# for details of what can be tweaked.
#
# do not change the subject
# to change the subject, e.g. use
# rewrite_header Subject ****SPAM(_SCORE_)****
#rewrite_header Subject
# Set the score required before a mail is considered spam.
# required_score 5.00
# uncomment, if you do not want spamassassin to create a new message
# in case of detecting spam
# report_safe 0
# How many hits before a message is considered spam.
required_hits 5.0
# Text to prepend to subject if rewrite_subject is used
rewrite_header subject [*****SPAM*****]
# Encapsulate spam in an attachment
report_safe 1
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
bayes_path /home/spamd/
bayes_file_mode 0666
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_locales all
# Whitelist important senders
#whitelist_from *@xyz.xx
#XtraSize+ Penis Enlargement Scam
header __KAM_SILD1 Subject =~ /Sildenafil Citrate/i
body __KAM_SILD2 /(XtraSize+|Sildenafil Citrate)/i
meta KAM_SILD (__KAM_SILD1 + __KAM_SILD2 >= 1)
describe KAM_SILD Simple rule to block one more enhancement message
score KAM_SILD 5.0
if (version < 3.200000) #HTML_SHORT_LENGTH DEPENDENCY RULE REMOVED FROM SA 3.2.X #KAM NUMBER EMAILS - Thanks to Mark Damrose for the NUMBER3 idea & Jan-Pieter Cornet header __KAM_NUMBER1 Subject =~ /^\d+$/ body __KAM_NUMBER2 /\d{1,6}/ header __KAM_NUMBER3 Message-ID =~ /\<[a-z]{19}\@/i meta KAM_NUMBER ((__KAM_NUMBER1 + __KAM_NUMBER2 + MIME_HTML_ONLY + HTML_SHORT_LENGTH + __KAM_NUMBER3) >= 5)
describe KAM_NUMBER Silly Number Emails
score KAM_NUMBER 1.0
endif
#KAM MEDICATION KAM_OVERPAY
body KAM_OVERPAY /O . V . E . R . P . A . Y/i
describe KAM_OVERPAY Common Medicinal Ad Trick
score KAM_OVERPAY 3.5
#VIAGRA AD
body KAM_VIAGRA1 /[VACLXPSI] [VACLXPSI] [VACLXPSI] [VACLXPSI] [VACLXPSI]/i
describe KAM_VIAGRA1 Common Viagra and Medicinal Table Trick
score KAM_VIAGRA1 3.0
#VIAGRA AD 2
body KAM_VIAGRA2 /(?:Xan|Som|CIA|VAL|VIA|Pro/MedHelp|Amb|Lev|Mer) (?:Xan|Som|CIA|VAL|VIA|Pro|Amb|Lev|Mer) (?:Xan|Som|CIA|VAL|VIA|Pro|Amb|Lev|Mer)/i
describe KAM_VIAGRA2 Common Viagra and Medicinal Table Trick
score KAM_VIAGRA2 3.1
#VIAGRA AD 3
body KAM_VIAGRA3 /(?:Xan|Som|CIA|VAL|VIA|Pro|Amb|Lev|Mer)( \w )(?:ax|lis|ra|ium)/i
describe KAM_VIAGRA3 Common Viagra and Medicinal Table Trick
score KAM_VIAGRA3 3.1
#VIAGRA AD 4
body __KAM_VIAGRA4A /V (. )?A (. )?L (. )?[I\/t] (. )?U (. )?M/i
body __KAM_VIAGRA4B /V (. )?[I\/t] (. )?A (. )?G (. )?R (. )?A/i
body __KAM_VIAGRA4C /M (. )?E (. )?R (. )?[I\/t] (. )?D (. )?[I\/] (. )?A/i
meta KAM_VIAGRA4 ((__KAM_VIAGRA4A + __KAM_VIAGRA4B + __KAM_VIAGRA4C) >= 2)
describe KAM_VIAGRA4 Common Viagra and Medicinal Table Trick
score KAM_VIAGRA4 3.1
#VIAGRA AD 5
body KAM_VIAGRA5 /(V [1li|\]] [a&] G R A|VljAG+R+A)/i
describe KAM_VIAGRA5 Viagra Obfuscation Technique SPAM
score KAM_VIAGRA5 3.1
#VIAGRA AD 6
