(soft|oem|software)|ezadobenow|softnowpromohere|primenetsofthe|nowinstantsoftieq|isktesoft|best(?:oem|soft|software)2008|new2008(?:soft|oem|software)|fastez(?:soft|oem|software)|ezfast(?:oem|soft|software)|2008(?:micro)?softdeals|oemfactorysale|nbuysoft|softnuhere|softsale2008|softwintersale|blatnoyoem|svedsoft|gsxoempromo|getmicrosoftfast|adobeoemsale|xp4(?:cheap|less)|xpoemnow|buycheapxp|alloem4less|lun(?:soft|oem|software)|(?:new|fast)xp(?:soft|oem|software)|frukanoka|softcheap(?:n[eo]w|xp))\s?\.\s?(?:com|net)\b/
+ describe PCSOFTCHEAP    pcsoftcheap. com
+ score PCSOFTCHEAP       4
+ # blarson 2007-12-11
+ body GOLDGAME           /\b(?:gamblingplacegold|goldgamesite|topgamingsite|richbestgaming|luxgoldgaming)\.(?:net|com)\b/
+ describe GOLDGAME       gambling sites
+ score GOLDGAME          4
+ # blarson 2007-12-14
+ body ENLARGETW          /\b(?:enlarge|0rz)\.tw\b/
+ describe ENLARGETW      enlarge.tw
+ score ENLARGETW         4
+ # blarson 2007-12-15
+ body POSTTHROUGH        /\b(?:postthrough|speedgrand|certaincoast)\.com\b/
+ describe POSTTHROUGH    postthrough.com
+ score POSTTHROUGH       4
+ # blarson 2007-12-25
+ body UHAVE              /\b(?:uhavepost|happy(?:santa)?|newyear|familypost|fresh|post)cards?-?(?:2008)?\.com\b/
+ describe UHAVE          uhavepostcard.com
+ score UHAVE             4
+ # blarson 2007-12-26
+ body RUSSWIFE           /\b(?:your|best|new|the|my)(?:russ[il]an?|address|russ)(?:wife|bride)\.info\b/
+ describe RUSSWIFE       yourrussianwife.info
+ score RUSSWIFE          4
+ # blarson 2007-12-31
+ body HAPPY2008          /\b(?:happy2008toyou|hellosanta2008|hohoho2008|santawishes2008)\.com\b/
+ describe HAPPY2008      happy2008toyou.com
+ score HAPPY2008         4
+ # blarson 2008-01-02
+ body BONGHIT            /\b(?:beaverbonghits|dobongworld)\.com\b/
+ describe BONGHIT        beaverbonghits.com
+ score BONGHIT           4
+ # blarson 2008-01-02
+ body GOOGLESEARCH       /\bgoo+gle\.(com|\w\w|com?\.\w\w)\/+(?:search|pagead)/i
+ describe GOOGLESEARCH   google search URL
+ score GOOGLESEARCH      2
+ # blarson 2008-01-02
+ body SIGAS              /\b(?:Sigashash|Reelhotsi|Erisgoonti|Erisgoners|Freesignsies|Rielhotties|Foredroons|Feeshoons|Erisgant|hapburge|wuimooed|jiuezdoo|goingoinghom|buloies|Poeshages|Rueshabesoo|clitoriseries|clitorina|glueplot|crumbtost|ideaputs)(?:\.|\=2E)com\b/
+ describe SIGAS          www.Sigashash.com
+ score SIGAS             4
+ # blarson 2008-01-05
+ body RUSSIABRIDE        /\bruss[il]an?(bride|wife)(?:home|live|blog|)\.info\b/
+ describe RUSSIABRIDE    russiabridehome.info
+ score RUSSIABRIDE       4
+ # blarson 2008-01-14
+ body REDMEHS            /\bwww\.(?:redmehs|feltas|barataslo|quasibot|tageshes|flessimo|spendhope|instrumentstart)\b/
+ describe REDMEHS        www.redmehs
+ score REDMEHS           4
+ # blarson 2008-01-15
+ body MYURL              /\bmyurl\.com\.tw\b/i
+ describe MYURL          myurl.com.tw
+ score MYURL             3
+ # blarson 2008-01-28
+ body W0MEN              /w0men\.info\b/i
+ describe W0MEN          hotw0men.info ukrw0men.info
+ score W0MEN             3
+ # blarson 2008-01-29
+ body ACEMST             /\bacemst\.com\b/
+ describe ACEMST         acemst.com
+ score ACEMST            3
+ # blarson 2008-02-01
+ body GALSINFO           /\b(?:foreigngals|californiaimprove)\.info\b/i
+ describe GALSINFO       foreigngals.info
+ score GALSINFO          3
+ # blarson 2008-02-06
+ body RIDGEST            /\bridgest\.com\b/
