Hi guys,
Wow this detail of feedback, recieved so fast, is great.
Evidently I didn't get it right the first time. Please bear with me -
this is my first rule attempt.
I've spent another hour or so and I think I have it right this time.
Please if you would try the attached cf file against your mass checkers
we should find a more positive result!
FILE: 01_software_DW.cf
Sincerely,
Daniel
#test cf file to run against software spam email
#Tries to match several attributes within the email
#Written by Daniel Watts Oct 2005 and submitted to the spamassassin list for
public assesment and use.
required_hits 9
rewrite_subject 1
subject_tag [SPAM]
report_safe 0
#matches Software in the subject
header SOFTWARE_SPAM_SUBJECT1 Subject =~ /Software/
#matches "New software on our site:" on it's own line
body SOFTWARE_SPAM_BODY1 /^New software on our site: *$/
#matches $xx.xx at least 5 times
body SOFTWARE_SPAM_BODY2 /((\$\d{1,3}\.\d{0,2}).*){5,}/s
#matches at least 10 hyphens with spaces round them
body SOFTWARE_SPAM_BODY3 /([^-]*( \- )){10,}/
#matches "Our site:" on it's own line
body SOFTWARE_SPAM_BODY4 /^Our site:/
#matches url with 4 parts
body SOFTWARE_SPAM_BODY5
/http:\/\/(([a-zA-Z0-9]+[a-zA-Z0-9_-]*)\.){3,}([a-zA-Z0-9]+[a-zA-Z0-9_-]*)/
meta SOFTWARE_SPAM (SOFTWARE_SPAM_SUBJECT1 && SOFTWARE_SPAM_BODY1 &&
SOFTWARE_SPAM_BODY2 && SOFTWARE_SPAM_BODY3 && SOFTWARE_SPAM_BODY4 &&
SOFTWARE_SPAM_BODY5)
describe SOFTWARE_SPAM Unsolicited message selling software
#None of these should singly mark a message as spam
score SOFTWARE_SPAM_SUBJECT1 0.01
score SOFTWARE_SPAM_BODY1 0.01
score SOFTWARE_SPAM_BODY2 0.01
score SOFTWARE_SPAM_BODY3 0.01
score SOFTWARE_SPAM_BODY4 0.01
score SOFTWARE_SPAM_BODY5 0.01
#The collection is almost certainly spam
score SOFTWARE_SPAM 10
