update to 3.4.2, bump version to 3.4.2-1

KAM.cf

@@ -1,12 +1,23 @@
 #KAM.cf - SpamAssassin Rules
-#
+
 #Author: Kevin A. McGrail with contributions from Joe Quinn & Karsten Bräckelmann
-#
+
 #Email: Kevin.McGrail@McGrail.com - NOTE: Questions about spam are best submitted
 #       at https://raptor.pccc.com/raptor.cgim?template=report_problem
+
+#HomePage: http://www.mcgrail.com/downloads/KAM.cf
+
+#2018-06-20: We will be moving KAM.cf over to a non-profit to allow for it to
+#            continue being maintained.  It will continue being ASLv2 licensed
+#            but we are soliciting donations to help fund the development.
+#            
+#            As a 501(c)(3), all donations are tax deductible to the extent
+#            permissible by law.
 #
-#HomePage: http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
-#
+#            Sponsors gifting $5,000USD or greater per year will be thanked 
+#            in this file and on our website.
+
+
 #This is a collection of special rules that I have developed and use on my system.
 #
 #The exact date is lost to the sands of time but we have been publishing this 
@@ -16,7 +27,7 @@
 #often rely on my corpora so they do not fair well in masschecks.
 #
 #You are welcome and encouraged to email me directly regarding suggestions.
-#
+
 #To avoid being caught by our filters, False positives and negatives should be
 #submitted to https://raptor.pccc.com/raptor.cgim?template=report_problem
 #
@@ -24,8 +35,8 @@
 #do my best to respond to FPs *especially* if you can send me an email sample.
 #
 #This cf file is designed for systems with a threshold of 5.0 or higher.  
-#
-#
+
+
 #It is best to save an email sample in mbox format and zip it to attach to get 
 #around my filters.  It is sometimes best to send samples in a second email so I
 #know to go looking for it in my spam folders.
@@ -38,12 +49,12 @@
 # - Some content needs to be blocked either due to large number of complaints or
 #    for content.  For example, the sexually explicit items and the stock tips.  
 #    FPs in these rules will be quickly addressed.
-#
+
 #For a free anti-spam consultation, fill out the form at the following URL:
 #https://raptor.pccc.com/free_spam_consultation.cgim
 
 #
-#Copyright (c) 2018 Kevin A. McGrail
+#Copyright (c) 2018 Kevin A. McGrail and the McGrail Foundation
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
@@ -1730,19 +1741,15 @@ meta		KAM_MXINFO		(__KAM_MX5)
 score		KAM_MXINFO		1.0
 describe	KAM_MXINFO		MX Record and dot info domains associated with FAKERBL Spammers
 
+#BAD NAMES 
+body            __KAM_BADNAME1          /CocoMedia|CMI Free Stuff|Vista Del Mar Productions|by SuperClub|Buil tech Services|eMarketing Alliance|aSHARPi Media|Satell Center for Executive Education|Pacific Shores Investments|R. Allen Media|The Only Virginia Team|Ban Amnesty Now|Intrust Domains|New Heights Development and Research|Red Base Interactive|RateMarketplace|WORLD COMPANY REGISTER|Mobie Concepts, Inc.|Clickingz IT Research Lab|Leadz[,\.].?Co|Pimsleur Approach|Business Who's Who|Who's Who Among Executives|Buena Vista Catalogue|Ashray Medical Center|Bethany Christian Services|Preston Energy|SteelCityAds|Beyond Human, LLC|Research Promo Center|OmegaK, Inc|Momentum.Ads|Dove Lighting Co|BrandRoot SEO|Team TPW|WEB ANALYTICS MEDIA LLC/i
 
