Enter 2005 December

home *** CD-ROM | disk | FTP | other *** search

/ Enter 2005 December / enter-cd-12-2005.iso / Internet / SpamAware 4.0 / SpamAware-Setup.exe / {app} / rules / jam.cf < prev next >

Wrap

Text File | 2005-07-14 | 26.1 KB | 464 lines

# tests around medications header JAM_VIAGRA ALL =~ /[v].?[i1|l!].?[a@].?[g].?[r].?[a@]/i describe JAM_VIAGRA Subject line contains medicine Viagra score JAM_VIAGRA 1.5 body JAM_VIAGRA_BD /[v].?[i1|l!].?[a@].?[g].?[r].?[a@]/i describe JAM_VIAGRA_BD Subject line contains typical medical product like Viagra or Valium score JAM_VIAGRA_BD 0.5 header JAM_HYDROCODONE ALL =~ /H.?y.?d.?r.?[o0].?c.?[o0].?d/i describe JAM_HYDROCODONE Subject line contains medicine Hydrocodone score JAM_HYDROCODONE 1.0 body JAM_HYDROCODONE_BD /H.?y.?d.?r.?[o0].?c.?[o0].?d/i describe JAM_HYDROCODONE_BD Subject line contains medicine Hydrocodone score JAM_HYDROCODONE_BD 0.3 header JAM_VICODIN ALL =~ /V.?[i1|l!].?c.?[o0].?d.?[i1|l!].?n/i describe JAM_VICODIN Subject line contains medicine Vicodin score JAM_VICODIN 1.0 body JAM_VICODIN_BD /V.?[i1|l!].?c.?[o0].?d.?[i1|l!].?n/i describe JAM_VICODIN_BD Subject line contains medicine Vicodin score JAM_VICODIN_BD 0.5 header JAM_LIPITOR ALL =~ /\sL.?[i1|l!].?p.?[i1|l!].?t.?[o0].?r/i describe JAM_LIPITOR Subject line contains medicine Vicodin score JAM_LIPITOR 1.0 body JAM_LIPITOR_BD /L.?[i1|l!].?p.?[i1|l!].?t.?[o0].?r/i describe JAM_LIPITOR_BD Body contains medicine Vicodin score JAM_LIPITOR_BD 0.5 header JAM_XANAX ALL =~ /X.?[a@].?n.?[a@].?x/i describe JAM_XANAX Subject line contains medicine Xanax score JAM_XANAX 1.5 body JAM_XANAX_BD /X.?[a@].?n.?[a@].?x/i describe JAM_XANAX_BD Subject line contains medicine Xanax score JAM_XANAX_BD 0.5 header JAM_VIOXX ALL =~ /V.?[i1|l!].?o.?x/i describe JAM_VIOXX Subject line contains medicine Vioxx score JAM_VIOXX 1.5 body JAM_VIOXX_BD /V.?[i1|l!].?o.?x/i describe JAM_VIOXX_BD Subject line contains medicine Viox score JAM_VIOXX_BD 0.5 header JAM_VALIUM Subject =~ /V.?[a@].?[l1|].?[i1|l!].?u.?m/i describe JAM_VALIUM Subject line contains medicine Valium score JAM_VALIUM 1.0 body JAM_VALIUM_BD /V.?[a\@o].?[l1|].?[i1|l!].?u.?m/i describe JAM_VALIUM_BD Subject line contains medicine Valium score JAM_VALIUM_BD 0.3 header JAM_PHENTERMINE ALL =~ /P.?h.?e.?n.?t.?e.?r.?m.?i.?n.?e/i describe JAM_PHENTERMINE Subject line contains medicine Phentermine score JAM_PHENTERMINE 1.5 body JAM_PHENTERMINE_BD /P.?h.?e.?n.?t.?e.?r.?m.?i.?n.?e/i describe JAM_PHENTERMINE_BD Subject line contains medicine Phentermine score JAM_PHENTERMINE_BD 0.3 header JAM_XENICAL ALL =~ /xenical/i describe JAM_XENICAL Subject line contains medicine Xenical score JAM_XENICAL 1.5 body JAM_XENICAL_BD /xenical/i describe JAM_XENICAL_BD Subject line contains medicine Xenical score JAM_XENICAL_BD 0.3 header JAM_BOTOX Subject =~ /B.?