From 595ddb96d0681a6d841db69f96a3b79d842b2810 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 17 Feb 2023 14:52:09 +0000 Subject: [PATCH] [Minor] Improve SURBL rule descriptions --- conf/scores.d/surbl_group.conf | 52 +++++++++++++++++----------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/conf/scores.d/surbl_group.conf b/conf/scores.d/surbl_group.conf index 10ad05701..9f3eeeb57 100644 --- a/conf/scores.d/surbl_group.conf +++ b/conf/scores.d/surbl_group.conf @@ -22,31 +22,31 @@ max_score = 12.5; symbols = { "SURBL_BLOCKED" { weight = 0.0; - description = "SURBL: blocked by policy/overusage"; + description = "SURBL: query blocked by policy/overusage"; one_shot = true; groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Phishing sites"; + description = "A domain in the message is listed in SURBL as phishing"; one_shot = true; groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { weight = 5.5; - description = "SURBL: Malware sites"; + description = "A domain in the message is listed in SURBL as malware"; one_shot = true; groups = ["surblorg"]; } "ABUSE_SURBL" { weight = 5.5; - description = "SURBL: ABUSE"; + description = "A domain in the message is listed in SURBL as abused"; one_shot = true; groups = ["surblorg"]; } "CRACKED_SURBL" { weight = 4.0; - description = "SURBL: cracked site"; + description = "A domain in the message is listed in as SURBL cracked"; one_shot = true; groups = ["surblorg"]; } @@ -80,87 +80,87 @@ symbols = { "SEM_URIBL_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL" { weight = 3.5; - description = "Spameatingmonkey uribl"; + description = "A domain in the message is listed in Spameatingmonkey URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15_UNKNOWN" { weight = 0.0; - description = "Spameatingmonkey Fresh15 uribl: unknown result"; + description = "Unrecognised result from Spameatingmonkey Fresh15 URIBL"; one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15" { weight = 3.0; - description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + description = "A domain in the message is listed in Spameatingmonkey Fresh15 URIBL (registered in the past 15 days, .AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US only)"; one_shot = true; groups = ["sem"]; } "DBL" { weight = 0.0; - description = "DBL unknown result"; + description = "Unrecognised result from Spamhaus DBL"; one_shot = true; groups = ["spamhaus"]; } "DBL_SPAM" { weight = 6.5; - description = "DBL uribl spam"; + description = "A domain in the message is listed in Spamhaus DBL as spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_PHISH" { weight = 6.5; - description = "DBL uribl phishing"; + description = "A domain in the message is listed in Spamhaus DBL as phishing"; one_shot = true; groups = ["spamhaus"]; } "DBL_MALWARE" { weight = 6.5; - description = "DBL uribl malware"; + description = "A domain in the message is listed in Spamhaus DBL as malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_BOTNET" { weight = 5.5; - description = "DBL uribl botnet C&C domain"; + description = "A domain in the message is listed in Spamhaus DBL as botnet C&C"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE" { weight = 6.5; - description = "DBL uribl abused legit spam"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit spam"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { weight = 1.5; - description = "DBL uribl abused spammed redirector domain"; + description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { weight = 7.5; - description = "DBL uribl abused legit phish"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit phish"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { weight = 7.5; - description = "DBL uribl abused legit malware"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit malware"; one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { weight = 5.5; - description = "DBL uribl abused legit botnet C&C"; + description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C"; one_shot = true; groups = ["spamhaus"]; } @@ -185,31 +185,31 @@ symbols = { "URIBL_MULTI" { weight = 0.0; - description = "uribl.com: unrecognised result"; + description = "Unrecognised result from URIBL.com"; one_shot = true; groups = ["uribl"]; } "URIBL_BLOCKED" { weight = 0.0; - description = "uribl.com: query refused"; + description = "URIBL.com: query refused, likely due to policy/overusage"; one_shot = true; groups = ["uribl", "blocked"]; } "URIBL_BLACK" { weight = 7.5; - description = "uribl.com black url"; + description = "A domain in the message is listed in URIBL.com black"; one_shot = true; groups = ["uribl"]; } "URIBL_RED" { weight = 3.5; - description = "uribl.com red url"; + description = "A domain in the message is listed in URIBL.com red"; one_shot = true; groups = ["uribl"]; } "URIBL_GREY" { weight = 1.5; - description = "uribl.com grey url"; + description = "A domain in the message is listed in URIBL.com grey"; one_shot = true; groups = ["uribl"]; } @@ -217,7 +217,7 @@ symbols = { "SPAMHAUS_ZEN_URIBL" { ignore = true; weight = 0.0; - description = "Spamhaus ZEN URIBL: Filtered result"; + description = "Unrecognised result from Spamhaus ZEN URIBL"; one_shot = true; groups = ["spamhaus"]; } @@ -231,7 +231,7 @@ symbols = { "URIBL_SBL_CSS" { ignore = true; weight = 6.5; - description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; + description = "A domain in the message body resolves to an IP listed in Spamhaus CSS"; one_shot = true; groups = ["spamhaus"]; } -- 2.39.5