proxmox-mirrors/proxmox-spamassassin
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-spamassassin synced 2025-04-28 12:19:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update SpamAssassin signatures

Browse Source 
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2023-03-23 17:52:57 +01:00
parent 524f111508
commit 21dcadbf05
25 changed files with 573 additions and 453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sa-updates/20_advance_fee.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# predicate naming used to avoid renumbering
# 1. assign new rules a random unique three letter sequence

2
sa-updates/20_body_tests.cf
View File

@ -30,7 +30,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################
# GTUBE test - the generic test for UBE.

3
sa-updates/20_compensate.cf
View File

@ -24,9 +24,10 @@
###########################################################################
# Header compensation tests
require_version 3.004006
require_version 4.000000
header __HAS_RCVD exists:Received
priority __HAS_RCVD -2000 # Bug 8078
meta NO_RECEIVED (!__HAS_RCVD)
tflags NO_RECEIVED nice userconf
describe NO_RECEIVED Informational: message has no Received headers

2
sa-updates/20_dnsbl_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################

2
sa-updates/20_drugs.cf
View File

@ -31,7 +31,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################
# header rules

2
sa-updates/20_dynrdns.cf
View File

@ -25,7 +25,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# ---------------------------------------------------------------------------

2
sa-updates/20_fake_helo_tests.cf
View File

@ -25,7 +25,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
#---------------------------------------------------------------------------
# Handle hosts that look like HELO_DYNAMIC hosts

6
sa-updates/20_head_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################
@ -264,19 +264,23 @@ header NONEXISTENT_CHARSET Content-Type =~ /charset=.?DEFAULT/
describe NONEXISTENT_CHARSET Character set doesn't exist
header __HAS_MESSAGE_ID exists:Message-Id
priority __HAS_MESSAGE_ID -2000 # Bug 8078
meta MISSING_MID !__HAS_MESSAGE_ID
describe MISSING_MID Missing Message-Id: header
header __HAS_DATE exists:Date
priority __HAS_DATE -2000 # Bug 8078
meta MISSING_DATE !__HAS_DATE
describe MISSING_DATE Missing Date: header
header __HAS_SUBJECT exists:Subject
priority __HAS_SUBJECT -2000 # Bug 8078
meta MISSING_SUBJECT !__HAS_SUBJECT
describe MISSING_SUBJECT Missing Subject: header
# bug 6353
header __HAS_FROM exists:From
priority __HAS_FROM -2000 # Bug 8078
meta MISSING_FROM !__HAS_FROM
describe MISSING_FROM Missing From: header

3
sa-updates/20_html_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# HTML parser tests
#
@ -234,5 +234,6 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEEval
# __MIME_ATTACHMENT also used in 20_meta_tests.cf
body __MIME_ATTACHMENT eval:check_for_mime('mime_attachment')
priority __MIME_ATTACHMENT -2000 # Bug 8078
endif

6
sa-updates/20_meta_tests.cf
View File

@ -29,7 +29,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# some tests that will trigger FPs on ISO-2022-JP mails.
@ -60,8 +60,10 @@ describe PERCENT_RANDOM Message has a random macro in it
# __MIME_ATTACHMENT defined in 20_html_tests.cf
body __NONEMPTY_BODY /\S/
tflags __NONEMPTY_BODY nosubject
priority __NONEMPTY_BODY -2000 # Bug 8078
meta EMPTY_MESSAGE !__MIME_ATTACHMENT && !__NONEMPTY_BODY
describe EMPTY_MESSAGE Message appears to have no textual parts and no Subject: text
describe EMPTY_MESSAGE Message appears to have no textual parts
meta NO_HEADERS_MESSAGE (MISSING_DATE && MISSING_HEADERS && NO_RECEIVED && NO_RELAYS && MISSING_MID)
describe NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers

2
sa-updates/20_net_tests.cf
View File

@ -30,7 +30,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# bug 2220. nice results
meta DIGEST_MULTIPLE RAZOR2_CHECK + DCC_CHECK + PYZOR_CHECK > 1

2
sa-updates/20_phrases.cf
View File

@ -27,7 +27,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################

2
sa-updates/20_porn.cf
View File

@ -27,7 +27,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################

2
sa-updates/20_uri_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# possible IDN spoofing attack: https://web.archive.org/web/20141006091906/https://www.shmoo.com/idn/homograph.txt
# not expecting any hits on this (yet)

2
sa-updates/23_bayes.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
###########################################################################

2
sa-updates/25_dkim.cf
View File

@ -117,7 +117,7 @@ if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
full ARC_VALID eval:check_arc_valid()
describe ARC_VALID Message has a valid ARC signature
tflags ARC_VALID net
tflags ARC_VALID net nice
reuse ARC_VALID
meta ARC_INVALID ARC_SIGNED && !ARC_VALID

15
sa-updates/25_uribl.cf
View File

@ -174,11 +174,12 @@ endif
#tflags URIBL_SC_SURBL net notrim
#reuse URIBL_SC_SURBL
urirhssub URIBL_WS_SURBL multi.surbl.org. A 4
body URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL')
describe URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
tflags URIBL_WS_SURBL net notrim
reuse URIBL_WS_SURBL
#REMOVED per bug 8093
#urirhssub URIBL_WS_SURBL multi.surbl.org. A 4
#body URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL')
#describe URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
#tflags URIBL_WS_SURBL net notrim
#reuse URIBL_WS_SURBL
urirhssub URIBL_PH_SURBL multi.surbl.org. A 8
body URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL')
@ -308,7 +309,7 @@ uridnsbl_skip_domain real.com redhat.com regions.com regionsnet.com
uridnsbl_skip_domain rogers.com rr.com sbcglobal.net sec.gov sf.net
uridnsbl_skip_domain shaw.ca shockwave.com smithbarney.com
uridnsbl_skip_domain sourceforge.net spamcop.net speedera.net sportsline.com
uridnsbl_skip_domain sun.com suntrust.com sympatico.ca t-online.de
uridnsbl_skip_domain sun.com suntrust.com t-online.de
uridnsbl_skip_domain tails.nl telus.net terra.com.br ticketmaster.com
uridnsbl_skip_domain tinyurl.com tiscali.co.uk tom.com
uridnsbl_skip_domain tone.co.nz tux.org uol.com.br
@ -346,7 +347,7 @@ uridnsbl_skip_domain amazon.de amazonses.com bandcamp.com
uridnsbl_skip_domain booking.com cdninstagram.com dhl.com
uridnsbl_skip_domain dhl.fi dna.fi domain.fi dpd.de dropbox.com ebay.fr
uridnsbl_skip_domain elisa.fi elisanet.fi emltrk.com fbcdn.net ficora.fi
uridnsbl_skip_domain gappssmtp.com github.com goo.gl google-analytics.com
uridnsbl_skip_domain gappssmtp.com github.com google-analytics.com
uridnsbl_skip_domain google.de google.fi googleusercontent.com
uridnsbl_skip_domain gstatic.com hotels.com ikea.com images-amazon.com
uridnsbl_skip_domain inet.fi instagram.com kolumbus.fi licdn.com linkedin.com