body __KAM_VIAGRA6A /V.?[IL1].?A.?G.?R.?A/i
body __KAM_VIAGRA6B /A.?M.?B.?[il1].?E.?N/i
body __KAM_VIAGRA6C /V.?A.?L.?[il1].?U.?M/i
body __KAM_VIAGRA6D /C.?[il1].?A.?L.?[Il1].?S($|\b)/i
meta KAM_VIAGRA6 ((__KAM_VIAGRA6A + __KAM_VIAGRA6B + __KAM_VIAGRA6C + __KAM_VIAGRA6D) >= 2)
describe KAM_VIAGRA6 Viagra Obfuscation Technique SPAM
score KAM_VIAGRA6 3.1
#VIAGRA AD 7 - TWEAKING RULE 7B TO PREVENT HITS ON SPECIALIST
body __KAM_VIAGRA7A /V[ij]+AGRA/i
body __KAM_VIAGRA7B /C[ij]+AL[ij]+S($|\b)/i
body __KAM_VIAGRA7C /AMB[ij]+EN/i
body __KAM_VIAGRA7D /VAL[ij]+UM/i
meta KAM_VIAGRA7 ((__KAM_VIAGRA7A + __KAM_VIAGRA7B + __KAM_VIAGRA7C + __KAM_VIAGRA7D) >= 2)
describe KAM_VIAGRA7 Viagra Obfuscation Technique SPAM
score KAM_VIAGRA7 3.1
#VIAGRA AD 8
body __KAM_VIAGRA8A /VI...?AGRA/i
body __KAM_VIAGRA8B /AM...?BIEN/i
body __KAM_VIAGRA8C /VA...?LIUM/i
body __KAM_VIAGRA8D /CI...?ALIS/i
meta KAM_VIAGRA8 ((__KAM_VIAGRA8A + __KAM_VIAGRA8B + __KAM_VIAGRA8C + __KAM_VIAGRA8D) >= 2)
describe KAM_VIAGRA8 Viagra Obfuscation Technique SPAM
score KAM_VIAGRA8 5.1
#VIAGRA AD 9
body __KAM_VIAGRA9A /V[IL1]A..GRA/i
body __KAM_VIAGRA9B /AMB..IEN/i
body __KAM_VIAGRA9C /VAL..IUM/i
body __KAM_VIAGRA9D /C[IL1]A..LIS/i
meta KAM_VIAGRA9 ((__KAM_VIAGRA9A + __KAM_VIAGRA9B + __KAM_VIAGRA9C + __KAM_VIAGRA9D) >= 2)
describe KAM_VIAGRA9 Viagra Obfuscation Technique SPAM
score KAM_VIAGRA9 5.1
#TIME PIECE
header __KAM_TIME1 Subject =~ /(replica|diamond|designer[-_ ](watch|piece|collection)|(old|replica|style) watch|time[-_ ](keeper|piece)|wrist|chronometer|replica watches|watches are in fashion)/i
#0.50 WEIGHTED TESTS
body __KAM_TIME2 /(replica|diamond|designer[-_ ]piece|designer[-_ ]collections|time[-_ ]piece|wrist|time-keeper)/is
header __KAM_TIME3 Subject =~ /time/i
body __KAM_TIME4 /time/i
body __KAM_TIME5 /watch/i
#SEXUALLY EXPLICIT RULES ROUND TWO
body __KAM_SEX1 /(?:double[ -]?headed|pornstar|huge weenie|male power|\d\dper\. of men|male enhancement product|enlarge patch|boost up your virility|clinically tested|improve manhood)/i
body __KAM_SEX2 /(?:cunt|busty|pills|interracial|hardcore|peni(s|le) enlarge|generic quality|enlarge your manhood|stone-hard manhood)/i
header __KAM_SEX3 Subject =~ /(double dildo|bunsfuck|dominatrix|huge tits|anti-ED|most confident man|for men over 30|peni(s|le) enlargement|interracial gobble|bitch sucking dong|product actually does work)/i
body __KAM_SEX4 /(?:bring your girlfriend back|I am nice girl|Fantastic casino games, VIP Lounge| and great casino bonuses| satisfied with their size|penis so huge and heavy|more semen|volume of your loads|wondercum)/i
describe KAM_SEX Sexually Explicit SPAM / Penis Enlargement Scam
score KAM_SEX 2.0
meta KAM_SEX (__KAM_SEX1 + __KAM_SEX2 + __KAM_SEX3 + __KAM_SEX4 + __HTML_IMG_ONLY >= 2)
#STUPID PICTURE SPAMS
body __KAM_PIC1 /(tired|bored) (this )?(today|tonight|evening|morning|afternoon)/is