[o0].?t.?[o0].?x/i describe JAM_BOTOX Subject line contains Botox score JAM_BOTOX 1.5 body JAM_BOTOX_BD /B.?[o0].?t.?[o0].?x/i describe JAM_BOTOX_BD Body contains Botox score JAM_BOTOX_BD 0.5 header JAM_CIALIS ALL =~ /[C].?[i1|.]?[a\@]?[l1].?[i1|l!].?s/i describe JAM_CIALIS Subject line contains medicine Cialis score JAM_CIALIS 1.8 body JAM_CIALIS_BD /\sC.?[i1|.]?[a@].?[l1].?[i1|l!].?s/i describe JAM_CIALIS_BD Subject line contains medicine Cialis score JAM_CIALIS_BD 0.6 header JAM_LEVITRA Subject =~ /L.?e.?v.?[i1|l!].?t.?r.?[a\@]/i describe JAM_LEVITRA Subject line contains medicine Levitra score JAM_LEVITRA 1.0 body JAM_LEVITRA_BD /L.?e.?v.?[i1|l!].?t.?r.?[a@]/i describe JAM_LEVITRA_BD Subject line contains medicine Levitra score JAM_LEVITRA_BD 0.5 header JAM_NORCO Subject =~ /\s.?N.?[o0].?r.?c.?[o0].?\s/i describe JAM_NORCO Subject line contains medicine Norco score JAM_NORCO 1.0 body JAM_NORCO_BD /\s.?N.?[o0].?r.?c.?[o0].?\s/i describe JAM_NORCO_BD Body contains medicine Norco score JAM_NORCO_BD 0.5 header JAM_PROZAC Subject =~ /P.?r.?o.?z.?a.?c/i describe JAM_PROZAC Subject line contains medicine Prozac score JAM_PROZAC 1.0 body JAM_PROZAC_BD /P.?r.?o.?z.?a.?c/i describe JAM_PROZAC_BD Body contains medicine Prozac score JAM_PROZAC_BD 0.5 header JAM_CIALAPREN Subject =~ /C.?i.?a.?l.?a.?p.?r.?e.?n/i describe JAM_CIALAPREN Subject line contains Cialapren score JAM_CIALAPREN 3.5 body JAM_CIALAPREN_BD /C.?i.?a.?l.?a.?p.?r.?e.?n/i describe JAM_CIALAPREN_BD Body contains Cialapren score JAM_CIALAPREN_BD 1.5 header JAM_GROWTH_HORMONE Subject =~ /G.?r.?o.?w.?t.?h.?.?.?H.?o.?r.?m.?o.?n.?e/i describe JAM_GROWTH_HORMONE Subject Line contains "Growth Hormone" score JAM_GROWTH_HORMONE 2.5 body JAM_GROWTH_HORMONE_BD /G.?r.?o.?w.?t.?h.?.?.?H.?o.?r.?m.?o.?n.?e/i describe JAM_GROWTH_HORMONE_BD Body contains "Growth Hormone" score JAM_GROWTH_HORMONE_BD 1.0 header JAM_PHARMACY Subject =~ /(?:m.?e.?d.?i.?c.?a.?t.?i.?o.?n|p.?h.?a.?r.?m.?[a\@e].?c|\Wmeds\W|p.?r.?e.?s.?c.?r.?i.?p.?t.?i.?o.?n|p[i1|l][l1]l[sz\b]|health)/i describe JAM_PHARMACY Subject line contains pharmacy, medication etc score JAM_PHARMACY 0.5 body JAM_PHARMACY_BD /(?:m.?e.?d.?i.?c.?a.?t.?i.?o.?n|p.?h.?a.?r.?m.?a.?c|\Wmeds\W|p.?r.?e.?s.?c.?r.?i.?p.?t.?i.?o.?n|p[i1|l][l1]l[sz\b])/i describe JAM_PHARMACY_BD Body contains pharmacy, medication etc score JAM_PHARMACY_BD 0.1 meta JAM_PHARMACY_PRODUCTS ((JAM_VIAGRA + JAM_HYDROCODONE + JAM_VICODIN + JAM_XANAX + JAM_VALIUM + JAM_PHENTERMINE + JAM_XENICAL + JAM_BOTOX + JAM_CIALIS + JAM_LEVITRA + JAM_NORCO + JAM_LIPITOR + JAM_VIOXX)>2) describe JAM_PHARMACY_PRODUCTS Subject line contains multiple typical medicines like Viagra or Xanax score JAM_PHARMACY_PRODUCTS 3.0 meta JAM_PHARMACY_PRODUCTS_BD ((JAM_VIAGRA_BD + JAM_HYDROCODONE_BD + JAM_VICODIN_BD + JAM_XANAX_BD + JAM_VALIUM_BD + JAM_PHENTERMINE_BD + JAM_XENICAL_BD + JAM_BOTOX_BD + JAM_LEVITRA_BD + JAM_CIALIS_BD + JAM_NORCO_BD + JAM_LIPITOR_BD + JAM_VIOXX_BD + JAM_PHARMACY_BD)>2) describe JAM_PHARMACY_PRODUCTS_BD Body contains multiple typical medicines like Viagra or Xanax score JAM_PHARMACY_PRODUCTS_BD 3.0 # Meta tests meta JAM_PHARMACY_MANY_BD ((JAM_PHARMACY_PRODUCTS_BD + JAM_SHIPPING_BD) > 1) describe JAM_PHARMACY_MANY_BD Body contains medical products and shipping information score JAM_PHARMACY_MANY_BD 1.5 meta JAM_PHARMACY_MANY2_BD ((JAM_PHARMACY_BD + JAM_SHIPPING_BD) > 1) describe JAM_PHARMACY_MANY2_BD Body contains medical products and shipping information score JAM_PHARMACY_MANY2_BD 2.0 meta JAM_PHARMACY_IMAGE_ONLY ((JAM_PHARMACY || JAM_PHARMACY_PRODUCTS || JAM_PHARMACY_PRODUCTS_BD || JAM_PHARMACY_BD) && (HTML_IMAGE_RATIO_08 || HTML_IMAGE_RATIO_02 || HTML_IMAGE_RATIO_04 || HTML_IMAGE_RATIO_06 || HTML_IMAGE_ONLY_02)) describe JAM_PHARMACY_IMAGE_ONLY Subject contains medical products and shipping information score JAM_PHARMACY_IMAGE_ONLY 2.5 header __JAM_SHIPPING1 Subject =~ /\s(?:e.?x.?p.?r.?e.?s.?s|o.?n.?l.?i.?n.?e|o.?v.?e.?r.?n.?i.?g.?h.?t|w.?o.?r.?l.?d.?w.?i.?d.?e).{0,10}(?:s.?h.?i.?p.?p.?i.?n.?g|s.?h.?i.?p.?m.?e.?n.?t)/i header __JAM_SHIPPING2 Subject =~ /\s(?:s.?h.?i.?p.?p.?i.?n.?g|s.?h.?i.?p.?p.?e.?d|s.?h.?i.?p.?m.?e.?n.?t|ship\b).{0,10}(?:e.?x.?p.?r.?e.?s.?s|o.?n.?l.?i.?n.?e|o.?v.?e.?r.?n.?i.?g.?h.?t|w.?o.?r.?l.?d.?w.?i.?d.?e|next day)/i meta JAM_SHIPPING (__JAM_SHIPPING1 || __JAM_SHIPPING2) describe JAM_SHIPPING Subject line contains shipping information score JAM_SHIPPING 0.5 body __JAM_SHIPPING1_BD /\s(?:express|online|overnight|w.?o.?r.?l.?d.?w.?i.?d.?e).{0,10}(?:s.?h.?i.?p.?p.?i.?n.?g|s.?h.?i.?p.?m.?e.?n.?t)/i body __JAM_SHIPPING2_BD /\s(?:s.?h.?i.?p.?p.?i.?n.?g|s.?h.?i.?p.?m.?e.?n.?t|ship\b).{0,10}(?:e.?x.?p.?r.?e.?s.?s|o.?n.?l.?i.?n.?e|o.?v.?e.?r.?n.?i.?g.?h.?t|w.?o.?r.?l.?d.?w.?i.?d.?e)/i meta JAM_SHIPPING_BD (__JAM_SHIPPING1_BD || __JAM_SHIPPING2_BD) describe JAM_SHIPPING_BD Body contains shipping information score JAM_SHIPPING_BD 0.2 meta __JAM_SHIPPING_ALL (JAM_SHIPPING || JAM_SHIPPING_BD) describe __JAM_SHIPPING_ALL Subject or Body contains shipping information meta JAM_PHARMACY_MANY ((JAM_PHARMACY_PRODUCTS + JAM_SHIPPING) > 1) describe JAM_PHARMACY_MANY Subject contains medical products and shipping information score JAM_PHARMACY_MANY 3.5 meta JAM_PHARMACY_MANY2 ((JAM_PHARMACY + JAM_SHIPPING) > 1) describe JAM_PHARMACY_MANY2 Body contains medical products and shipping information score JAM_PHARMACY_MANY2 2.5 # Other keywords header JAM_MORTGAGE Subject =~ /(?:m.?