5
sa-updates/25_url_shortener.cf
View File

@ -54,6 +54,7 @@ score URL_SHORTENER_DISABLED 2
#
# generic list of likely active services - cleaned up 25.05.2022
url_shortener .app.link
url_shortener .ftn.app
url_shortener .page.link
url_shortener .short.gy
@ -113,6 +114,7 @@ url_shortener lnk.sk
url_shortener lnkd.in
url_shortener lnkiy.in
url_shortener lru.jp
url_shortener lukora.cz
url_shortener mrte.ch
url_shortener n9.cl
url_shortener ndurl.com
@ -125,6 +127,7 @@ url_shortener rb.gy
url_shortener redir.ec
url_shortener rotf.lol
url_shortener s.apache.org
url_shortener s.free.fr
url_shortener s.id
url_shortener shar.es
url_shortener shorl.com
@ -295,7 +298,7 @@ if !can(Mail::SpamAssassin::Plugin::DecodeShortURLs::has_short_url_redir)
## perl -pe 'while (<>) {/^\s*url_shortener\s+(\S+)/ or next;$s=quotemeta($1);$s=~s/^\\./\\w+\\./;push @a,$s} print "uri __URL_SHORTENER m,^https?://(?:".join("|",@a).")/,i\n"' < 25_url_shortener.cf
##
uri __URL_SHORTENER m,^https?://(?:\w+\.ftn\.app|\w+\.page\.link|\w+\.short\.gy|\w+\.shortz\.me|0rz\.tw|4sq\.com|4url\.cc|afly\.co|ai6\.net|amzn\.com|amzn\.to|b\.link|b23\.ru|binged\.it|bit\.do|bit\.ly|bitly\.com|bizj\.us|chilp\.it|conta\.cc|crks\.me|cutt\.ly|cutwin\.biz|dai\.ly|db\.tt|disq\.us|dlvr\.it|doi\.org|doiop\.com|eepurl\.com|fb\.me|fire\.to|firsturl\.de|firsturl\.net|flic\.kr|gdurl\.com|go\.ly|goo\.gl|goolnk\.com|gplinks\.in|guest\.link|hellotxt\.com|hop\.kz|hotshorturl\.com|hub\.am|huff\.to|hurl\.it|hyperurl\.co|inx\.lv|is\.gd|it2\.in|j\.mp|kore\.us|kurl\.no|l\.bestsellers\.to|lnk\.sk|lnkd\.in|lnkiy\.in|lru\.jp|mrte\.ch|n9\.cl|ndurl\.com|onion\.com|ouo\.io|ow\.ly|owl\.li|pduda\.mobi|rb\.gy|redir\.ec|rotf\.lol|s\.apache\.org|s\.id|shar\.es|shorl\.com|shortn\.me|shorturl\.at|simurl\.net|slidesha\.re|smarturl\.it|smfu\.in|snip\.ly|snkr\.me|stpmvt\.com|t\.co|t\.ly|tcrn\.ch|tgr\.ph|tiny\.cc|tiny\.one|tiny\.pl|tinylink\.in|tinyurl\.com|to\.ly|trib\.al|twixar\.me|u\.nu|u\.to|url\.ie|urlcut\.com|urlday\.cc|urls\.im|urlz\.at|urlzs\.com|utfg\.sk|wow\.link|wp\.me|x\.co|x\.hypem\.com|xurl\.es|yhoo\.it|youtu\.be|z23\.ru|zurl\.ws|www\.shrunken\.com|0\.gp|2\.gp|2\.ly|3\.ly|4\.gp|4\.ly|5\.gp|6\.gp|6\.ly|7\.ly|8\.ly|9\.ly|g\.asia|p\.asia|ur3\.us|alturl\.com|\w+\.1sta\.com|\w+\.24ex\.com|\w+\.2fear\.com|\w+\.2fortune\.com|\w+\.2freedom\.com|\w+\.2hell\.com|\w+\.2savvy\.com|\w+\.2truth\.com|\w+\.2tunes\.com|\w+\.2ya\.com|\w+\.alturl\.com|\w+\.antiblog\.com|\w+\.bigbig\.com|\w+\.dealtap\.com|\w+\.ebored\.com|\w+\.echoz\.com|\w+\.filetap\.com|\w+\.funurl\.com|\w+\.headplug\.com|\w+\.hereweb\.com|\w+\.hitart\.com|\w+\.mirrorz\.com|\w+\.mp3update\.com|\w+\.shorturl\.com|\w+\.spyw\.com|\w+\.vze\.com|\w+\.arecool\.net|\w+\.iscool\.net|\w+\.isfun\.net|\w+\.tux\.nu|kisa\.link|www\.kisa\.link|bul\.tc|cy\.tc|fn\.tc|ftp\.tc|gr\.tc|hbr\.tc|heg\.tc|ins\.tc|ko\.tc|kod\.tc|lol\.tc|m2\.tc|ml\.tc|mmo\.tc|oy\.tc|pc\.tc|pubg\.tc|pvp\.tc|sro\.tc|tek\.link|tw\.tc|grabify\.link|catsnthing\.com|catsnthings\.fun|cheapcinema\.club|dateing\.club|fortnight\.space|fortnitechat\.site|freegiftcards\.co|gaming\-at\-my\.best|gamingfun\.me|headshot\.monster|imageshare\.best|joinmy\.site|leancoding\.co|locations\.quest|lovebird\.guru|myprivate\.pics|noodshare\.pics|partpicker\.shop|progaming\.monster|screenshare\.pics|screenshot\.best|shhh\.lol|shrekis\.life|sportshub\.bar|stopify\.co|trulove\.guru|yourmy\.monster)/,i
uri __URL_SHORTENER m,^https?://(?:\w+\.app\.link|\w+\.ftn\.app|\w+\.page\.link|\w+\.short\.gy|\w+\.shortz\.me|0rz\.tw|4sq\.com|4url\.cc|afly\.co|ai6\.net|amzn\.com|amzn\.to|b\.link|b23\.ru|binged\.it|bit\.do|bit\.ly|bitly\.com|bizj\.us|chilp\.it|conta\.cc|crks\.me|cutt\.ly|cutwin\.biz|dai\.ly|db\.tt|disq\.us|dlvr\.it|doi\.org|doiop\.com|eepurl\.com|fb\.me|fire\.to|firsturl\.de|firsturl\.net|flic\.kr|gdurl\.com|go\.ly|goo\.gl|goolnk\.com|gplinks\.in|guest\.link|hellotxt\.com|hop\.kz|hotshorturl\.com|hub\.am|huff\.to|hurl\.it|hyperurl\.co|inx\.lv|is\.gd|it2\.in|j\.mp|kore\.us|kurl\.no|l\.bestsellers\.to|lnk\.sk|lnkd\.in|lnkiy\.in|lru\.jp|lukora\.cz|mrte\.ch|n9\.cl|ndurl\.com|onion\.com|ouo\.io|ow\.ly|owl\.li|pduda\.mobi|rb\.gy|redir\.ec|rotf\.lol|s\.apache\.org|s\.free\.fr|s\.id|shar\.es|shorl\.com|shortn\.me|shorturl\.at|simurl\.net|slidesha\.re|smarturl\.it|smfu\.in|snip\.ly|snkr\.me|stpmvt\.com|t\.co|t\.ly|tcrn\.ch|tgr\.ph|tiny\.cc|tiny\.one|tiny\.pl|tinylink\.in|tinyurl\.com|to\.ly|trib\.al|twixar\.me|u\.nu|u\.to|url\.ie|urlcut\.com|urlday\.cc|urls\.im|urlz\.at|urlzs\.com|utfg\.sk|wow\.link|wp\.me|x\.co|x\.hypem\.com|xurl\.es|yhoo\.it|youtu\.be|z23\.ru|zurl\.ws|www\.shrunken\.com|0\.gp|2\.gp|2\.ly|3\.ly|4\.gp|4\.ly|5\.gp|6\.gp|6\.ly|7\.ly|8\.ly|9\.ly|g\.asia|p\.asia|ur3\.us|alturl\.com|\w+\.1sta\.com|\w+\.24ex\.com|\w+\.2fear\.com|\w+\.2fortune\.com|\w+\.2freedom\.com|\w+\.2hell\.com|\w+\.2savvy\.com|\w+\.2truth\.com|\w+\.2tunes\.com|\w+\.2ya\.com|\w+\.alturl\.com|\w+\.antiblog\.com|\w+\.bigbig\.com|\w+\.dealtap\.com|\w+\.ebored\.com|\w+\.echoz\.com|\w+\.filetap\.com|\w+\.funurl\.com|\w+\.headplug\.com|\w+\.hereweb\.com|\w+\.hitart\.com|\w+\.mirrorz\.com|\w+\.mp3update\.com|\w+\.shorturl\.com|\w+\.spyw\.com|\w+\.vze\.com|\w+\.arecool\.net|\w+\.iscool\.net|\w+\.isfun\.net|\w+\.tux\.nu|kisa\.link|www\.kisa\.link|bul\.tc|cy\.tc|fn\.tc|ftp\.tc|gr\.tc|hbr\.tc|heg\.tc|ins\.tc|ko\.tc|kod\.tc|lol\.tc|m2\.tc|ml\.tc|mmo\.tc|oy\.tc|pc\.tc|pubg\.tc|pvp\.tc|sro\.tc|tek\.link|tw\.tc|grabify\.link|catsnthing\.com|catsnthings\.fun|cheapcinema\.club|dateing\.club|fortnight\.space|fortnitechat\.site|freegiftcards\.co|gaming\-at\-my\.best|gamingfun\.me|headshot\.monster|imageshare\.best|joinmy\.site|leancoding\.co|locations\.quest|lovebird\.guru|myprivate\.pics|noodshare\.pics|partpicker\.shop|progaming\.monster|screenshare\.pics|screenshot\.best|shhh\.lol|shrekis\.life|sportshub\.bar|stopify\.co|trulove\.guru|yourmy\.monster)/,i
endif

