Contents of /trunk/spamassassin_config/common/virus_spam

# joy, 2003-08-15
rawbody PIC_GIF                 /^Content-ID: <pic\d*\.gif>/i
describe PIC_GIF                pic*.gif in attachment, common spam/virus
score PIC_GIF                   3

header POSSIBLEVIRUS    Subject =~ /\{Virus\?\} /
describe POSSIBLEVIRUS  possible or cleaned virus tag found in Subject
score POSSIBLEVIRUS     2

# cjwatson, 2003/09/22 2003/10/02
header AV_SCAN          Subject =~ /AntiVirus scan results/
describe AV_SCAN        virus fallout
score AV_SCAN           4

# cjwatson, 2003/09/24
body CORREO_TERRA       /Antivirus de Correo de Terra/
describe CORREO_TERRA   virus fallout
score CORREO_TERRA      2

# cjwatson, 2003/09/24
body WEBSHIELD          /Network Associates WebShield SMTP.*detected virus/
describe WEBSHIELD      virus fallout
score WEBSHIELD         3

# cjwatson, 2003/09/25, joy 2003-10-01
header AV_ALERT         Subject =~ /^(Anti)?Virus Alert/
describe AV_ALERT       virus fallout
score AV_ALERT          4.5

# cjwatson, 2003/09/29
body INFECTED_OBJ       /because contains an infected object/
describe INFECTED_OBJ   virus fallout
score INFECTED_OBJ      4

# joy, 2003-10-01
header AV_RESULTS       Subject =~ /AntiVirus scan results/i
describe AV_ALERT       anti-virus spam
score AV_ALERT          4

# cjwatson, 2004-01-27
header IOL_ALERTA       Subject =~ /IOL - ALERTA de Virus/
describe IOL_ALERTA     misdirected antivirus
score IOL_ALERTA        4

# blarson 2004-04-10
rawbody ZIPCOMPRESSED   /application\/x-zip-compressed/i
describe ZIPCOMPRESSED  zip compressed attachment
score ZIPCOMPRESSED     2

# blarson 2005-04-29
header MICROVIRUS       subject =~ /(?:Current|Latest|Newest|New) (?:Microsoft|Internet|Net) (?:Security|Critical)? ?(?:Patch|Pack|Update|Upgrade)/i
describe MICROVIRUS     microsoft email virus
score MICROVIRUS        4

# blarson 2006-11-21
rawbody AVGMAIL         /\b\-\-\=\=\=\=\=\=\=AVGMAIL/
describe AVGMAIL        avg virus claim
score AVGMAIL           3

# don 2007-06-25 blarson 2007-06-28
# This is %PDF-1.1 base64 encoded
full PDFATTACH          /JVBERi0xLjE/
describe PDFATTACH      PDF Attachment
score PDFATTACH         2               

# blarson 2007-06-29
header PDFNAME          subject =~ /\w\.pdf\b/i
describe PDFNAME        pdf spam
score PDFNAME           3.5

# blarson 2007-07-18
rawbody APPPDF          /\bContent-Type\:\s+application\/pdf/i
describe APPPDF         pdf attachment
score APPPDF            2

# blarson 2007-09-01
body NOVIR              /^No virus found in this incoming message\./
describe NOVIR          bogus no virus
score NOVIR             1

# blarson 2008-08-09
header ANTIGEN          subject=~/Antigen Notification/
describe ANTIGEN        Antigen Notification
score ANTIGEN           4
1	# joy, 2003-08-15
2	rawbody PIC_GIF /^Content-ID: <pic\d*\.gif>/i
3	describe PIC_GIF pic*.gif in attachment, common spam/virus
4	score PIC_GIF 3
5
6	header POSSIBLEVIRUS Subject =~ /\{Virus\?\} /
7	describe POSSIBLEVIRUS possible or cleaned virus tag found in Subject
8	score POSSIBLEVIRUS 2
9
10	# cjwatson, 2003/09/22 2003/10/02
11	header AV_SCAN Subject =~ /AntiVirus scan results/
12	describe AV_SCAN virus fallout
13	score AV_SCAN 4
14
15	# cjwatson, 2003/09/24
16	body CORREO_TERRA /Antivirus de Correo de Terra/
17	describe CORREO_TERRA virus fallout
18	score CORREO_TERRA 2
19
20	# cjwatson, 2003/09/24
21	body WEBSHIELD /Network Associates WebShield SMTP.*detected virus/
22	describe WEBSHIELD virus fallout
23	score WEBSHIELD 3
24
25	# cjwatson, 2003/09/25, joy 2003-10-01
26	header AV_ALERT Subject =~ /^(Anti)?Virus Alert/
27	describe AV_ALERT virus fallout
28	score AV_ALERT 4.5
29
30	# cjwatson, 2003/09/29
31	body INFECTED_OBJ /because contains an infected object/
32	describe INFECTED_OBJ virus fallout
33	score INFECTED_OBJ 4
34
35	# joy, 2003-10-01
36	header AV_RESULTS Subject =~ /AntiVirus scan results/i
37	describe AV_ALERT anti-virus spam
38	score AV_ALERT 4
39
40	# cjwatson, 2004-01-27
41	header IOL_ALERTA Subject =~ /IOL - ALERTA de Virus/
42	describe IOL_ALERTA misdirected antivirus
43	score IOL_ALERTA 4
44
45	# blarson 2004-04-10
46	rawbody ZIPCOMPRESSED /application\/x-zip-compressed/i
47	describe ZIPCOMPRESSED zip compressed attachment
48	score ZIPCOMPRESSED 2
49
50	# blarson 2005-04-29
51	header MICROVIRUS subject =~ /(?:Current\|Latest\|Newest\|New) (?:Microsoft\|Internet\|Net) (?:Security\|Critical)? ?(?:Patch\|Pack\|Update\|Upgrade)/i
52	describe MICROVIRUS microsoft email virus
53	score MICROVIRUS 4
54
55	# blarson 2006-11-21
56	rawbody AVGMAIL /\b\-\-\=\=\=\=\=\=\=AVGMAIL/
57	describe AVGMAIL avg virus claim
58	score AVGMAIL 3
59
60	# don 2007-06-25 blarson 2007-06-28
61	# This is %PDF-1.1 base64 encoded
62	full PDFATTACH /JVBERi0xLjE/
63	describe PDFATTACH PDF Attachment
64	score PDFATTACH 2
65
66	# blarson 2007-06-29
67	header PDFNAME subject =~ /\w\.pdf\b/i
68	describe PDFNAME pdf spam
69	score PDFNAME 3.5
70
71	# blarson 2007-07-18
72	rawbody APPPDF /\bContent-Type\:\s+application\/pdf/i
73	describe APPPDF pdf attachment
74	score APPPDF 2
75
76	# blarson 2007-09-01
77	body NOVIR /^No virus found in this incoming message\./
78	describe NOVIR bogus no virus
79	score NOVIR 1
80
81	# blarson 2008-08-09
82	header ANTIGEN subject=~/Antigen Notification/
83	describe ANTIGEN Antigen Notification
84	score ANTIGEN 4