summaryrefslogtreecommitdiffstats
path: root/rules
Commit message (Collapse)AuthorAgeFilesLines
* [Minor] Skip bitcoin address check for very long wordsAnton Yuzhaninov2021-09-171-2/+4
| | | | | | Exclude very long words (which can be extracted e. g. from some text attachments) from bitcoin address check to avoid excessive resource usage.
* [Rules] Improve zero font ruleVsevolod Stakhov2021-09-071-2/+2
|
* [Minor] Regexp: Extend upstream spam filter regexpSebastian Lipponer2021-08-211-1/+3
|
* [Rules] Micro-optimize X_PHP_EVALAnton Yuzhaninov2021-08-051-1/+1
| | | | | Remove /i flag from regexp string "eval()'d code" is always in lower case. While here use long string format for readability.
* [Minor] Fix checks safetyVsevolod Stakhov2021-07-191-2/+4
|
* [Minor] Add safety guardsVsevolod Stakhov2021-07-081-2/+2
|
* [Fix] Fix an edge case in BITCOIN_ADDR ruleAndrew Lewis2021-06-231-2/+3
| | | | | - when using PCRE - and different address types are present
* [Minor] Pet luacheckVsevolod Stakhov2021-06-141-2/+0
|
* [Project] Rework html visibility ruleVsevolod Stakhov2021-06-141-34/+14
|
* [Rules] Fix zerofont rule (partially)Vsevolod Stakhov2021-06-121-1/+3
|
* [Rules] Extend OLD_X_MAILERAnton Yuzhaninov2021-05-221-3/+4
| | | | Add more old iPhone/iPad Mail versions to the regexp.
* [Rules] Extend FORGED_X_MAILERAnton Yuzhaninov2021-05-221-3/+10
| | | | | Match in FORGED_X_MAILER fake iPhone Mail header with a random string in place of iOS build number, e. g. iPhone Mail (WKN0M)
* [Rules] Fix CTYPE_MIXED_BOGUS for text attachmentsVsevolod Stakhov2021-05-191-1/+1
| | | | Issue: #3748
* [Minor] Fix bit operations logicVsevolod Stakhov2021-05-131-5/+6
|
* [Minor] Filter urls for R_SUSPICIOUS_URL checkVsevolod Stakhov2021-05-111-3/+3
| | | | Suggested by: @citrin
* [Minor] Use numeric bit and for checking flagsVsevolod Stakhov2021-05-111-3/+8
|
* [Minor] Fix REPLYTO_ADDR_EQ_FROM for normalised addressesAndrew Lewis2021-04-291-1/+1
|
* [Rules] Add raw addresses to MULTIPLE_FROM optionsAnton Yuzhaninov2021-04-271-9/+2
| | | | | | It is confusing to have MULTIPLE_FROM with a single address in options, which happens if one of addresses is empty - usually because of misplaces <>. While here simplify condition.
* [Minor] Make HAS_PHPMAILER_SIG regexps more specificAnton Yuzhaninov2021-04-271-1/+7
| | | | Use stricter regexp to avoid false matches.
* [Rules] Fix FPs for CTYPE_MIXED_BOGUSVsevolod Stakhov2021-04-111-6/+11
|
* [Rules] Fix HTTP_TO_HTTPS ruleVsevolod Stakhov2021-04-091-1/+1
|
* [Rules] Do not trigger HTML_SHORT_LINK_IMG on external imagesVsevolod Stakhov2021-04-081-1/+1
|
* Fix typos in code commentsKako, Chang2021-04-071-3/+3
|
* [Minor] Bitcoin: Another fix for bleach32 regexpVsevolod Stakhov2021-03-301-1/+1
|
* [Minor] fix typo: obfusicated -> obfuscatedRichard Schwab2021-03-241-1/+1
|
* [Rules] Another fix to HTTP_TO_HTTPS ruleVsevolod Stakhov2021-03-161-10/+10
|
* [Rules] Fix HTTP_TO_HTTPS ruleVsevolod Stakhov2021-03-131-10/+22
|
* [Rules] Reduce default weight for R_MISSING_CHARSETVsevolod Stakhov2021-03-121-1/+1
|
* [Minor] Fix OMOGRAPH_URL for the changes in the phished flagVsevolod Stakhov2021-03-091-1/+4
|
* [Minor] Properly use task:set_recipientsVsevolod Stakhov2021-03-081-1/+1
|
* [Fix] Fix Mozilla Message-ID detectionAlexander Moisseev2021-02-051-1/+1
| | | The left part of the Mozilla Message-ID is a hexadecimal timestamp. The regexp was mistakenly limited to 2021-01-14.