2
sa-updates/30_text_de.cf
View File

@ -348,7 +348,7 @@ endif
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
lang de describe URIBL_SBL Enthält URL in SBL-Liste (https://www.spamhaus.org/sbl/)
#lang de describe URIBL_SC_SURBL Enthält URL in SC-Liste (www.surbl.org) - removed bug 7279
lang de describe URIBL_WS_SURBL Enthält URL in WS-Liste (www.surbl.org)
#lang de describe URIBL_WS_SURBL Enthält URL in WS-Liste (www.surbl.org)
lang de describe URIBL_PH_SURBL Enthält URL in PH-Liste (www.surbl.org)
#lang de describe URIBL_OB_SURBL Enthält URL in OB-Liste (www.surbl.org) - REMOVED BUG 6853
#lang de describe URIBL_AB_SURBL Enthält URL in AB-Liste (www.surbl.org) - removed bug 7279

4
sa-updates/30_text_pt_br.cf
View File

@ -353,7 +353,7 @@ lang pt_BR describe UPPERCASE_75_100 Mensagem possui de 75% a 100% de textos em
lang pt_BR describe INVALID_MSGID Message-ID inválido, de acordo com a RFC-2822
lang pt_BR describe FORGED_MUA_MOZILLA Email forjado, tentando se passar como da Mozilla
lang pt_BR describe PERCENT_RANDOM Mensagem contém uma macro randômica
lang pt_BR describe EMPTY_MESSAGE Mensagem parece não conter texto no conteúdo e no Assunto.
lang pt_BR describe EMPTY_MESSAGE Mensagem parece não conter texto no conteúdo.
lang pt_BR describe NO_HEADERS_MESSAGE Mensagem parece não conter grande parte dos cabeçalhos RFC-822
# 20_net_tests.cf
@ -583,7 +583,7 @@ lang pt_BR describe URIBL_SBL Cont
lang pt_BR describe URIBL_DBL_SPAM Contém uma URL listada na blocklist DBL blocklist
lang pt_BR describe URIBL_DBL_ERROR Erro: Consultou a DBL por um IP
#lang pt_BR describe URIBL_SC_SURBL Contém uma URL listada na blocklist SC SURBL - removed bug 7279
lang pt_BR describe URIBL_WS_SURBL Contém uma URL listada na blocklist WS SURBL
#lang pt_BR describe URIBL_WS_SURBL Contém uma URL listada na blocklist WS SURBL
lang pt_BR describe URIBL_PH_SURBL Contém uma URL listada na blocklist PH SURBL
#lang pt_BR describe URIBL_OB_SURBL Contém uma URL listada na blocklist OB SURBL - REMOVED BUG 6853
#lang pt_BR describe URIBL_AB_SURBL Contém uma URL listada na blocklist AB SURBL - removed bug 7279

2
sa-updates/50_scores.cf
View File

@ -814,7 +814,7 @@ score URIBL_CSS 0 0.1 0 0.1
score URIBL_SBL_A 0 0.1 0 0.1
score URIBL_CSS_A 0 0.1 0 0.1
#score URIBL_SC_SURBL 0 0.001 0 0.568 # n=0 n=2 - removed bug 7279
score URIBL_WS_SURBL 0 1.659 0 1.608 # n=0 n=2
#score URIBL_WS_SURBL 0 1.659 0 1.608 # n=0 n=2 - Removed bug 8093
score URIBL_MW_SURBL 0 1.263 0 1.263
score URIBL_CR_SURBL 0 1.263 0 1.263
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

20
sa-updates/60_welcomelist.cf
View File

@ -35,7 +35,7 @@ ifplugin Mail::SpamAssassin::Plugin::WLBLEval
if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
header USER_IN_BLOCKLIST eval:check_from_in_blocklist()
describe USER_IN_BLOCKLIST From: user is listed in the block-list
tflags USER_IN_BLOCKLIST userconf nice noautolearn
tflags USER_IN_BLOCKLIST userconf noautolearn
score USER_IN_BLOCKLIST 100
# Backwards compatibility
@ -43,7 +43,7 @@ if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
meta USER_IN_BLACKLIST (USER_IN_BLOCKLIST)
describe USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST
tflags USER_IN_BLACKLIST userconf nice noautolearn
tflags USER_IN_BLACKLIST userconf noautolearn
score USER_IN_BLACKLIST 100
score USER_IN_BLOCKLIST 0.01
endif
@ -51,12 +51,12 @@ endif
if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
header USER_IN_BLOCKLIST eval:check_from_in_blacklist()
describe USER_IN_BLOCKLIST From: user is listed in the block-list
tflags USER_IN_BLOCKLIST userconf nice noautolearn
tflags USER_IN_BLOCKLIST userconf noautolearn
score USER_IN_BLOCKLIST 0.01
meta USER_IN_BLACKLIST (USER_IN_BLOCKLIST)
describe USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST
tflags USER_IN_BLACKLIST userconf nice noautolearn
tflags USER_IN_BLACKLIST userconf noautolearn
score USER_IN_BLACKLIST 100
endif
@ -115,13 +115,13 @@ endif
if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
header USER_IN_BLOCKLIST_TO eval:check_to_in_blocklist()
describe USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to'
tflags USER_IN_BLOCKLIST_TO userconf nice noautolearn
tflags USER_IN_BLOCKLIST_TO userconf noautolearn
score USER_IN_BLOCKLIST_TO 10
if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
meta USER_IN_BLACKLIST_TO (USER_IN_BLOCKLIST_TO)
describe USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO
tflags USER_IN_BLACKLIST_TO userconf nice noautolearn
tflags USER_IN_BLACKLIST_TO userconf noautolearn
score USER_IN_BLACKLIST_TO 10
score USER_IN_BLOCKLIST_TO 0.01
endif
@ -129,12 +129,12 @@ endif
if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
header USER_IN_BLOCKLIST_TO eval:check_to_in_blacklist()
describe USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to'
tflags USER_IN_BLOCKLIST_TO userconf nice noautolearn
tflags USER_IN_BLOCKLIST_TO userconf noautolearn
score USER_IN_BLOCKLIST_TO 0.01
meta USER_IN_BLACKLIST_TO (USER_IN_BLOCKLIST_TO)
describe USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO
tflags USER_IN_BLACKLIST_TO userconf nice noautolearn
tflags USER_IN_BLACKLIST_TO userconf noautolearn
score USER_IN_BLACKLIST_TO 10
endif
@ -166,11 +166,11 @@ endif
header USER_IN_MORE_SPAM_TO eval:check_to_in_more_spam()
describe USER_IN_MORE_SPAM_TO User is listed in 'more_spam_to'
tflags USER_IN_MORE_SPAM_TO userconf nice noautolearn
tflags USER_IN_MORE_SPAM_TO userconf noautolearn
header USER_IN_ALL_SPAM_TO eval:check_to_in_all_spam()
describe USER_IN_ALL_SPAM_TO User is listed in 'all_spam_to'
tflags USER_IN_ALL_SPAM_TO userconf nice noautolearn
tflags USER_IN_ALL_SPAM_TO userconf noautolearn
if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
body URI_HOST_IN_BLOCKLIST eval:check_uri_host_in_blocklist()

