From 027453fe4a8c02b7af1bb05da5d373b19c0c0700 Mon Sep 17 00:00:00 2001 From: Anton Yuzhaninov Date: Mon, 21 Dec 2020 20:05:45 +0000 Subject: [PATCH] [Minor] Remove R_SAJDING and SUSPICIOUS_OPERA_10W_MSGID These rules are no longer relevant. --- rules/regexp/headers.lua | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 3a044c498..516fc1232 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -153,15 +153,6 @@ reconf['R_MISSING_CHARSET'] = { mime_only = true, } --- Subject seems to be spam -reconf['R_SAJDING'] = { - re = 'Subject=/\\bsajding(?:om|a)?\\b/iH', - score = 8.0, - description = 'Subject seems to be spam', - group = 'headers', - mime_only = true, -} - -- Find forged Outlook MUA -- Yahoo groups messages local yahoo_bulk = 'Received=/from \\[\\S+\\] by \\S+\\.(?:groups|scd|dcn)\\.yahoo\\.com with NNFMP/H' @@ -436,20 +427,9 @@ reconf['FORGED_MUA_KMAIL_MSGID_UNKNOWN'] = { local opera1x_mua = 'User-Agent=/^\\s*Opera Mail\\/1[01]\\.\\d+ /H' -- Opera Mail Message-ID template local opera1x_msgid = 'Message-ID=/^?$/H' --- Suspicious Opera Mail User-Agent header -local suspicious_opera10w_mua = 'User-Agent=/^\\s*Opera Mail\\/10\\.\\d+ \\(Windows\\)$/H' --- Suspicious Opera Mail Message-ID, apparently from KMail -local suspicious_opera10w_msgid = 'Message-Id=/^$/H' --- Summary rule for forged Opera Mail User-Agent header and Message-ID header from KMail -reconf['SUSPICIOUS_OPERA_10W_MSGID'] = { - re = string.format('(%s) & (%s)', suspicious_opera10w_mua, suspicious_opera10w_msgid), - score = 4.0, - description = 'Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail', - group = 'mua' -} --- Summary rule for forged Opera Mail Message-ID header +-- Rule for forged Opera Mail Message-ID header reconf['FORGED_MUA_OPERA_MSGID'] = { - re = string.format('(%s) & !(%s) & !(%s) & !(%s)', opera1x_mua, opera1x_msgid, reconf['SUSPICIOUS_OPERA_10W_MSGID']['re'], unusable_msgid), + re = string.format('(%s) & !(%s) & !(%s)', opera1x_mua, opera1x_msgid, unusable_msgid), score = 4.0, description = 'Message pretends to be send from Opera Mail but has forged Message-ID', group = 'mua' -- 2.39.5