[o0].?r.?t.?g.?[a@].?g.?e|\bd.?e.?b.?t\b^|r.?e.?f.?i.?n.?a.?n.?c.?e)/i describe JAM_MORTGAGE Subject contains mortgage, debt or similar score JAM_MORTGAGE 2.0 body JAM_MORTGAGE_BD /(?:m.?[0o].?r.?t.?g.?[a@].?g.?e|\bd.?e.?b.?t\b)/i describe JAM_MORTGAGE_BD Body contains mortgage, debt or similar score JAM_MORTGAGE_BD 1.6 header JAM_LOAN Subject =~ /\s.?l.?o.?[a@].?n.?\s/i describe JAM_LOAN Subject contains "loan" score JAM_LOAN 1.0 body JAM_LOAN_BD /\s.?l.?o.?[a@].?n.?\s/i describe JAM_LOAN_BD Subject contains "loan" score JAM_LOAN_BD 0.5 body JAM_LOW_RATES /\blow.{0,20}rate/i describe JAM_LOW_RATES Mail contains "low rate(s)" score JAM_LOW_RATES 0.3 header JAM_LOW_PRICES Subject =~ /\bl[o0]w.{0,20}pr[i1|l!]ce/i describe JAM_LOW_PRICES Header contains hint about low prices score JAM_LOW_PRICES 0.4 body JAM_LOW_PRICES_BD /\blow.{0,20}price/i describe JAM_LOW_PRICES_BD Mail contains hint about low prices score JAM_LOW_PRICES_BD 0.2 body JAM_BAD_CREDIT /(?:b.?a.?d.{0,6}c.?r.?e.?d.?i.?t|F.?i.?n.?a.?n.?c.?i.?a.?l.? .?p.?r.?o.?b.?l.?e.?m)/i describe JAM_BAD_CREDIT Mail contains "bad credit" score JAM_BAD_CREDIT 0.3 body JAM_RANDOMWORD /(?:RNDDOMAINWORD|RND_SYB|RND_WORD)/ describe JAM_RANDOMWORD Body contains bulk mailer fault %RNDDOMAINWORD or similar score JAM_RANDOMWORD 4.0 header JAM_CHEAP_SOFTWARE Subject =~ /(?:not expensive|c.?h.?e.?a.?p).{0,20}s.?o.?f.?t.?w.?a.?r.?e/i describe JAM_CHEAP_SOFTWARE Subject line contains "cheap software" score JAM_CHEAP_SOFTWARE 0.4 body JAM_CHEAP_SOFTWARE_BD /(?:not expensive|c.?h.?e.?a.?p).{0,20}s.?o.?f.?t.?w.?a.?r.?e/i describe JAM_CHEAP_SOFTWARE_BD Body contains "cheap software" score JAM_CHEAP_SOFTWARE_BD 0.2 body __SOFTWARE_PRODUCT_XP /W[i1|l]nd[o0]ws?.?(?:X.?P|2000|Server|2003)/i body __SOFTWARE_PRODUCT_MSO /[O0]ff[i1|l]ce.?(?:X.?P|2000|2003)/i body __SOFTWARE_PRODUCT_PS /Ph[o0]t[o0]sh[o0]p/i body __SOFTWARE_PRODUCT_PM /P[a@][gq]em[a@]ker/i body __SOFTWARE_PRODUCT_ACR /[A@]cr[0o]b[a@]t/i body __SOFTWARE_PRODUCT_COREL /Core[il1|] Draw/i body __SOFTWARE_PRODUCT_NERO /Ahead Nero/i body __SOFTWARE_PRODUCT_NAV /N[0o]rt[o0]n/i meta SOFTWARE_PRODUCTS_MANY ((__SOFTWARE_PRODUCT_XP + __SOFTWARE_PRODUCT_MSO + __SOFTWARE_PRODUCT_PS + __SOFTWARE_PRODUCT_ACR + __SOFTWARE_PRODUCT_COREL + __SOFTWARE_PRODUCT_ACR + __SOFTWARE_PRODUCT_NERO + __SOFTWARE_PRODUCT_NAV) >2) describe SOFTWARE_PRODUCTS_MANY Body contains many different software products score SOFTWARE_PRODUCTS_MANY 1.2 meta SOFTWARE_MANY_CHEAP (SOFTWARE_PRODUCTS_MANY && (JAM_CHEAP_SOFTWARE || JAM_CHEAP_SOFTWARE_BD || JAM_LOW_PRICES || JAM_LOW_PRICES_BD)) describe SOFTWARE_MANY_CHEAP Body contains many different software products at low prices score SOFTWARE_MANY_CHEAP 3.5 meta JAM_SHIPPING_SOFTWARE ((JAM_CHEAP_SOFTWARE || JAM_CHEAP_SOFTWARE_BD || SOFTWARE_PRODUCTS_MANY) && __JAM_SHIPPING_ALL) describe JAM_SHIPPING_SOFTWARE Mail contains software offers and shipping information score JAM_SHIPPING_SOFTWARE 0.8 header JAM_CABLE_DISCRAMBLER Subject =~ /c.?[a@].?b.?l.?e.{0,12}(?:d.?i.?s.?c.?r.?[a@].?m.?b.?l|f.?[i1|l!].?[l1].?t.?e.?r)/i describe JAM_CABLE_DISCRAMBLER Subject mentions Cable discrambler score JAM_CABLE_DISCRAMBLER 2.0 body JAM_CABLE_DISCRAMBLER_BD /c.?[a@].?b.?l.?e.{0,12}(?:d.?i.?s.?c.?r.?[a@].?m.?b.?l|f.?[i1|l!].?[l1].?t.?e.?r)/i describe JAM_CABLE_DISCRAMBLER_BD Body mentions Cable discrambler score JAM_CABLE_DISCRAMBLER_BD 1.0 header JAM_XXX_MOVIES Subject =~ /(?:XXX|porn).{0,12}(?:movie|pics|picture)/i describe JAM_XXX_MOVIES Subject mentions XXX movies etc. score JAM_XXX_MOVIES 3.0 body JAM_XXX_MOVIES_BD /(?:XXX|porn).{0,8}(?:movie|pics|picture)/i describe JAM_XXX_MOVIES_BD Body mentions XXX movies etc. score JAM_XXX_MOVIES_BD 1.5 header JAM_SAVINGS Subject =~ /(?:Savings|discount|l[o0]w.{0,12}price)/i describe JAM_SAVINGS Subject line contains word savings score JAM_SAVINGS 0.5 body JAM_PAGE_IS_LOADING /(?:(?:Page|Picture|Image).{0,8}loading|Loading.{0,8}(?:Page|Picture|Image))/i describe JAM_PAGE_IS_LOADING Body indicates that a page from the web is loaded, which is often done by HTML spam mails score JAM_PAGE_IS_LOADING 0.5 header JAM_LONG_SUBJECT Subject =~ /.{120,10000}/ describe JAM_LONG_SUBJECT Very long subject, possibly filled up with random words by bulk mailer score JAM_LONG_SUBJECT 1.0 body JAM_LONG_DOMAIN_LINK /http:\/\/[\w.]{35,600}\// describe JAM_LONG_DOMAIN_LINK Very long domain name in link, possibly filled up with random words by bulk mailer score JAM_LONG_DOMAIN_LINK 1.0 body JAM_LONG_LINK /http:[^> \n<"]{100,1000}\s/ describe JAM_LONG_LINK Very long link in mail, possibly filled up with random words by bulk mailer score JAM_LONG_LINK 0.2 header JAM_PENIS Subject =~ /(?:p.?e.?n.?[i1|l!].?s|\s.?d.?i.?c.?k.?\s|\s.?c.?o.?c.?k.?\s)/i describe JAM_PENIS Subject contains "penis" score JAM_PENIS 2.5 body JAM_PENIS_BD /(?:\s.?p.?e.?n.?[i1|l!].?s.?\s|\s.?d.?i.?c.?k.?\s|\s.?c.?o.?c.?k.?