Browse Source
[Minor] Remove R_SAJDING and SUSPICIOUS_OPERA_10W_MSGID
These rules are no longer relevant.tags/2.7
Anton Yuzhaninov
3 years ago
1 changed files with 2 additions and 17 deletions
+ 2
- 17
rules/regexp/headers.lua
View File
| @@ -153,15 +153,6 @@ reconf['R_MISSING_CHARSET'] = { | |||
| mime_only = true, | |||
| } | |||
| reconf['R_SAJDING'] = { | |||
| re = 'Subject=/\\bsajding(?:om|a)?\\b/iH', | |||
| score = 8.0, | |||
| description = 'Subject seems to be spam', | |||
| group = 'headers', | |||
| mime_only = true, | |||
| } | |||
| -- Find forged Outlook MUA | |||
| -- Yahoo groups messages | |||
| local yahoo_bulk = 'Received=/from \\[\\S+\\] by \\S+\\.(?:groups|scd|dcn)\\.yahoo\\.com with NNFMP/H' | |||
| @@ -436,20 +427,9 @@ reconf['FORGED_MUA_KMAIL_MSGID_UNKNOWN'] = { | |||
| local opera1x_mua = 'User-Agent=/^\\s*Opera Mail\\/1[01]\\.\\d+ /H' | |||
| -- Opera Mail Message-ID template | |||
| local opera1x_msgid = 'Message-ID=/^<?op\\.[a-z\\d]{14}\\@\\S+>?$/H' | |||
| local suspicious_opera10w_mua = 'User-Agent=/^\\s*Opera Mail\\/10\\.\\d+ \\(Windows\\)$/H' | |||
| local suspicious_opera10w_msgid = 'Message-Id=/^<?2009\\d{8}\\.\\d+\\.\\S+\\@\\S+?>$/H' | |||
| reconf['SUSPICIOUS_OPERA_10W_MSGID'] = { | |||
| re = string.format('(%s) & (%s)', suspicious_opera10w_mua, suspicious_opera10w_msgid), | |||
| score = 4.0, | |||
| description = 'Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail', | |||
| group = 'mua' | |||
| } | |||
| -- Rule for forged Opera Mail Message-ID header | |||
| reconf['FORGED_MUA_OPERA_MSGID'] = { | |||
| re = string.format('(%s) & !(%s) & !(%s) & !(%s)', opera1x_mua, opera1x_msgid, reconf['SUSPICIOUS_OPERA_10W_MSGID']['re'], unusable_msgid), | |||
| re = string.format('(%s) & !(%s) & !(%s)', opera1x_mua, opera1x_msgid, unusable_msgid), | |||
| score = 4.0, | |||
| description = 'Message pretends to be send from Opera Mail but has forged Message-ID', | |||
| group = 'mua' | |||
Loading…