body __KAM_PIC2 /(nice|25 y.o.) girl/is
body __KAM_PIC3 /like to chat/is
body __KAM_PIC4 /(like to share some of my pics|some (?:great )?pictures of me|sending some of my pictures|To see my pic|hope you like my pic|will reply with my pics|show you some pic)/is
body __KAM_PIC5 /picture|photo/i
describe KAM_PIC Share Pictures and Chat SPAM
score KAM_PIC 2.5
meta KAM_PIC (__KAM_PIC1 + __KAM_PIC2 + __KAM_PIC3 + __KAM_PIC4 + __KAM_PIC5 >= 4)
#YET MORE DRUG SCAMS
body __KAM_DRUG1 /Quality and cheap|premier quality|supor-collosal mixture|Discount-?Pharmacy/is
body __KAM_DRUG2 /cheaper|redeem in bulk and save|bigger quantities and Save|drugstore accredi[dt]ations|economical (?:value|amount)/is
rawbody __KAM_DRUG3 /local drugstore|(hush-hush|secret) with no waiting rooms|confidential package|distributed securely|shape is our main concern/is
body __KAM_DRUG4 /click to buy|no previous doctors direction|No prescript[oi]{2}n needed|no script necessary|medicine assistance supplier|buy your medications|mail[- ]?order medicine/is
describe KAM_DRUG More Viagra, Medicine, et al Scams
score KAM_DRUG 2.5
meta KAM_DRUG (__KAM_DRUG1 + __KAM_DRUG2 + __KAM_DRUG3 + __KAM_DRUG4 + __KAM_VIAGRA6A + __KAM_VIAGRA7A + KAM_REPLACE >= 4)
#RECENT RASH OF VIRII/TROJAN PAYLOADS USING GREETING CARD NOTICES - IPHTTP IDEA BY STEPHEN FORD
body __KAM_CARD1 /(worshipper|friend|Neighbou?r|partner|mate|colleague|member|worshipper|cousin|pal|brother|friend|father|mother|uncle|aunt|daughter|son|nephew)(\(.{0,35}\))? has (sent you|created) (?:an|a)?\s*(?:funny|love|post|greeting|birthday|animated|musical|holiday|love|hallmark|thank you|e)\s*(e|post)?-?card/i
body __KAM_CARD2 /(laughing kitty|crazy cat) card|enjoy your awesome card|Click on your .{0,15}card('s)? (link|direct www address) below|To see your custom .{0,15}card, simply click on the (link below|following)|(as you can see on the ecard)|^your .{1,15}card link:$|I bet your wife won\'?t do this for you|Your temporary Login Info|temp\.? password id|pics I took of my Ex-Wife/i
body __KAM_CARD3 /I['`]m in hurry, but i still love you...|has (issued you a greeting|made you an Ecard)|^(Follow this link:|click (here to enter our secure server:))?\s*?http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i
header __KAM_CARD4 Subject =~ /Here is some pics to say thanks|do you like em?|here is my picture|bra is too tight|look what I like to do|(\s|^)e-?cards?(\s|$)/i
rawbody __KAM_CARD5 /postcard(\.gif)?\.exe/i
describe KAM_CARD Trojan or Virus Payload from fake ecard notice
score KAM_CARD 2.5
meta KAM_CARD (__KAM_CARD1 + __KAM_CARD2 + __KAM_CARD3 + __KAM_CARD4 + __KAM_CARD5 + __KAM_IPHTTP>= 3)
body __KAM_UNIV1 /(University Administration|University Enrollment|Education Assessment|Faculty Assessment|University Degree|Administration Office|Education office|Schools office|Enrollment Office|Online University)/is