535
sa-updates/72_active.cf
View File

File diff suppressed because one or more lines are too long

399
sa-updates/72_scores.cf
View File

@ -1,7 +1,8 @@
score ACCT_PHISHING_MANY 1.000 1.000 1.000 1.000
score AC_BR_BONANZA 0.001 0.001 0.001 0.001
score AC_DIV_BONANZA 0.001 0.001 0.001 0.001
score AC_FROM_MANY_DOTS 2.999 2.999 2.999 2.999
score AC_HTML_NONSENSE_TAGS 2.000 1.999 2.000 1.999
score AC_FROM_MANY_DOTS 2.999 1.544 2.999 1.544
score AC_HTML_NONSENSE_TAGS 1.999 1.999 1.999 1.999
score AC_POST_EXTRAS 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS1 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS10 1.000 1.000 1.000 1.000
@ -12,272 +13,270 @@ score AC_SPAMMY_URI_PATTERNS3 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS4 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS8 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS9 1.000 1.000 1.000 1.000
score ADMITS_SPAM 3.200 3.113 3.200 3.113
score ADULT_DATING_COMPANY 10.000 10.000 10.000 10.000
score ADVANCE_FEE_2_NEW_FORM 1.000 1.000 1.000 1.000
score ADVANCE_FEE_2_NEW_FRM_MNY 1.000 1.000 1.000 1.000
score ADVANCE_FEE_2_NEW_MONEY 1.999 1.999 1.999 1.999
score ADVANCE_FEE_3_NEW 2.039 3.448 2.039 3.448
score ADVANCE_FEE_3_NEW_MONEY 0.342 2.523 0.342 2.523
score ADVANCE_FEE_4_NEW 2.400 2.192 2.400 2.192
score ADVANCE_FEE_4_NEW_MONEY 1.643 1.642 1.643 1.642
score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 0.001 0.001 0.001
score ADVANCE_FEE_5_NEW_MONEY 0.001 0.001 0.001 0.001
score AD_PREFS 0.499 0.001 0.499 0.001
score ADVANCE_FEE_2_NEW_MONEY 2.000 1.999 2.000 1.999
score ADVANCE_FEE_3_NEW 3.499 3.499 3.499 3.499
score ADVANCE_FEE_3_NEW_MONEY 2.399 2.399 2.399 2.399
score ADVANCE_FEE_4_NEW 2.199 2.199 2.199 2.199
score ADVANCE_FEE_4_NEW_FRM_MNY 0.001 0.001 0.001 0.001
score ADVANCE_FEE_4_NEW_MONEY 2.485 2.499 2.485 2.499
score ADVANCE_FEE_5_NEW 2.199 0.821 2.199 0.821
score ADVANCE_FEE_5_NEW_FRM_MNY 1.592 2.202 1.592 2.202
score ADVANCE_FEE_5_NEW_MONEY 2.136 0.001 2.136 0.001
score AD_PREFS 0.366 0.097 0.366 0.097
score ALIBABA_IMG_NOT_RCVD_ALI 1.000 1.000 1.000 1.000
score AMAZON_IMG_NOT_RCVD_AMZN 0.001 0.001 0.001 0.001
score AMAZON_IMG_NOT_RCVD_AMZN 0.001 1.845 0.001 1.845
score APP_DEVELOPMENT_FREEM 1.000 1.000 1.000 1.000
score APP_DEVELOPMENT_NORDNS 1.000 1.000 1.000 1.000
score ARC_SIGNED 0.001 0.001 0.001 0.001
score ARC_VALID 0.001 0.001 0.001 0.001
score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 0.001 0.001 0.001
score AXB_X_FF_SEZ_S 3.099 3.100 3.099 3.100
score BAT_BDRY_TO_MALF 2.499 1.637 2.499 1.637
score AXB_X_FF_SEZ_S 2.700 1.196 2.700 1.196
score BEBEE_IMG_NOT_RCVD_BB 1.000 1.000 1.000 1.000
score BIGNUM_EMAILS_FREEM 1.336 0.017 1.336 0.017
score BIGNUM_EMAILS_MANY 2.743 1.670 2.743 1.670
score BIGNUM_EMAILS_FREEM 1.000 0.384 1.000 0.384
score BIGNUM_EMAILS_MANY 1.000 1.000 1.000 1.000
score BITCOIN_BOMB 1.000 1.000 1.000 1.000
score BITCOIN_DEADLINE 1.753 1.000 1.753 1.000
score BITCOIN_EXTORT_01 2.102 2.692 2.102 2.692
score BITCOIN_DEADLINE 1.500 1.449 1.500 1.449
score BITCOIN_EXTORT_01 4.500 0.941 4.500 0.941
score BITCOIN_EXTORT_02 1.000 1.000 1.000 1.000
score BITCOIN_IMGUR 1.000 1.000 1.000 1.000
score BITCOIN_MALF_HTML 2.095 0.142 2.095 0.142
score BITCOIN_MALWARE 1.043 0.001 1.043 0.001
score BITCOIN_MALF_HTML 3.499 3.084 3.499 3.084
score BITCOIN_MALWARE 2.094 2.501 2.094 2.501
score BITCOIN_OBFU_SUBJ 1.000 1.000 1.000 1.000
score BITCOIN_ONAN 2.011 2.867 2.011 2.867
score BITCOIN_ONAN 1.000 1.000 1.000 1.000
score BITCOIN_PAY_ME 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_01 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_02 2.189 1.279 2.189 1.279
score BITCOIN_SPAM_03 2.225 0.919 2.225 0.919
score BITCOIN_SPAM_04 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_05 0.001 2.027 0.001 2.027
score BITCOIN_SPAM_02 0.001 0.001 0.001 0.001
score BITCOIN_SPAM_03 1.000 2.499 1.000 2.499
score BITCOIN_SPAM_04 1.000 0.184 1.000 0.184
score BITCOIN_SPAM_05 0.001 2.475 0.001 2.475
score BITCOIN_SPAM_06 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_07 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_08 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_09 1.499 1.499 1.499 1.499
score BITCOIN_SPAM_09 1.000 1.092 1.000 1.092
score BITCOIN_SPAM_10 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_11 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_12 1.000 1.000 1.000 1.000
score BITCOIN_SPF_ONLYALL 0.001 1.000 0.001 1.000
score BITCOIN_XPRIO 1.051 0.001 1.051 0.001
score BITCOIN_YOUR_INFO 1.268 0.708 1.268 0.708
score BODY_URI_ONLY 2.499 1.958 2.499 1.958
score BITCOIN_XPRIO 0.234 0.001 0.234 0.001
score BITCOIN_YOUR_INFO 3.000 1.481 3.000 1.481
score BODY_SINGLE_URI 1.004 0.302 1.004 0.302
score BODY_URI_ONLY 1.154 1.654 1.154 1.654
score BOGUS_MIME_VERSION 1.000 1.000 1.000 1.000
score BOGUS_MSM_HDRS 1.126 0.001 1.126 0.001
score BOGUS_MSM_HDRS 1.000 1.000 1.000 1.000
score BOMB_FREEM 1.000 1.000 1.000 1.000
score BOMB_MONEY 1.000 1.000 1.000 1.000
score BTC_ORG 1.000 1.000 1.000 1.000
score BULK_RE_SUSP_NTLD 0.999 1.000 0.999 1.000
score BULK_RE_SUSP_NTLD 1.000 1.000 1.000 1.000
score CANT_SEE_AD 1.000 1.000 1.000 1.000
score CK_HELO_GENERIC 0.249 0.001 0.249 0.001
score COMMENT_GIBBERISH 1.000 1.000 1.000 1.000
score COMPENSATION 1.000 1.000 1.000 1.000
score CONTENT_AFTER_HTML 1.000 1.000 1.000 1.000
score CONTENT_AFTER_HTML_WEAK 1.000 1.000 1.000 1.000
score CTE_8BIT_MISMATCH 0.999 0.001 0.999 0.001
score DATE_IN_FUTURE_Q_PLUS 2.700 2.700 2.700 2.700
score CTE_8BIT_MISMATCH 0.999 0.163 0.999 0.163
score DAY_I_EARNED 1.000 1.000 1.000 1.000
score DEAR_BENEFICIARY 1.641 2.148 1.641 2.148
score DKIMWL_BL 0.001 1.000 0.001 1.000
score DEAR_BENEFICIARY 0.699 0.001 0.699 0.001
