mirror of
https://git.proxmox.com/git/proxmox-spamassassin
synced 2025-04-28 12:19:37 +00:00
112 lines
5.2 KiB
CFEngine3
112 lines
5.2 KiB
CFEngine3
# SpamAssassin rules file: Image information tests
|
|
#
|
|
# Please don't modify this file as your changes will be overwritten with
|
|
# the next update. Use /etc/mail/spamassassin/local.cf instead.
|
|
# See 'perldoc Mail::SpamAssassin::Conf' for details.
|
|
#
|
|
# <@LICENSE>
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to you under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at:
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
# </@LICENSE>
|
|
#
|
|
###########################################################################
|
|
|
|
ifplugin Mail::SpamAssassin::Plugin::ImageInfo
|
|
|
|
## # you can match by image name
|
|
## body DC_IMAGE001_GIF eval:image_named('image001.gif')
|
|
## describe DC_IMAGE001_GIF Contains image named image001.gif
|
|
|
|
## # you can do exact image size matches
|
|
## body DC_GIF_264_127 eval:image_size_exact('gif','264','127')
|
|
## describe DC_GIF_264_127 Found 264x127 pixel gif, possible pillz
|
|
|
|
# you can do image to text, or image to html ratios
|
|
rawbody __DC_IMG_HTML_RATIO eval:image_to_text_ratio('all', '0.000', '0.015')
|
|
describe __DC_IMG_HTML_RATIO Low rawbody to pixel area ratio
|
|
|
|
body __DC_IMG_TEXT_RATIO eval:image_to_text_ratio('all', '0.000', '0.008')
|
|
describe __DC_IMG_TEXT_RATIO Low body to pixel area ratio
|
|
|
|
# body DC_GIF_TEXT_RATIO eval:image_to_text_ratio('gif',0.000, 0.008)
|
|
# describe DC_GIF_TEXT_RATIO Low body to GIF pixel area ratio
|
|
|
|
# rawbody DC_GIF_HTML_RATIO eval:image_to_text_ratio('gif',0.000, 0.008)
|
|
# describe DC_GIF_HTML_RATIO Low rawbody to GIF pixel area ratio
|
|
|
|
# using exact size match to identify things like screenshots
|
|
# body __SCREEN_640x480 eval:image_size_exact('all',800,600)
|
|
# body __SCREEN_800x600 eval:image_size_exact('all',800,600)
|
|
# body __SCREEN_1024x768 eval:image_size_exact('all',1024,768)
|
|
# body __SCREEN_1280x1024 eval:image_size_exact('all',1280,1024)
|
|
# meta DC_SCREENSHOT_JPG ( __SCREEN_640x480 || __SCREEN_800x600 || __SCREEN_1024x768 || __SCREEN_1280x1024 )
|
|
# describe DC_SCREENSHOT_JPG Contains image matching common screen resolution
|
|
# score DC_SCREENSHOT_JPG -0.01
|
|
|
|
# you can do minimum demension matches
|
|
# body DC_GIF_300 eval:image_size_range('gif',300,300)
|
|
# describe DC_GIF_300 Contains a 300x300 pixels gif or larger
|
|
# score DC_GIF_300 0.01
|
|
|
|
# you can do ranged demension matches
|
|
# body DC_JPEG_200_300 eval:image_size_range('gif', 200, 300, 250, 350)
|
|
# describe DC_JPEG_200_300 Contains jpeg 200-250 (high) x 300-350 (wide)
|
|
# score DC_JPEG_200_300 0.01
|
|
|
|
# you can count the number of images (all or by image type)
|
|
body __GIF_ATTACH_1 eval:image_count('gif','1','1')
|
|
body __GIF_ATTACH_2P eval:image_count('gif','2')
|
|
|
|
body __PNG_ATTACH_1 eval:image_count('png','1','1')
|
|
body __PNG_ATTACH_2P eval:image_count('png','2')
|
|
|
|
body __JPEG_ATTACH_1 eval:image_count('jpeg',1,1)
|
|
body __JPEG_ATTACH_2P eval:image_count('jpeg',2)
|
|
|
|
# you can determine pixel coverage (all or by image type)
|
|
body __GIF_AREA_180K eval:pixel_coverage('gif','180000','475000')
|
|
body __PNG_AREA_180K eval:pixel_coverage('png','180000','475000')
|
|
# body __JPEG_AREA_180K eval:pixel_coverage('jpeg',180000,475000)
|
|
|
|
# meta together something useful
|
|
meta DC_GIF_UNO_LARGO ( __GIF_ATTACH_1 && __GIF_AREA_180K )
|
|
describe DC_GIF_UNO_LARGO Message contains a single large gif image
|
|
|
|
meta __DC_GIF_MULTI_LARGO ( __GIF_ATTACH_2P && __GIF_AREA_180K )
|
|
describe __DC_GIF_MULTI_LARGO Message has 2+ inline gif covering lots of area
|
|
|
|
meta DC_PNG_UNO_LARGO ( __PNG_ATTACH_1 && __PNG_AREA_180K )
|
|
describe DC_PNG_UNO_LARGO Message contains a single large png image
|
|
|
|
meta __DC_PNG_MULTI_LARGO ( __PNG_ATTACH_2P && __PNG_AREA_180K )
|
|
describe __DC_PNG_MULTI_LARGO Message has 2+ png images covering lots of area
|
|
|
|
# meta DC_JPEG_UNO_LARGO ( __JPEG_ATTACH_1 && __JPEG_AREA_180K )
|
|
# describe DC_JPEG_UNO_LARGO Message hash single large jpeg image
|
|
|
|
# meta DC_JPEG_MULTI_LARGO ( __JPEG_ATTACH_2P && __JPEG_AREA_180K )
|
|
# describe DC_JPEG_MULTI_LARGO Message has 2+ jpeg images covering lots of area
|
|
|
|
meta DC_IMAGE_SPAM_TEXT ( !__HAS_URI && __DC_IMG_TEXT_RATIO && ( DC_GIF_UNO_LARGO || DC_PNG_UNO_LARGO || __DC_GIF_MULTI_LARGO || __DC_PNG_MULTI_LARGO ))
|
|
describe DC_IMAGE_SPAM_TEXT Possible Image-only spam with little text
|
|
|
|
# meta the stock rules together for HTML_IMAGE_ONLY_*
|
|
meta __HTML_IMG_ONLY ( HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 )
|
|
|
|
meta DC_IMAGE_SPAM_HTML (!__HAS_URI && ( __HTML_IMG_ONLY || __DC_IMG_HTML_RATIO ) && ( DC_GIF_UNO_LARGO || DC_PNG_UNO_LARGO || __DC_GIF_MULTI_LARGO || __DC_PNG_MULTI_LARGO ))
|
|
describe DC_IMAGE_SPAM_HTML Possible Image-only spam
|
|
|
|
endif
|