body __KAM_UNIV2 /\d (week|month).{0,30}degree/is
body __KAM_UNIV3 /(past work|professional|based on your|earned from|life|life and work|present work) experience/is
body __KAM_UNIV4 /not official degree/is
body __KAM_UNIV5 /novelty (degree|use)/is
body __KAM_UNIV6 /verifiable University Degree/is
body __KAM_UNIV7 /(life|work) experience (diploma|degree|transcript)/is
body __KAM_UNIV8 /Career Path/is
body __KAM_UNIV9 /non[- ]?ac(credited)?.{1,10}universit/is
body __KAM_UNIV10 /(graduating|diploma) (within|in) (as little as)? (one|two|three|\d) (week|month)/is
body __KAM_UNIV11 /(degree|transcript) in any field/is
body __KAM_UNIV12 /(obtain your diploma|diploma that you want|Criminal Justice or Homeland Security degree)/is
body __KAM_UNIV13 /(degree|field|diploma) of your (choice|expertise)/is
body __KAM_UNIV14 /(earn a|full) transcript/is
body __KAM_UNIV15 /(No Study Required|Without Exams|No examinations|without attending a single class|no classes|no textbooks|no (?:required )?tests|degree .{0,30}you deserve)/is
body __KAM_UNIV16 /\d weeks.{0,30}graduated/is
header __KAM_UNIV17 Subject =~ /(dip(i|l)oma|degree|transcript|award|increase ?your ?income|degree online)/i
body __KAM_UNIV18 /100% discrete/is
body __KAM_UNIV1B /\d (months|weeks)/i
body __KAM_UNIV2B /d[_\. ]?e[_\. ]?g[_\. ]?r[_\. ]?e[_\. ]?e/i
body __KAM_UNIV3B /(dead end job|improve your future, and your income|high paying jobs)/is
body __KAM_UNIV4B /1.?0.?0.?% (legit|verifiable|online)/is
body __KAM_UNIV5B /F A S T[ ]{0,4}T R A C K/is
body __KAM_UNIV6B /DIP\sLOMA/
meta KAM_UNIV ((__KAM_UNIV1 + __KAM_UNIV2 + __KAM_UNIV3 + __KAM_UNIV4 + __KAM_UNIV5 + __KAM_UNIV6 + __KAM_UNIV7 + __KAM_UNIV8 + __KAM_UNIV9 + __KAM_UNIV10 + __KAM_UNIV11 + __KAM_UNIV12 + __KAM_UNIV13 + __KAM_UNIV14 + __KAM_UNIV15 + __KAM_UNIV16 + __KAM_UNIV17 + __KAM_UNIV18) >= 2 || (__KAM_UNIV1B + __KAM_UNIV2B + __KAM_UNIV3B + __KAM_UNIV4B + __KAM_UNIV5B + __KAM_UNIV6B) >= 3)
describe KAM_UNIV Diploma Mill Rule
score KAM_UNIV 4.5
#KAM GOOGLE SPAM
uri KAM_GOOGLE_STRING /^http:\/\/www.google.com\/url\?q=/i
describe KAM_GOOGLE_STRING Use of Google redir appearing in spam July 2006
score KAM_GOOGLE_STRING 1.0
#KAM GEOCITIES SPAM
# Updated by KAM based on Work by Dallas L. Engelken
uri KAM_GEO_STRING2 /^http:\/\/(?:\w{1,5}\.)?geocities(?:\.yahoo)?\.com(?:\.\w{1,5})?(?::\d*)?\/.+?/i
describe KAM_GEO_STRING2 Use of geocities/yahoo very likely spam as of Dec 2005
score KAM_GEO_STRING2 4.7
#KAM MSN SPAM
uri KAM_MSN_STRING /^http:\/\/spaces\.msn\.com(?::\d*)?\/.+\//i
describe KAM_MSN_STRING Use of spaces.msn.com likely spam as of Mar 2006
score KAM_MSN_STRING 4.5
#EOF
blacklist_from rxlovecpatain.com
blacklist_from eachthick.com
blacklist_from abarca.com
No comments:
Post a Comment