score DKIMWL_BL 0.001 1.295 0.001 1.295
score DKIMWL_BLOCKED 0.001 0.001 0.001 0.001
score DKIMWL_WL_HIGH 0.001 -0.001 0.001 -0.001
score DKIMWL_WL_MED 0.001 -0.001 0.001 -0.001
score DKIMWL_WL_MEDHI 0.001 -0.001 0.001 -0.001
score DKIMWL_WL_MEDHI 0.001 -0.263 0.001 -0.263
score DOTGOV_IMAGE 1.000 1.000 1.000 1.000
score DX_TEXT_03 1.200 1.299 1.200 1.299
score DYNAMIC_IMGUR 1.000 1.000 1.000 1.000
score EBAY_IMG_NOT_RCVD_EBAY 1.000 1.000 1.000 1.000
score ENCRYPTED_MESSAGE -1.000 -0.999 -1.000 -0.999
score END_FUTURE_EMAILS 2.499 1.000 2.499 1.000
score END_FUTURE_EMAILS 2.499 2.499 2.499 2.499
score ENVFROM_GOOG_TRIX 1.000 1.000 1.000 1.000
score FACEBOOK_IMG_NOT_RCVD_FB 1.000 1.000 1.000 1.000
score FBI_MONEY 0.227 0.911 0.227 0.911
score FBI_SPOOF 1.573 0.887 1.573 0.887
score FILL_THIS_FORM 0.952 1.000 0.952 1.000
score FACEBOOK_IMG_NOT_RCVD_FB 1.000 1.551 1.000 1.551
score FBI_MONEY 1.000 1.000 1.000 1.000
score FBI_SPOOF 1.000 1.000 1.000 1.000
score FILL_THIS_FORM 0.899 1.223 0.899 1.223
score FONT_INVIS_DIRECT 0.001 0.001 0.001 0.001
score FONT_INVIS_DOTGOV 1.000 1.000 1.000 1.000
score FONT_INVIS_HTML_NOHTML 1.000 1.000 1.000 1.000
score FONT_INVIS_LONG_LINE 2.999 2.999 2.999 2.999
score FONT_INVIS_MSGID 1.942 2.195 1.942 2.195
score FONT_INVIS_NORDNS 0.001 1.894 0.001 1.894
score FONT_INVIS_POSTEXTRAS 1.174 2.900 1.174 2.900
score FORM_FRAUD 0.999 0.999 0.999 0.999
score FORM_FRAUD_3 2.399 0.001 2.399 0.001
score FORM_FRAUD_5 0.001 1.742 0.001 1.742
score FONT_INVIS_LONG_LINE 1.286 0.726 1.286 0.726
score FONT_INVIS_MSGID 1.155 1.438 1.155 1.438
score FONT_INVIS_NORDNS 1.000 1.000 1.000 1.000
score FONT_INVIS_POSTEXTRAS 0.002 1.896 0.002 1.896
score FORGED_SPF_HELO 0.001 0.001 0.001 0.001
score FORM_FRAUD 0.999 1.000 0.999 1.000
score FORM_FRAUD_5 0.001 0.001 0.001 0.001
score FOUND_YOU 1.000 1.000 1.000 1.000
score FREEMAIL_FORGED_FROMDOMAIN 0.250 0.001 0.250 0.001
score FREEMAIL_FORGED_FROMDOMAIN 0.250 0.250 0.250 0.250
score FREEM_FRNUM_UNICD_EMPTY 1.000 1.000 1.000 1.000
score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 1.000 1.000 1.000
score FROM_2_EMAILS_SHORT 0.001 0.921 0.001 0.921
score FROM_ADDR_WS 3.000 2.999 3.000 2.999
score FROM_ADDR_WS 2.999 2.349 2.999 2.349
score FROM_BANK_NOAUTH 0.001 1.000 0.001 1.000
score FROM_FMBLA_NDBLOCKED 0.001 0.001 0.001 0.001
score FROM_FMBLA_NEWDOM 0.001 1.499 0.001 1.499
score FROM_FMBLA_NEWDOM14 0.001 0.999 0.001 0.999
score FROM_FMBLA_NEWDOM28 0.001 0.001 0.001 0.001
score FROM_GOV_DKIM_AU 0.001 -0.001 0.001 -0.001
score FROM_FMBLA_NEWDOM 0.001 1.000 0.001 1.000
score FROM_FMBLA_NEWDOM14 0.001 1.000 0.001 1.000
score FROM_FMBLA_NEWDOM28 0.001 0.799 0.001 0.799
score FROM_GOV_DKIM_AU 0.001 -0.766 0.001 -0.766
score FROM_GOV_REPLYTO_FREEMAIL 0.001 1.000 0.001 1.000
score FROM_GOV_SPOOF 0.001 1.000 0.001 1.000
score FROM_MISSPACED 1.999 1.999 1.999 1.999
score FROM_MISSP_DYNIP 1.928 0.042 1.928 0.042
score FROM_MISSP_EH_MATCH 1.999 1.201 1.999 1.201
score FROM_MISSP_FREEMAIL 0.001 1.149 0.001 1.149
score FROM_MISSP_MSFT 0.001 0.001 0.001 0.001
score FROM_MISSP_REPLYTO 2.199 0.001 2.199 0.001
score FROM_MISSPACED 1.999 1.601 1.999 1.601
score FROM_MISSP_EH_MATCH 2.000 1.399 2.000 1.399
score FROM_MISSP_FREEMAIL 2.699 0.001 2.699 0.001
score FROM_MISSP_MSFT 0.601 0.001 0.601 0.001
score FROM_MISSP_REPLYTO 1.199 0.901 1.199 0.901
score FROM_MISSP_SPF_FAIL 0.001 0.001 0.001 0.001
score FROM_MISSP_USER 0.001 0.001 0.001 0.001
score FROM_MULTI_NORDNS 1.332 1.895 1.332 1.895
score FROM_NEWDOM_BTC 0.001 1.000 0.001 1.000
score FROM_NTLD_LINKBAIT 1.000 1.000 1.000 1.000
score FROM_NTLD_REPLY_FREEMAIL 1.512 1.000 1.512 1.000
score FROM_NTLD_REPLY_FREEMAIL 1.000 1.000 1.000 1.000
score FROM_NUMBERO_NEWDOMAIN 0.001 1.000 0.001 1.000
score FROM_PAYPAL_SPOOF 0.001 1.599 0.001 1.599
score FROM_SUSPICIOUS_NTLD 0.500 0.001 0.500 0.001
score FROM_SUSPICIOUS_NTLD_FP 1.999 0.694 1.999 0.694
score FSL_BULK_SIG 0.001 0.001 0.001 0.001
score FROM_PAYPAL_SPOOF 0.001 1.451 0.001 1.451
score FROM_SUSPICIOUS_NTLD 0.499 0.499 0.499 0.499
score FROM_SUSPICIOUS_NTLD_FP 1.999 1.999 1.999 1.999
score FROM_UNBAL1 2.299 2.299 2.299 2.299
score FSL_BULK_SIG 0.001 0.815 0.001 0.815
score FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001
score FSL_HAS_TINYURL 2.799 2.699 2.799 2.699
score FSL_NEW_HELO_USER 0.001 0.001 0.001 0.001
score FUZZY_AMAZON 0.001 0.001 0.001 0.001
score FUZZY_BITCOIN 0.001 0.001 0.001 0.001
score FUZZY_IMPORTANT 2.700 1.190 2.700 1.190
score FUZZY_PORN 1.836 0.001 1.836 0.001
score FUZZY_SECURITY 2.399 2.299 2.399 2.299
score FUZZY_WALLET 1.799 0.001 1.799 0.001
score FUZZY_IMPORTANT 3.799 0.633 3.799 0.633
score FUZZY_WALLET 1.799 0.078 1.799 0.078
score GAPPY_SALES_LEADS_FREEM 1.000 1.000 1.000 1.000
score GB_BITCOIN_CP 2.645 2.999 2.645 2.999
score GB_BITCOIN_NH 1.994 0.001 1.994 0.001
score GB_CUSTOM_HTM_URI 0.350 0.036 0.350 0.036
score GB_FAKE_RF_SHORT 1.292 0.820 1.292 0.820
score GB_BITCOIN_CP 2.977 0.598 2.977 0.598
score GB_BITCOIN_NH 1.000 1.980 1.000 1.980
score GB_CUSTOM_HTM_URI 1.499 0.001 1.499 0.001
score GB_FAKE_RF_SHORT 1.000 1.000 1.000 1.000
score GB_FORGED_MUA_POSTFIX 1.000 1.000 1.000 1.000
score GB_FREEMAIL_DISPTO 0.499 0.166 0.499 0.166
score GB_FREEMAIL_DISPTO 0.001 0.001 0.001 0.001
score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 0.500 0.500 0.500
score GB_GOOGLE_OBFUR 0.750 0.750 0.750 0.750
score GB_HASHBL_BTC 0.001 0.562 0.001 0.562
score GB_HASHBL_BTC 0.001 0.504 0.001 0.504
score GB_STORAGE_GOOGLE_EMAIL 1.000 1.000 1.000 1.000
score GB_URI_FLEEK_STO_HTM 0.999 0.999 0.999 0.999
score GB_URI_FLEEK_STO_HTM 1.000 1.000 1.000 1.000
score GOOGLE_DOCS_PHISH 1.000 1.000 1.000 1.000
score GOOGLE_DOCS_PHISH_MANY 1.000 1.000 1.000 1.000