-#BAD ADDRESS / COMPANY NAMES 
-#FINISHED URL CLEANUP BUT MOST URLS MOVED TO PCCC URIBL
-body            __KAM_ADDRESS1          /204 N. El Camino Real|CocoMedia|17 Patchogue Road|1128-274 Royal Palm Beach|(848|500) N. Rainbow Dr. Ste \#?(2511|300)|CMI Free Stuff|Vista Del Mar Productions|by SuperClub|Buil tech Services|eMarketing Alliance|aSHARPi Media|Plaza Neptuno|Satell Center for Executive Education|Pacific Shores Investments|R. Allen Media|The Only Virginia Team|Ban Amnesty Now|Intrust Domains|8001 Irvine Center Dr|American Arbitration Association, 1633 Broadway|\+962 79 668 2974|7025 County Rd. 46A|1001 E.Hillsdale Blvd|New Heights Development and Research|Red Base Interactive|RateMarketplace|WORLD COMPANY REGISTER|WhatsApp Inc|Streetdirectory Pte Ltd|4399 Church Street, Brooklyn|Mobie Concepts, Inc.|Clickingz IT Research Lab|Leadz[,\.].?Co|DLF Cyber City Gurgaon India|4447 N Central Expressway, Office \#110|5401 Hangar Court|Pimsleur Approach|1600 JFK Boulevard, 3rd|Business Who's Who|Who's Who Among Executives|Buena Vista Catalogue|10620 Southern Highlands|Ashray Medical Center|Bethany Christian Services|Ashland.Avenue.{0,4}95761|Preston Energy|SteelCityAds|Beyond Human, LLC|Research Promo Center|OmegaK, Inc|320 S. Lemon Blvd \# 1803|1063 (suite.)?([\#\d]+.)?King St|8 White Ln. Mansfield|Momentum.Ads|PO Box 29502 \#24912 Las Vegas|2383.Mystic Dr..Sarasota.FL|1107 Valeria Dr, Marion|321 N Central Expressway Suite 341|PO Box 540488 Houston|Post Office Box 4668 NY|9100 Wilshire Blvd. East Tower Penthouse|Headquarters, 18 True Tower Building|111 Customer Way, Irving|B a y t o w n, TX|adilizer..?com Post.Office.Box 540488|353 Chadwick Pl Fairborn|PO.?Box.295[O0]2.Las.?Vegas|1103 St. Michel|Suite 115-243, San Diego|100 E. Campus View|(3.?2.?0.?5|three two zero five)..?L.?a.?k.?e.S.?a.?r.?a.?h|100 RITCHIE ROAD|M i n n e s o t a|3801 D..?o..?w..?n..?s..?W..?a..?y|515 Oaklane McPherson|74.Lancaster..?RD|202.Albion|One Kimeric Ln|302 Washington St|One.One.Eight.Jason.Ln|PO.Box.227.Moran|V a l e r i a|Dove Lighting Co|BrandRoot SEO|Team TPW|WEB ANALYTICS MEDIA LLC|Scott Walker Inc. Testing the Waters|CARLY for America|Scott Walker for America|Jeb 2016, Inc/i
-
-header		__KAM_ADDRESS2		From =~ /CMI Free Stuff|Vista Del Mar Productions|Buil tech Services|eMarketing Alliance|aSHARPi Media|Plaza Neptuno|Satell Center for Executive Education|Pacific Shores Investments|rx ?unit|R. Allen Media|The Only Virginia Team|Intrust Domains|American Arbitration Association|Rate\.?Marketplace|Health.Quote.Direct|Pimsleur|Ethika Politika|Disney Movie Club/i
+header		__KAM_BADNAME2		From =~ /CMI Free Stuff|Vista Del Mar Productions|Buil tech Services|eMarketing Alliance|aSHARPi Media|Plaza Neptuno|Satell Center for Executive Education|Pacific Shores Investments|rx ?unit|R. Allen Media|The Only Virginia Team|Intrust Domains|American Arbitration Association|Rate\.?Marketplace|Health.Quote.Direct|Pimsleur|Ethika Politika|Disney Movie Club/i
 
 meta            KAM_ADDRESS             (__KAM_ADDRESS1 + __KAM_ADDRESS2 >= 1)
-score           KAM_ADDRESS             13.0
+score           KAM_ADDRESS             6.0
 describe        KAM_ADDRESS             Addresses and Companies prevalent in spams
 
-# END SPAMMING COMPANIES
-
 #GRASS SEED
 header          __KAM_GRASS1  	From =~ /(Patch|Perfect|Lawn)/i
 header		__KAM_GRASS2	Subject =~ /rich beautiful lawn|grow grass|grass seed on steroids/i
@@ -2762,7 +2769,7 @@ score           KAM_PAYPAL2     8.0
 
 #PAYPAL PHISH
 header          __KAM_PAYPAL3A  From =~ /paypal/i
-header          __KAM_PAYPAL3B  From !~ /paypal.com>?$/i
+header          __KAM_PAYPAL3B  From !~ /paypal.com(\.au)?>?$/i
 header          __KAM_PAYPAL3C  Subject =~ /your.paypal.account/i
 body            __KAM_PAYPAL3D  /security.process|more.information|has.limitation|verify.your.information/i
 
@@ -5102,7 +5109,7 @@ describe KAM_OBFU_LOANS	Obfuscated Loan Verbiage
 body	__KAM_WORKFROMHOME1	/work from home/i
 
 meta	KAM_WORKFROMHOME	(KAM_SHORT + __KAM_WORKFROMHOME1 >= 2)
-score	KAM_WORKFROMHOME	2.5
+score	KAM_WORKFROMHOME	1.75
 describe KAM_WORKFROMHOME	Work from Home Spams
 