* [Fix] Avoid reinitialising neural settingsAndrew Lewis2021-02-051-2/+0
|
* [Minor] Add another bounce reVsevolod Stakhov2021-02-041-0/+1
|
* Fix typos in code commentsPavel Rochnyack2020-12-231-3/+3
|
* [Minor] Fix missing commaVsevolod Stakhov2020-12-221-1/+1
|
* Merge pull request #3582 from citrin/x-mailer-rulesVsevolod Stakhov2020-12-221-3/+18
|\ | | | | [Rules] X-Mailer rules update
| * [Minor] Add rule for forged X-Mailer: Internet Mail ServiceAnton Yuzhaninov2020-12-221-0/+15
| |
| * [Minor] Add {header} for header regexpsAnton Yuzhaninov2020-12-221-3/+3
| |
* | [Minor] Use task:has_header instead of task:get_headerAnton Yuzhaninov2020-12-223-18/+13
|/ | | | Use task:has_header() to check if header is exists.
* [Minor] Remove R_SAJDING and SUSPICIOUS_OPERA_10W_MSGIDAnton Yuzhaninov2020-12-211-22/+2
| | | | These rules are no longer relevant.
* [Minor] Add FORGED_X_MAILER rule for X-Mailer used by spambootsAnton Yuzhaninov2020-12-211-0/+20
|
* Merge pull request #3577 from fatalbanana/http_headers_pluginVsevolod Stakhov2020-12-192-182/+0
|\ | | | | [Minor] Move http_headers to plugin
| * [Minor] Move http_headers to pluginAndrew Lewis2020-12-172-182/+0
| | | | | | | | | | | | | | | | - Support multiple DKIM results - Insert DKIM trace symbols - Always disable callbacks if we got a header - Make the plugin default-disabled - Disable callbacks instead of virtual symbols
* | Merge pull request #3570 from fatalbanana/nn_trainingVsevolod Stakhov2020-12-172-2/+75
|\ \ | |/ |/| [Feature] Add controller endpoint for training neural
| * [Feature] Add controller endpoint for training neuralAndrew Lewis2020-12-172-2/+75
| | | | | | | | | | | | | | | | - Move neural functions to library - Parameterise spawn_train - neural plugin: Fix store_pool_only when autotrain is true - neural plugin: Use cache_set instead of mempool - Add test
* | [Minor] Update regexp for R_UNDISC_RCPTAnton Yuzhaninov2020-12-141-2/+10
| | | | | | | | | | Match more variations for undisclosed-recipients, but don't match when it is used as a lame real name.
* | [Minor] Add rule for old MUA versionAnton Yuzhaninov2020-12-141-0/+25
| | | | | | | | | | These versions are rarely used by real uses nowadays, but can be found in spam.
* | [Minor] Remove FAKE_REPLY_C and move FAKE_REPLY rule to regexp moduleAnton Yuzhaninov2020-12-122-37/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | FAKE_REPLY_C rule no longer works because MUA it used are no longer used (and ones which are used changed headers they add). In theory one can test all popular modern MUA and see which add only References, which only In-Reply-To and which add both headers. But it will be a lot of work to maintain such rule up to date. It still has a small number of hits, but mostly because some spammers use old X-Mailer headers. This should be addressed separately. While here re-create FAKE_REPLY as a regexp module rule - this way it should be more efficient.
* | [Minor] Remove AOL_SPAM ruleAnton Yuzhaninov2020-12-121-7/+0
|/ | | | | | Mail from AOL not longer have X-AOL-Global-Disposition header and this rule no longer works. AOL messages now have X-YMail-OSG header (like yahoo.com), but it is encrypted/obfuscated and cannot be used here.
* [Minor] Use rspamd_parsers directlyVsevolod Stakhov2020-11-111-3/+4
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 19:06:56 +0000