score GOOGLE_DOC_SUSP 1.000 1.000 1.000 1.000
score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 1.000 1.000 1.000
score GOOG_MALWARE_DNLD 1.000 1.000 1.000 1.000
score GOOG_REDIR_NORDNS 2.502 2.899 2.502 2.899
score GOOG_REDIR_HTML_ONLY 1.999 1.999 1.999 1.999
score GOOG_REDIR_NORDNS 2.600 2.900 2.600 2.900
score GOOG_STO_EMAIL_PHISH 1.000 1.000 1.000 1.000
score GOOG_STO_HTML_PHISH 1.000 1.000 1.000 1.000
score GOOG_STO_HTML_PHISH_MANY 1.000 1.000 1.000 1.000
score GOOG_STO_IMG_HTML 1.000 1.000 1.000 1.000
score GOOG_STO_IMG_NOHTML 2.500 2.499 2.500 2.499
score GOOG_STO_NOIMG_HTML 2.706 2.893 2.706 2.893
score GOOG_STO_IMG_NOHTML 1.000 2.500 1.000 2.500
score GOOG_STO_NOIMG_HTML 3.000 2.949 3.000 2.949
score HAS_X_NO_RELAY 1.000 1.000 1.000 1.000
score HAS_X_OUTGOING_SPAM_STAT 0.502 0.207 0.502 0.207
score HDRS_LCASE 0.100 0.001 0.100 0.001
score HDRS_LCASE_IMGONLY 0.099 0.099 0.099 0.099
score HDRS_MISSP 2.499 2.499 2.499 2.499
score HDR_ORDER_FTSDMCXX_DIRECT 0.001 0.001 0.001 0.001
score HDR_ORDER_FTSDMCXX_NORDNS 0.349 0.001 0.349 0.001
score HAS_X_OUTGOING_SPAM_STAT 0.502 0.001 0.502 0.001
score HDRS_LCASE 0.001 0.100 0.001 0.100
score HDRS_LCASE_IMGONLY 0.100 0.099 0.100 0.099
score HDRS_MISSP 2.499 0.718 2.499 0.718
score HDR_ORDER_FTSDMCXX_DIRECT 0.865 0.001 0.865 0.001
score HDR_ORDER_FTSDMCXX_NORDNS 0.001 0.001 0.001 0.001
score HEADER_FROM_DIFFERENT_DOMAINS 0.250 0.250 0.250 0.250
score HELO_MISC_IP 0.250 0.001 0.250 0.001
score HELO_NO_DOMAIN 0.001 0.001 0.001 0.001
score HEXHASH_WORD 1.000 1.000 1.000 1.000
score HEXHASH_WORD 1.000 1.973 1.000 1.973
score HK_CTE_RAW 1.000 1.000 1.000 1.000
score HK_LOTTO 0.999 0.242 0.999 0.242
score HK_LOTTO 1.000 0.120 1.000 0.120
score HK_NAME_MR_MRS 0.999 0.999 0.999 0.999
score HK_RANDOM_ENVFROM 1.000 0.001 1.000 0.001
score HK_RANDOM_FROM 0.999 1.000 0.999 1.000
score HK_RANDOM_ENVFROM 0.387 0.999 0.387 0.999
score HK_RANDOM_FROM 1.000 1.000 1.000 1.000
score HK_RANDOM_REPLYTO 0.999 1.000 0.999 1.000
score HK_RCVD_IP_MULTICAST 1.000 1.000 1.000 1.000
score HK_SCAM 1.999 1.999 1.999 1.999
score HOSTED_IMG_DIRECT_MX 0.001 0.001 0.001 0.001
score HK_WIN 1.000 1.000 1.000 1.000
score HOSTED_IMG_DIRECT_MX 0.001 2.707 0.001 2.707
score HOSTED_IMG_DQ_UNSUB 1.000 1.000 1.000 1.000
score HOSTED_IMG_FREEM 3.499 2.673 3.499 2.673
score HOSTED_IMG_FREEM 1.000 1.000 1.000 1.000
score HOSTED_IMG_MULTI 1.000 1.000 1.000 1.000
score HOSTED_IMG_MULTI_PUB_01 2.999 0.001 2.999 0.001
score HTML_ENTITY_ASCII 1.000 2.999 1.000 2.999
score HOSTED_IMG_MULTI_PUB_01 1.000 2.999 1.000 2.999
score HTML_ENTITY_ASCII 2.999 2.999 2.999 2.999
score HTML_ENTITY_ASCII_TINY 1.000 1.000 1.000 1.000
score HTML_FONT_TINY_NORDNS 1.999 1.824 1.999 1.824
score HTML_OFF_PAGE 2.601 2.996 2.601 2.996
score HTML_FONT_TINY_NORDNS 1.850 1.823 1.850 1.823
score HTML_OFF_PAGE 1.932 1.000 1.932 1.000
score HTML_SHRT_CMNT_OBFU_MANY 1.000 1.000 1.000 1.000
score HTML_SINGLET_MANY 2.499 1.000 2.499 1.000
score HTML_TAG_BALANCE_CENTER 1.940 3.099 1.940 3.099
score HTML_TEXT_INVISIBLE_FONT 1.999 0.258 1.999 0.258
score HTML_TEXT_INVISIBLE_STYLE 1.275 0.892 1.275 0.892
score HTML_SINGLET_MANY 2.499 2.455 2.499 2.455
score HTML_TAG_BALANCE_CENTER 2.899 2.799 2.899 2.799
score HTML_TEXT_INVISIBLE_FONT 1.402 1.111 1.402 1.111
score HTML_TEXT_INVISIBLE_STYLE 2.050 1.207 2.050 1.207
score IMG_ONLY_FM_DOM_INFO 1.000 1.000 1.000 1.000
score JH_SPAMMY_HEADERS 3.499 3.500 3.499 3.500
score JH_SPAMMY_HEADERS 3.499 3.499 3.499 3.499
score JH_SPAMMY_PATTERN01 1.000 1.000 1.000 1.000
score JH_SPAMMY_PATTERN02 1.000 1.000 1.000 1.000
score KHOP_FAKE_EBAY 0.001 0.001 0.001 0.001
score KHOP_HELO_FCRDNS 0.399 0.001 0.399 0.001
score KHOP_HELO_FCRDNS 0.399 0.399 0.399 0.399
score LINKEDIN_IMG_NOT_RCVD_LNKN 1.000 1.000 1.000 1.000
score LIST_PRTL_PUMPDUMP 1.000 1.000 1.000 1.000
score LIST_PRTL_SAME_USER 1.000 1.000 1.000 1.000
score LONG_HEX_URI 2.999 1.614 2.999 1.614
score LONG_IMG_URI 2.802 0.001 2.802 0.001
score LONG_INVISIBLE_TEXT 2.990 2.999 2.990 2.999
score LONG_HEX_URI 2.999 2.870 2.999 2.870
score LONG_IMG_URI 0.568 2.472 0.568 2.472
score LONG_INVISIBLE_TEXT 2.999 2.999 2.999 2.999
score LOTS_OF_MONEY 0.010 0.010 0.010 0.010
score LOTTO_AGENT 1.499 1.499 1.499 1.499
score LOTTO_AGENT 1.000 1.011 1.000 1.011
score LOTTO_DEPT 0.001 0.001 0.001 0.001
score LUCRATIVE 1.000 1.000 1.000 1.000
score MALFORMED_FREEMAIL 2.899 2.999 2.899 2.999
score MALF_HTML_B64 1.000 1.000 1.000 1.000
score MALWARE_NORDNS 0.001 0.126 0.001 0.126
score MALWARE_PASSWORD 1.000 1.000 1.000 1.000
score MAY_BE_FORGED 1.699 0.001 1.699 0.001
score MILLION_HUNDRED 0.241 1.309 0.241 1.309
score MILLION_USD 0.548 0.449 0.548 0.449
score MALWARE_NORDNS 0.937 2.591 0.937 2.591
score MALWARE_PASSWORD 2.970 3.499 2.970 3.499
score MALW_ATTACH 2.199 2.299 2.199 2.299
score MANY_SPAN_IN_TEXT 2.499 2.399 2.499 2.399
score MILLION_HUNDRED 0.595 1.738 0.595 1.738
score MILLION_USD 1.212 0.994 1.212 0.994
score MIMEOLE_DIRECT_TO_MX 0.001 0.001 0.001 0.001
score MIME_NO_TEXT 1.000 1.000 1.000 1.000
score MIXED_AREA_CASE 1.000 1.000 1.000 1.000
score MIXED_CENTER_CASE 1.000 1.000 1.000 1.000
score MIXED_ES 2.699 2.599 2.699 2.599
score MIXED_CENTER_CASE 1.000 1.596 1.000 1.596
score MIXED_ES 1.799 1.999 1.799 1.999
score MIXED_FONT_CASE 1.000 1.000 1.000 1.000
score MIXED_HREF_CASE 1.000 1.000 1.000 1.000
score MIXED_IMG_CASE 2.999 1.509 2.999 1.509
score MIXED_HREF_CASE 1.000 0.487 1.000 0.487
score MIXED_IMG_CASE 1.000 2.274 1.000 2.274
score MONERO_DEADLINE 1.000 1.000 1.000 1.000
score MONERO_EXTORT_01 1.000 1.000 1.000 1.000
score MONERO_MALWARE 1.000 1.000 1.000 1.000
score MONERO_PAY_ME 1.000 1.000 1.000 1.000
score MONEY_ATM_CARD 1.799 2.899 1.799 2.899
score MONEY_ATM_CARD 0.001 0.001 0.001 0.001