\s)/i describe JAM_PENIS_BD Body contains "penis" score JAM_PENIS_BD 0.8 header __ENLARGEMENT Subject =~ /(?:e.?n.?l.?a.?r.?g.?e.?m.?e.?n.?t|g.?r.?o.?w.?t.?h|e.?n.?h.?a.?n.?c.?e.?m.?e.?n.?t)/i meta JAM_PENIS_ENLARGEMENT (JAM_PENIS && __ENLARGEMENT) describe JAM_PENIS_ENLARGEMENT Subject contains "penis" and "enlargement" score JAM_PENIS_ENLARGEMENT 2.5 body JAM_PENIS_ENLARGE_BD /(?:p.?e.?n.?[i1|l!].?s|e.?n.?l.?a.?r.?g.?e).{0,16}(?:p.?e.?n.?[i1|l!].?s|e.?n.?l.?a.?r.?g.?e.?m.?e.?n.?t|g.?r.?o.?w.?t.?h)/i describe JAM_PENIS_ENLARGE_BD Body contains "penis" and "enlargement" score JAM_PENIS_ENLARGE_BD 2.0 header JAM_ERECTION Subject =~ /e.?r.?e.?c.?t.?[i1|l!].?[o0].?n/i describe JAM_ERECTION Subject contains "erection" score JAM_ERECTION 2.0 body JAM_ERECTION_BD /e.?r.?e.?c.?t.?[i1|l!].?[o0].?n/i describe JAM_ERECTION_BD Body contains "erection" score JAM_ERECTION_BD 1.5 header JAM_EJACULATION Subject =~ /(?:e.?j.?[a@].?c.?u.?[l1].?[a@].?t|[o0].?r.?g.?[a@].?s.?m)/i describe JAM_EJACULATION Subject contains "ejaculation" score JAM_EJACULATION 2.0 body JAM_EJACULATION_BD /(?:e.?j.?[a@].?c.?u.?[l1].?[a@].?t|[o0].?r.?g.?[a@].?s.?m)/i describe JAM_EJACULATION_BD Body contains "ejaculation" score JAM_EJACULATION_BD 1.5 rawbody JAM_SMALL_FONT_SIZE /font[- ]size[^\d]{1,4}(?:[0-1][^\d]|[0-2][^\d]?(?:px|;))/i describe JAM_SMALL_FONT_SIZE Body of mail contains parts with very small font score JAM_SMALL_FONT_SIZE 0.5 rawbody JAM_LARGE_FONT_SIZE /font[- ]size[^\d]{1,4}[3-9][0-9][^\d]/i describe JAM_LARGE_FONT_SIZE Body of mail contains parts with very large font score JAM_LARGE_FONT_SIZE 0.5 body JAM_DO_STH_HERE /(?:O.?r.?d.?e.?r|C.?[l1].?[i1|l!].?c.?k|P.?r.?e.?s.?s|A.?p.?p.?[l1].?[yi]|V.?i.?s.?i.?t|B.?u.?y|C.?h.?e.?c.?k|I.?n.?f.?o).{0,9}\bh.?e.?r.?e/i describe JAM_DO_STH_HERE Body contains Click/Order/Press... Here score JAM_DO_STH_HERE 0.3 header JAM_DOLLARS Subject =~ /(?:d.?o.?l.?l.?a.?r.?|USD|\$)/i describe JAM_DOLLARS Subjects mentions dollar(s) score JAM_DOLLARS 0.8 header JAM_EMPTY_SUBJECT Subject =~ /^.?$/ describe JAM_EMPTY_SUBJECT Mail has an empty subject score JAM_EMPTY_SUBJECT 0.4 rawbody HTML_EMPTY_LINES /(\s?<br>\s?){15,999}/i describe HTML_EMPTY_LINES HTML Mail with many empty lines score HTML_EMPTY_LINES 1.2 header JAM_INVERZ_ETC Subject =~ /(?:\bInverz\b|RufIdent\b)/i describe JAM_INVERZ_ETC Spam for offering reverse search for telephone numbers score JAM_INVERZ_ETC 1.5 body JAM_INVERZ_ETC_BD /(?:\bInverz\b|RufIdent\b)/i describe JAM_INVERZ_ETC_BD Spam for offering reverse search for telephone numbers score JAM_INVERZ_ETC_BD 0.5 header JAM_UNIVESITY_DEGREE Subject =~ /U.?n.?i.?v.?e.?r.?s.?i.?t.?y.