On 12/17/24 12:03 AM, fke...@apache.org wrote:
Author: fkento
Date: Mon Dec 16 23:03:42 2024
New Revision: 1922544

URL: http://svn.apache.org/viewvc?rev=1922544&view=rev
Log:
Add some rules for testing

Added:
     spamassassin/trunk/rulesrc/sandbox/fkento/
     spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf

Added: spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf
URL: 
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf?rev=1922544&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf Mon Dec 16 23:03:42 
2024
@@ -0,0 +1,61 @@
+
+uri-detail    MXG_EMAIL_FRAG  raw =~ 
/^http.*\#[a-zA-Z0-9](?:[a-zA-Z0-9\+\_\=\.\-]*[a-zA-Z0-9])?@(?:[a-z0-9_](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/i
 domain !~ /^typeform\.com$/
+score         MXG_EMAIL_FRAG  0.1
+describe      MXG_EMAIL_FRAG  URI with email in fragment
+
You should use "ifplugin Mail::SpamAssassin::Plugin::URIDetail" before using 
the plugin.
Other then that, from man page it's "uri_detail", not "uri-detail".
 Thanks
  Giovanni


+uri-detail    MXG_BING_REDIR_SUSP  raw =~ 
/^https?:\/\/(www\.)?bing\.com(:443)?\/ck\//i text =~ 
/\b(cache|documents?|messages?|now|password|preview|refill|refuel|review|update|verify|view)\b/i
+score         MXG_BING_REDIR_SUSP  0.1
+describe      MXG_BING_REDIR_SUSP  Suspicious Bing redirect
+
+header        __MXG_SPOOFED_DOCUSIGN01  From:name =~ /docusign/i
+header        __MXG_SPOOFED_DOCUSIGN02  Received =~ /\bdocusign\.(com|net)\s/i
+meta          MXG_SPOOFED_DOCUSIGN  __MXG_SPOOFED_DOCUSIGN01 && 
!__MXG_SPOOFED_DOCUSIGN02 && !__VIA_ML
+score         MXG_SPOOFED_DOCUSIGN  0.1
+describe      MXG_SPOOFED_DOCUSIGN  Docusign spoofing
+
+uri           __MXG_GOOGLE_FOREIGN_REDIR01  
/https?:\/\/(www\.)?google\.(com?\.)?\w\w(?<!ca|uk|za|%{MXG_FROM_TLD})\/(url|amp)/i
+meta          MXG_GOOGLE_FOREIGN_REDIR  __MXG_GOOGLE_FOREIGN_REDIR01 && 
!__MXG_NOT_ENGLISH
+score         MXG_GOOGLE_FOREIGN_REDIR  0.1
+describe      MXG_GOOGLE_FOREIGN_REDIR  Foreign Google redirect
+
+header        __MXG_NOT_ENGLISH  X-Languages =~ /^(?!en)\w+/
+score         __MXG_NOT_ENGLISH  0.1
+describe      __MXG_NOT_ENGLISH  Not English
+
+header        __MXG_FROM_TLD  From:addr =~ 
/\.(?<MXG_FROM_TLD>(?:\w+|com?\.)?\w{2})$/i
+describe      __MXG_FROM_TLD  Capture From TLD
+
+header        __MXG_PAYPAL_SCAM01  From:addr =~ /^service@paypal\.com(\.mx)?$/
+header        __MXG_PAYPAL_SCAM02  Subject =~ 
/invoice|estimate|request|reminder from|accept/i
+body          __MXG_PAYPAL_SCAM03  /888-221-1161/
+meta          MXG_PAYPAL_SCAM  __MXG_PAYPAL_SCAM01 && __MXG_PAYPAL_SCAM02 && 
(__MXG_HAS_PHONE || T_MXG_PHONE_OBFU) && !__MXG_PAYPAL_SCAM03
+score         MXG_PAYPAL_SCAM  0.1
+describe      MXG_PAYPAL_SCAM  Paypal scam
+
+body         __MXG_HAS_PHONE01  
/\b1?\d{3}[^a-zA-Z0-9]+\d{3}[^a-zA-Z0-9]+\d{4}\b/
+body         __MXG_HAS_PHONE02  /\b0[\s)]*(?:\d{3} \d{3} \d{4}|\d{4} 
\d{6}|\d{4} \d{3} \d{3}|\d{2} \d{4} \d{4})\b/
+body         __MXG_HAS_PHONE03  /\b0?(?:\d{1}\)? \d{4} \d{4}|\d{3} \d{3} 
\d{3})\b/
+uri           __MXG_HAS_PHONE04  /tel:/
+body         __MXG_HAS_PHONE05  /\+1([\W_]*[0-9]){10}(?![\W_]*[0-9])/
+meta          __MXG_HAS_PHONE  __MXG_HAS_PHONE01 || __MXG_HAS_PHONE02 || 
__MXG_HAS_PHONE03 || __MXG_HAS_PHONE04 || __MXG_HAS_PHONE05
+score         __MXG_HAS_PHONE  0.001
+describe      __MXG_HAS_PHONE  Has a phone number
+
+body         __T_MXG_PHONE_OBFU01  
/\b[1I]?[\dOIl]{3}[^a-zA-Z0-9]+[\dOIl]{3}[^a-zA-Z0-9]+[\dOIl]{4}\b/
+meta          T_MXG_PHONE_OBFU  __T_MXG_PHONE_OBFU01 && !__MXG_HAS_PHONE
+score         T_MXG_PHONE_OBFU  0.001
+describe      T_MXG_PHONE_OBFU  Attempt to obfuscate a phone number
+
+meta          MXG_LOWER_HDR_SPAM  (FREEMAIL_FROM || (__FROM_RUNON && 
__MXG_UNSUB_LINK)) && __MXG_LOWER_HDR
+score         MXG_LOWER_HDR_SPAM  0.001
+describe      MXG_LOWER_HDR_SPAM  Lower case header spam
+
+uri-detail    __MXG_UNSUB_LINK01  text =~ /unsubscribe|opt[\s-]out/i
+uri           __MXG_UNSUB_LINK02  /\b(?:unsub|opt(?:ing)?.?out)\b/i
+rawbody       __MXG_UNSUB_LINK03  /click here<\/a> to unsubscribe/i
+meta          __MXG_UNSUB_LINK  __MXG_UNSUB_LINK01 || __MXG_UNSUB_LINK02 || 
__MXG_UNSUB_LINK03
+describe      __MXG_UNSUB_LINK  Contains an unsubscribe link
+
+header        __MXG_LOWER_HDR  ALL:raw =~ /^(from|to|subject):\s/m
+score         __MXG_LOWER_HDR  0.001
+describe      __MXG_LOWER_HDR  lower case header
\ No newline at end of file



Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to