score MONEY_BARRISTER 0.001 0.480 0.001 0.480
score MONEY_FORM 0.001 0.001 0.001 0.001
score MONEY_FORM_SHORT 2.499 2.499 2.499 2.499
score MONEY_FRAUD_3 2.472 2.599 2.472 2.599
score MONEY_FRAUD_5 0.001 0.001 0.001 0.001
score MONEY_FRAUD_8 0.039 0.001 0.039 0.001
score MONEY_FREEMAIL_REPTO 3.000 2.379 3.000 2.379
score MONEY_FROM_41 1.999 0.840 1.999 0.840
score MONEY_FROM_MISSP 0.001 0.001 0.001 0.001
score MONEY_FORM_SHORT 2.499 1.078 2.499 1.078
score MONEY_FRAUD_3 2.573 1.185 2.573 1.185
score MONEY_FRAUD_5 2.503 1.406 2.503 1.406
score MONEY_FRAUD_8 1.240 2.037 1.240 2.037
score MONEY_FREEMAIL_REPTO 2.999 1.109 2.999 1.109
score MONEY_FROM_MISSP 1.322 0.001 1.322 0.001
score MSGID_DOLLARS_URI_IMG 1.000 1.000 1.000 1.000
score MSGID_HDR_MALF 1.000 1.000 1.000 1.000
score MSMAIL_PRI_ABNORMAL 1.499 0.912 1.499 0.912
score MSMAIL_PRI_ABNORMAL 0.209 1.067 0.209 1.067
score MSM_PRIO_REPTO 1.000 1.000 1.000 1.000
score NAME_EMAIL_DIFF 1.729 0.001 1.729 0.001
score NA_DOLLARS 1.281 1.499 1.281 1.499
score NA_DOLLARS 1.499 1.499 1.499 1.499
score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 1.000 1.000 1.000
score NEW_PRODUCTS 1.000 1.000 1.000 1.000
score NICE_REPLY_A -0.001 -0.257 -0.001 -0.257
score NICE_REPLY_A -0.001 -0.001 -0.001 -0.001
score NORDNS_LOW_CONTRAST 0.001 1.152 0.001 1.152
score NO_FM_NAME_IP_HOSTN 0.001 0.001 0.001 0.001
score NSL_RCVD_FROM_USER 0.001 0.001 0.001 0.001
score NSL_RCVD_HELO_USER 0.001 0.001 0.001 0.001
score NUMBERONLY_BITCOIN_EXP 0.001 1.228 0.001 1.228
score OBFU_BITCOIN 0.001 0.001 0.001 0.001
score OBFU_TEXT_ATTACH 0.569 1.444 0.569 1.444
score ODD_FREEM_REPTO 3.000 2.532 3.000 2.532
score PDS_BAD_THREAD_QP_64 0.001 0.180 0.001 0.180
score PDS_BTC_ID 0.500 0.318 0.500 0.318
score NSL_RCVD_HELO_USER 0.001 2.259 0.001 2.259
score NUMBERONLY_BITCOIN_EXP 1.999 1.999 1.999 1.999
score OBFU_BITCOIN 1.000 1.000 1.000 1.000
score OBFU_TEXT_ATTACH 0.046 0.898 0.046 0.898
score ODD_FREEM_REPTO 2.999 2.557 2.999 2.557
score PDS_BAD_THREAD_QP_64 0.001 0.001 0.001 0.001
score PDS_BTC_ID 0.499 0.292 0.499 0.292
score PDS_BTC_MSGID 0.001 0.001 0.001 0.001
score PDS_BTC_NTLD 0.515 0.554 0.515 0.554
score PDS_BTC_NTLD 0.789 0.027 0.789 0.027
score PDS_DBL_URL_TNB_RUNON 1.999 1.000 1.999 1.000
score PDS_FROM_2_EMAILS 1.268 1.923 1.268 1.923
score PDS_HELO_SPF_FAIL 0.001 1.000 0.001 1.000
score PDS_NAKED_TO_NUMERO 1.999 1.999 1.999 1.999
score PDS_NO_FULL_NAME_SPOOFED_URL 0.750 0.750 0.750 0.750
score PDS_OTHER_BAD_TLD 1.999 1.999 1.999 1.999
score PDS_RDNS_DYNAMIC_FP 0.001 0.001 0.001 0.001
score PDS_EMPTYSUBJ_URISHRT 1.477 1.419 1.477 1.419
score PDS_FROM_2_EMAILS_SHRTNER 0.605 1.445 0.605 1.445
score PDS_HELO_SPF_FAIL 0.001 1.999 0.001 1.999
score PDS_NAKED_TO_NUMERO 1.996 1.149 1.996 1.149
score PDS_NO_FULL_NAME_SPOOFED_URL 0.749 0.749 0.749 0.749
score PDS_PHP_EVAL 1.000 1.499 1.000 1.499
score PDS_RDNS_DYNAMIC_FP 0.001 0.010 0.001 0.010
score PDS_SHORT_SPOOFED_URL 1.999 1.999 1.999 1.999
score PDS_TINYSUBJ_URISHRT 1.000 1.000 1.000 1.000
score PDS_TINYSUBJ_URISHRT 1.499 1.356 1.499 1.356
score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.000 1.000 1.000 1.000
score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.999 0.999 0.999 0.999
score PHISH_AZURE_CLOUDAPP 3.500 3.500 3.500 3.500
score PHISH_FBASEAPP 1.000 1.000 1.000 1.000
score PHP_NOVER_MUA 1.000 1.000 1.000 1.000
score PHP_ORIG_SCRIPT 2.499 2.491 2.499 2.491
score PHP_SCRIPT 2.499 2.352 2.499 2.352
score PHP_ORIG_SCRIPT 2.347 1.351 2.347 1.351
score PHP_ORIG_SCRIPT_EVAL 1.000 2.999 1.000 2.999
score PHP_SCRIPT 2.499 2.398 2.499 2.398
score PHP_SCRIPT_MUA 1.000 1.000 1.000 1.000
score POSSIBLE_GMAIL_PHISHER 1.382 0.694 1.382 0.694
score PP_MIME_FAKE_ASCII_TEXT 0.999 0.001 0.999 0.001
score PP_TOO_MUCH_UNICODE02 0.500 0.500 0.500 0.500
score PP_TOO_MUCH_UNICODE05 1.000 1.000 1.000 1.000
@ -286,23 +285,12 @@ score PUMPDUMP_MULTI 1.000 1.000 1.000 1.000
score RAND_HEADER_LIST_SPOOF 1.000 1.000 1.000 1.000
score RAND_HEADER_MANY 1.000 1.000 1.000 1.000
score RAND_MKTG_HEADER 1.999 1.999 1.999 1.999
score RATWARE_NO_RDNS 0.001 0.001 0.001 0.001
score RATWARE_NO_RDNS 0.001 1.897 0.001 1.897
score RCVD_DOTEDU_SHORT 1.000 1.000 1.000 1.000
score RCVD_DOTEDU_SUSP_URI 1.000 1.000 1.000 1.000
score RCVD_IN_MSPIKE_BL 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_H2 0.001 -0.001 0.001 -0.001
score RCVD_IN_MSPIKE_H3 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_H4 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_H5 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_L2 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_L3 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_L4 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_L5 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_WL 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_ZBI 0.001 0.001 0.001 0.001
score RDNS_NUM_TLD_ATCHNX 1.000 1.000 1.000 1.000
score RDNS_NUM_TLD_XM 1.000 1.000 1.000 1.000
score READY_TO_SHIP 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_AOL 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_AOL_LOOSE 1.000 1.000 1.000 1.000
@ -318,91 +306,86 @@ score REPTO_419_FRAUD_YH_LOOSE 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_YJ 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_YN 1.000 1.000 1.000 1.000
score REPTO_INFONUMSCOM 1.000 1.000 1.000 1.000
score RISK_FREE 0.001 0.001 0.001 0.001
score SCC_CANSPAM_2 2.700 0.631 2.700 0.631
score SCC_ISEMM_LID_1 1.000 1.000 1.000 1.000
score SCC_ISEMM_LID_1A 3.301 3.499 3.301 3.499
score SCC_ISEMM_LID_1B 1.499 1.499 1.499 1.499
score SENDGRID_REDIR 1.499 1.062 1.499 1.062
score SENDGRID_REDIR 1.499 1.068 1.499 1.068
score SENDGRID_REDIR_PHISH 1.000 1.000 1.000 1.000