 #STUDENT LOAN
@@ -5368,10 +5375,10 @@ header  	KAM_MGCS	Content-Type =~ /\+\-\+\-\+\-MGCS\-\+\-\+\-\+/i
 score   	KAM_MGCS	10.0
 describe	KAM_MGCS	Boundary Content Indicative of Ratware
 
-#NetWeaver
-header		KAM_NW		X-Mailer =~ /SAP NetWeaver/i
-score		KAM_NW		2.75
-describe	KAM_NW		Spam Indicator
+#NetWeaver - Disabled 7/24
+#header		KAM_NW		X-Mailer =~ /SAP NetWeaver/i
+#score		KAM_NW		2.75
+#describe	KAM_NW		Spam Indicator
 
 #STOCKTIP OBFU
 body		__KAM_STOCKOBFU1	/make up the \d letter symbol/i
@@ -5441,7 +5448,7 @@ meta KB_WAM_LONELY_WOMEN    (__KB_WAM_FROM_NAME_SINGLEWORD + __KB_WAM_SUBJECT_HE
 score KB_WAM_LONELY_WOMEN   5.0
 describe KB_WAM_LONELY_WOMEN  Lonely Women Scam of the Day
 
-body __KB_WAM_LONELY_WOMEN_PHRASE_01 /\b(I am missing you all the time|I am waiting for your answer|I send you my tender love|I would really like to know you)\b/i
+body __KB_WAM_LONELY_WOMEN_PHRASE_01 /\b(I am missing you all the time|I am waiting for your answer|I send you my tender love|I would really like to know you|quest of love|I am lonely and tired)\b/i
 
 #meta KB_WAM_OVERLAP  ( KAM_HOWRU && KB_WAM_LONELY_WOMEN )
 #score KB_WAM_OVERLAP  -0.01
@@ -5506,13 +5513,13 @@ describe	KAM_WU		Western Union Scam
 score		KAM_WU		5.0
 
 #WEB CRIMINALS
-body		__KAM_CRIM1	/(group|team) of (hackers|web criminals)|(erase|eliminate|destroy) (the|this) (videotape|evidence|promising evidence)|complain to (the )?(cops|police)/i
+body		__KAM_CRIM1	/(group|team) of (hackers|web criminals)|(erase|eliminate|destroy|delete) (the|this) (compromising|promising)? ?(videotape|evidence|evidence)|complain to (the )?(cops|police)|malware on the web/i
   #Different encodngs
 body		__KAM_CRIM2	/(bitсoin|bitcoin|BTC|bitcоi)/
-body		__KAM_CRIM3	/make a payment|deliver dispatch|have to pay|finish a transaction|transfer me \d+ euro|use my bitcoin|BTC (wallet|cryptocurrency)|bitсoin wаllеt/i
+body		__KAM_CRIM3	/make a payment|deliver dispatch|have to pay|finish a transaction|transfer me \d+ euro|use my bitcoin|BTC (wallet|cryptocurrency)|bitсoin wаllе|complete the transaction/i
 body		__KAM_CRIM4	/erotica|porn|promising evidence|video|masturb|playing with yourself|wanking/i
-body		__KAM_CRIM5	/(twenty.?four|24).?hours|(24|32|30|12) h\. (since|from) (now|this moment)|one day after opening|tracking pixel/i
-header		__KAM_CRIM6	Subject =~ /remember.the.lesson|reputation.is.at.stake|we can be silent|very interesting content|compromising video|hide your camera/i
+body		__KAM_CRIM5	/(twenty.?four|24).?hours|(24|32|30|12) ?h\. (since|from) (now|this moment)|one day after opening|tracking pixel|(24|32|30|12) ?h after you open this letter/i
+header		__KAM_CRIM6	Subject =~ /remember.the.lesson|reputation.is.at.stake|we can be silent|very interesting content|compromising video|hide your camera|you are my vic.im|visit the police/i
 
 meta		KAM_CRIM	(__KAM_CRIM1 + __KAM_CRIM2 + __KAM_CRIM3 + __KAM_CRIM4 + __KAM_CRIM5 + __KAM_CRIM6 >= 4)
 describe	KAM_CRIM	Extortion Email
@@ -5533,4 +5540,43 @@ meta		KAM_SKINCELL	(__KAM_SKINCELL1 + __KAM_SKINCELL2 >= 1)
 describe	KAM_SKINCELL	Skincare Scam du Jour
 score		KAM_SKINCELL	7.0
 