+ describe RIDGEST        ridgest.com
+ score RIDGEST           4
+ # blarson 2008-02-16
+ body SOFTROI            /\bsoft(?:roi|ove)\.com\b/
+ describe SOFTROI        softroi.com
+ score SOFTROI           4
+ # don 2008-02-23
+ body FILEZONE           /(file-zone.co.uk|File-Zone)/
+ describe FILEZONE       File-Zone
+ score FILEZONE          2
+ # blarson 2008-02-28
+ body X2J1F              /\b2j1f\.com\b/i
+ descrIbe X2J1F          2j1f.com
+ score X2J1F             4
+ # blarson 2008-02-28
+ body ILVE               /\bilveant\.net\b/i
+ describe ILVE           www.ilveant.net
+ score ILVE              4
+ # don 2008-03-04
+ body  VIDEOFILBMS       /www\.videofilbms\.cn/i
+ describe VIDEOFILBMS    video filbms url
+ score    VIDEOFILBMS    4
+ # blarson 2008-03-05
+ body ABESOFT            /\bca.abesoft\.com\b/i
+ describe ABESOFT        www.cazabesoft.com etc.
+ score ABESOFT           4
+ # blarson 2008-03-06
+ body STARLEYT           /\bstarleyt\.com\b/i
+ describe STARLEYT       starleyt.com
+ score STARLEYT          4
+ # blarson 2008-03-07
+ body URLOEM             /\bhttp\:\/\/\{/
+ describe URLOEM         http://{urloem2}
+ score URLOEM            3
+ # blarson 2008-03-12
+ body WILDERGO           /\b(?:WilderGoLovan|golovable|BestGolova|SuperGolovaWorld)\.com\b/i
+ describe WILDERGO       WilderGoLovan.com
+ score WILDERGO          4
+ # don 2008-03-17
+ body PROGOLD            /\bprogold-inc\.com\b/i
+ describe PROGOLD        progold-inc.com
+ score PROGOLD           4
+ # blarson 2008-03-18
+ body KMINU              /\b(?:kminutte|rubstream)\.com\b/i
+ describe KMINU          kminutte.com
+ score KMINU             4
+ # don 2008-03-19
+ body SCIJOURNALS        /\bsciencejournals\.info\b/i
+ describe SCIJOURNALS    scientific journals
+ score SCIJOURNALS       4
+ # blarson 2008-03-19
+ body JANEHOT            /\bjane\d[\w\d]*\@hotmail\.com\s*$/
+ describe JANEHOT        jane*@hotmail.com
+ score JANEHOT           3
+ # blarson 2008-03-20
+ rawbody BIFUTRA         /\b(?:bifutra|veriapoli|xenifeao|toporaig|jieros|bifreca|werikine|incroomise|genbullenst|writeprovide)(?:\.|\=2E)com\b/
+ describe BIFUTRA        spammer web sites
+ score BIFUTRA           4
+ # don 2008-04-02
+ body LONGLINEURL        /^.{55,}\S\shttp:\/\/www\.\w+\.(?:com|net|org)\/\s*$/
+ describe LONGLINEURL    long line ending in a simple url
+ score LONGLINEURL       2
+ # don 2008-04-07
+ uri MYTHANKYOUURI       /www\.mythankyou\.com/i
+ describe MYTHANKYOUURI  www.mythankyou.com
+ score MYTHANKYOUURI     5
+ # don 2008-04-08
+ uri BLOGSPOTURI         /blogspot\.com/i
+ describe BLOGSPOTURI    something.blogspot.com
+ score BLOGSPOTURI       2.5
+ # blarson 2008-04-09
+ uri SAMEAS              /\bsupersameas\.com\b/
+ describe SAMEAS         supersameas.com
+ score SAMEAS            3
+ # blarson 2008-04-12
+ body URIEXE             /\bhttp:\S*\.exe\b/
+ describe URIEXE         .exe url
+ score URIEXE            3
+ # blarson 2008-04-24
+ uri SANSATION           /\b(?:sansationel|garmenys|iconaliste)\.com\b/i
+ describe SANSATION      sansationel.com
+ score SANSATION         4
+ # blarson 2008-05-04
+ body EQMEDS             /\beqmeds\b/i
+ describe EQMEDS         eqmeds
+ score EQMEDS            4

 Legend:



Removed from v.50
 


changed lines


 
Added in v.203
 Legend:



Removed from v.50
 


changed lines


 
Added in v.203
-Removed from v.50
+Added in v.203

	ViewVC Help
Powered by ViewVC 1.1.5