score SEO_SUSP_NTLD 1.000 1.000 1.000 1.000
score SERGIO_SUBJECT_VIAGRA01 3.135 1.313 3.135 1.313
score SHOPIFY_IMG_NOT_RCVD_SFY 2.038 2.499 2.038 2.499
score SHORTENER_SHORT_IMG 1.045 1.296 1.045 1.296
score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 2.298 2.499 2.298
score SHORTENER_SHORT_IMG 1.000 1.000 1.000 1.000
score SHORT_IMG_SUSP_NTLD 1.000 1.000 1.000 1.000
score SHORT_SHORTNER 1.999 1.999 1.999 1.999
score SHORT_SHORTNER 1.999 1.108 1.999 1.108
score SPOOFED_FREEMAIL 0.001 0.001 0.001 0.001
score SPOOFED_FREEMAIL_NO_RDNS 0.001 0.001 0.001 0.001
score SPOOFED_FREEM_REPTO 0.001 0.502 0.001 0.502
score SPOOFED_FREEM_REPTO_CHN 0.001 1.000 0.001 1.000
score SPOOFED_FREEM_REPTO 0.001 2.499 0.001 2.499
score SPOOFED_FREEM_REPTO_CHN 0.001 1.215 0.001 1.215
score SPOOFED_FREEM_REPTO_RUS 0.001 1.000 0.001 1.000
score SPOOF_GMAIL_MID 1.499 0.001 1.499 0.001
score STATIC_XPRIO_OLE 0.001 0.001 0.001 0.001
score STATIC_XPRIO_OLE 0.001 1.865 0.001 1.865
score STOCK_TIP 1.000 1.000 1.000 1.000
score SUBJ_ATTENTION 0.499 0.499 0.499 0.499
score STOX_BOUND_090909_B 1.674 0.001 1.674 0.001
score SUBJ_BRKN_WORDNUMS 1.000 1.000 1.000 1.000
score SURBL_BLOCKED 0.001 0.001 0.001 0.001
score SUSP_UTF8_WORD_SUBJ 2.000 0.367 2.000 0.367
score SUSP_UTF8_WORD_SUBJ 2.000 1.999 2.000 1.999
score SYSADMIN 1.000 1.000 1.000 1.000
score TAGSTAT_IMG_NOT_RCVD_TGST 1.000 1.000 1.000 1.000
score TARINGANET_IMG_NOT_RCVD_TN 1.000 1.000 1.000 1.000
score THIS_AD 1.899 1.799 1.899 1.799
score THIS_AD 2.400 1.262 2.400 1.262
score THIS_IS_ADV_SUSP_NTLD 1.000 1.000 1.000 1.000
score TONLINE_FAKE_DKIM 1.000 1.000 1.000 1.000
score TONOM_EQ_TOLOC_SHRT_SHRTNER 0.001 0.001 0.001 0.001
score TO_EQ_FM_DIRECT_MX 1.000 1.000 1.000 1.000
score TO_EQ_FM_DOM_SPF_FAIL 0.001 0.001 0.001 0.001
score TO_EQ_FM_SPF_FAIL 0.001 0.001 0.001 0.001
score TO_IN_SUBJ 0.100 0.100 0.100 0.100
score TO_NAME_SUBJ_NO_RDNS 1.000 1.000 1.000 1.000
score TO_NAME_SUBJ_NO_RDNS 2.605 0.950 2.605 0.950
score TO_NO_BRKTS_FROM_MSSP 2.499 2.499 2.499 2.499
score TO_NO_BRKTS_HTML_IMG 1.999 1.999 1.999 1.999
score TO_NO_BRKTS_HTML_ONLY 1.999 1.999 1.999 1.999
score TO_NO_BRKTS_MSFT 0.001 0.001 0.001 0.001
score TO_NO_BRKTS_NORDNS_HTML 2.000 1.999 2.000 1.999
score TO_NO_BRKTS_HTML_ONLY 2.000 1.999 2.000 1.999
score TO_NO_BRKTS_MSFT 0.001 0.546 0.001 0.546
score TO_NO_BRKTS_NORDNS_HTML 1.999 1.370 1.999 1.370
score TO_NO_BRKTS_PCNT 2.499 2.500 2.499 2.500
score TVD_RCVD_SPACE_BRACKET 0.126 0.557 0.126 0.557
score TVD_SPACE_ENCODED 2.046 0.001 2.046 0.001
score TVD_SPACE_RATIO_MINFP 0.796 0.001 0.796 0.001
score TVD_PH_7 2.199 2.299 2.199 2.299
score TVD_SUBJ_APPR_LOAN 0.001 2.200 0.001 2.200
score TW_GIBBERISH_MANY 1.000 1.000 1.000 1.000
score UC_GIBBERISH_OBFU 1.000 1.000 1.000 1.000
score UNDISC_FREEM 2.899 2.799 2.899 2.799
score UNDISC_MONEY 3.299 3.200 3.299 3.200
score UNICODE_OBFU_ASC 2.499 2.499 2.499 2.499
score UNDISC_FREEM 2.999 2.899 2.999 2.899
score UNDISC_MONEY 2.748 1.979 2.748 1.979
score UNICODE_OBFU_ASC 1.000 2.499 1.000 2.499
score UNICODE_OBFU_ZW 1.000 1.000 1.000 1.000
score UNSUB_GOOG_FORM 1.000 1.000 1.000 1.000
score URI_ADOBESPARK 1.000 1.000 1.000 1.000
score URI_AZURE_CLOUDAPP 1.000 1.000 1.000 1.000
score URI_DASHGOVEDU 1.000 1.000 1.000 1.000
score URI_DATA 1.000 1.000 1.000 1.000
score URI_DOTEDU 1.999 1.265 1.999 1.265
score URI_DOTEDU 1.000 1.678 1.000 1.678
score URI_DOTEDU_ENTITY 1.000 1.000 1.000 1.000
score URI_FIREBASEAPP 1.000 1.000 1.000 1.000
score URI_GOOGLE_PROXY 2.199 2.199 2.199 2.199
score URI_GOOGLE_PROXY 1.799 1.599 1.799 1.599
score URI_GOOG_STO_SPAMMY 3.000 3.000 3.000 3.000
score URI_HEX_IP 1.000 1.000 1.000 1.000
score URI_IMG_WP_REDIR 1.000 1.000 1.000 1.000
score URI_LONG_REPEAT 1.000 1.000 1.000 1.000
score URI_OBFU_DOM 2.499 2.500 2.499 2.500
score URI_ONLY_MSGID_MALF 0.001 1.000 0.001 1.000
score URI_OPTOUT_3LD 1.000 1.000 1.000 1.000
score URI_PHISH 3.999 3.699 3.999 3.699
score URI_ONLY_MSGID_MALF 1.000 1.000 1.000 1.000
score URI_OPTOUT_3LD 1.000 2.000 1.000 2.000
score URI_PHISH 3.999 3.627 3.999 3.627
score URI_PHP_REDIR 1.000 1.000 1.000 1.000
score URI_TRY_3LD 1.948 0.378 1.948 0.378
score URI_TRY_3LD 1.999 1.667 1.999 1.667
score URI_TRY_USME 1.000 1.000 1.000 1.000
score URI_WPADMIN 1.686 2.199 1.686 2.199
score URI_WPADMIN 0.001 2.299 0.001 2.299
score URI_WP_DIRINDEX 1.000 1.000 1.000 1.000
score URI_WP_HACKED 1.686 3.499 1.686 3.499
score URI_WP_HACKED 3.500 3.499 3.500 3.499
score URI_WP_HACKED_2 2.499 2.499 2.499 2.499
score USB_DRIVES 1.000 1.000 1.000 1.000
score VFY_ACCT_NORDNS 2.528 1.970 2.528 1.970
score VFY_ACCT_NORDNS 2.622 2.999 2.622 2.999
score VPS_NO_NTLD 1.000 1.000 1.000 1.000
score WALMART_IMG_NOT_RCVD_WAL 1.000 1.000 1.000 1.000
score WORD_INVIS 0.544 0.001 0.544 0.001
score WORD_INVIS_MANY 2.999 2.999 2.999 2.999
score XFER_LOTSA_MONEY 0.999 0.001 0.999 0.001
score WORD_INVIS 1.576 0.504 1.576 0.504
score WORD_INVIS_MANY 3.000 2.999 3.000 2.999
score XFER_LOTSA_MONEY 0.541 0.498 0.541 0.498
score XM_DIGITS_ONLY 1.000 1.000 1.000 1.000
score XM_RANDOM 1.799 0.001 1.799 0.001
score XPRIO 1.104 0.001 1.104 0.001
score XPRIO_SHORT_SUBJ 1.170 2.499 1.170 2.499
score XPRIO_URL_SHORTNER 0.999 0.999 0.999 0.999
score YOU_INHERIT 1.606 2.237 1.606 2.237
score XM_RANDOM 1.352 2.302 1.352 2.302
score XM_RECPTID 2.999 1.602 2.999 1.602
score XPRIO 0.397 0.001 0.397 0.001
score XPRIO_SHORT_SUBJ 1.000 1.000 1.000 1.000
score XPRIO_URL_SHORTNER 0.523 0.999 0.523 0.999
score YOU_INHERIT 0.926 1.345 0.926 1.345

2
sa-updates/73_sandbox_manual_scores.cf
View File

@ -22,7 +22,7 @@
#
###########################################################################
require_version 3.004006
require_version 4.000000
# jhardin
# things depend on these