+#UK INVOICE - Thanks to Andy Smith for his help on this
+uri		__KAM_UKINV1	/\/(client|share|documentview)$/i
+body		__KAM_UKINV2	/View (and pay )?(scan|invoice)/i
+body		__KAM_UKINV3	/INV-\d+|Check out what .{4,30} shared with you/i
+body		__KAM_UKINV4	/£/i
+header		__KAM_UKINV5	Subject =~ /(invoice INV-\d+|wants to share scan)/i
+header		__KAM_UKINV6	Subject =~ /invoice/i
+
+meta		KAM_UKINV	(__KAM_UKINV1 + __KAM_UKINV2 + __KAM_UKINV3 + __KAM_UKINV4 + __KAM_UKINV5 >= 4) || (__KAM_UKINV1 + __KAM_UKINV2 + __KAM_UKINV3 + __KAM_UKINV4 + __KAM_UKINV6 + HTML_TITLE_SUBJ_DIFF && HTML_OBFUSCATE_10_20 >= 6)
+describe	KAM_UKINV	Fake Invoice/Scan Scams
+score		KAM_UKINV	5.5
+
+#LIST SELLERS
+body		__KAM_LISTSALE1 /interested in acquiring/i
+body            __KAM_LISTSALE2 /contact list|list of customers|list of decision makers|list for marketing/i
+body            __KAM_LISTSALE3 /share counts and samples|send focused campaigns|compiled a dataset/i
+
+header		__KAM_LISTSALE4 Subject =~ /users|leads/i
+header		__KAM_LISTSALE5 From =~ /leads/i
+
+meta		KAM_LISTSALE	(__KAM_LISTSALE1 + __KAM_LISTSALE2 + __KAM_LISTSALE3 >=2) && (__KAM_LISTSALE4 + __KAM_LISTSALE5 >= 1)
+describe	KAM_LISTSALE	List sellers
+score		KAM_LISTSALE	5.0
+
+#Google Short?
+uri		KAM_GOOGLESHORT	/\/www.google.com\/url\?q=.{4,16}bit\.ly/i
+describe	KAM_GOOGLESHORT	Obfuscated links using Google and URL Shorteners
+score		KAM_GOOGLESHORT	9.0
+
+#HEART ATTACK SPAM
+body            __KAM_HEARTPROD1 /heart ?attack/i
+body            __KAM_HEARTPROD2 /enzyme/i
+header          __KAM_HEARTPROD3 Subject =~ /heart attack|healthy.{4,10}cells/i
+header          __KAM_HEARTPROD4 From =~ /clear 7/i
+
+meta            KAM_HEARTPROD    (__KAM_HEARTPROD1 + __KAM_HEARTPROD2 + __KAM_HEARTPROD3 + __KAM_HEARTPROD4 >= 4)
+describe        KAM_HEARTPROD    Snake Oil Heart Health du Jour
+score           KAM_HEARTPROD    7.0
+
 #EOF

Makefile

@@ -2,7 +2,7 @@
 # edit paths ($srcdir) in changes.pl 
 # update changes.diff - verify changes!
 
-# dig  -t any 1.4.3.updates.spamassassin.org
+# dig  -t any 2.4.3.updates.spamassassin.org
 # wget http://spamassassin.kluge.net/updates/501214.tar.gz
 # wget http://spamassassin.kluge.net/updates/501214.tar.gz.asc
 # gpg --verify 501214.tar.gz.asc 501214.tar.gz
@@ -16,8 +16,8 @@
 #
 # edit debin/rules to apply updates
 
-PKGREL=55
-SAVER=3.4.1
+PKGREL=1
+SAVER=3.4.2
 OPKGNAME = Mail-SpamAssassin-${SAVER}
 NPKGNAME = proxmox-spamassassin_${SAVER}
 DEB = proxmox-spamassassin_${SAVER}-${PKGREL}_amd64.deb

debian/changelog

@@ -1,3 +1,13 @@
+proxmox-spamassassin (3.4.2-1) unstable; urgency=medium
+
+  * update to version 3.4.2
+
+  * update ruleset
+
+  * update KAM.cf
+  
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 17 Sep 2018 06:35:23 +0200
+
 proxmox-spamassassin (3.4.1-55) unstable; urgency=medium
 
   * update ruleset

debian/patches/series

@@ -1,6 +1 @@
 disable-dkim.patch
-bug_835494_perl_INC
-bug_760277_net_dns_URIDNSBL
-bug_821385_dnsresolver
-dkim_subdomains
-fix-uninitialized-concat