{1,15}(?:D.?i.?p.?l.?o.?m.?a|d.?e.?g.?r.?e.?e)/i describe JAM_UNIVESITY_DEGREE Mail offers university degress in subject score JAM_UNIVESITY_DEGREE 1.5 body JAM_UNIVESITY_DEGREE_BD /U.?n.?i.?v.?e.?r.?s.?i.?t.?y.{1,15}(?:D.?i.?p.?l.?o.?m.?a|d.?e.?g.?r.?e.?e)/i describe JAM_UNIVESITY_DEGREE_BD Mail offers university degress in body score JAM_UNIVESITY_DEGREE_BD 0.4 header __JAM_BACHELOR Subject =~ /B.?a.?c.?h.?e.?l.?o.?r/i header __JAM_MASTER Subject =~ /M.?a.?s.?t.?e.?r/i header __JAM_MBA Subject =~ /M.?B.?A/i header __JAM_PHD Subject =~ /P.?H.?D/i header __JAM_DIPLOMA Subject =~ /D.?i.?p.?l.?o.?m.?a/i header __JAM_DOCTORATE Subject =~ /D.?o.?c.?t.?o.?r/i body __JAM_BACHELOR_BD /B.?a.?c.?h.?e.?l.?o.?r/i body __JAM_MASTER_BD /M.?a.?s.?t.?e.?r/i body __JAM_MBA_BD /M.?B.?A/i body __JAM_PHD_BD /P.?H.?D/i body __JAM_DIPLOMA_BD /D.?i.?p.?l.?o.?m.?a/i body __JAM_DOCTORATE_BD /D.?o.?c.?t.?o.?r/i meta JAM_DEGREES_MANY ((__JAM_BACHELOR + __JAM_MASTER + __JAM_MBA + __JAM_PHD + __JAM_DIPLOMA + __JAM_DOCTORATE) >2) describe JAM_DEGREES_MANY Header contains many different university degrees score JAM_DEGREES_MANY 3.0 meta JAM_DEGREES_MANY_BD ((__JAM_BACHELOR_BD + __JAM_MASTER_BD + __JAM_MBA_BD + __JAM_PHD_BD + __JAM_DIPLOMA_BD + __JAM_DOCTORATE_BD) >3) describe JAM_DEGREES_MANY_BD Body contains many different university degrees score JAM_DEGREES_MANY_BD 3.0 header JAM_REPEATED_VOCALS_A Subject =~ /a{4,15}/i describe JAM_REPEATED_VOCALS_A Header of mail contains repeats the vocal a score JAM_REPEATED_VOCALS_A 0.5 header JAM_REPEATED_VOCALS_E Subject =~ /e{4,15}/i describe JAM_REPEATED_VOCALS_E Header of mail contains repeats the vocal e score JAM_REPEATED_VOCALS_E 0.5 header JAM_REPEATED_VOCALS_I Subject =~ /i{4,15}/i describe JAM_REPEATED_VOCALS_I Header of mail contains repeats the vocal i score JAM_REPEATED_VOCALS_I 0.5 header JAM_REPEATED_VOCALS_O Subject =~ /o{4,15}/i describe JAM_REPEATED_VOCALS_O Header of mail contains repeats the vocal o score JAM_REPEATED_VOCALS_O 0.5 header JAM_REPEATED_VOCALS_U Subject =~ /u{4,15}/i describe JAM_REPEATED_VOCALS_U Header of mail contains repeats the vocal u score JAM_REPEATED_VOCALS_U 0.5 body JAM_REPEATED_VOCALS_A_BD /a{4,15}/i describe JAM_REPEATED_VOCALS_A_BD Body of mail contains repeats the vocal a score JAM_REPEATED_VOCALS_A_BD 0.3 body JAM_REPEATED_VOCALS_E_BD /e{4,15}/i describe JAM_REPEATED_VOCALS_E_BD Body of mail contains repeats the vocal e score JAM_REPEATED_VOCALS_E_BD 0.3 body JAM_REPEATED_VOCALS_I_BD /i{4,15}/i describe JAM_REPEATED_VOCALS_I_BD Body of mail contains repeats the vocal i score JAM_REPEATED_VOCALS_I_BD 0.3 body JAM_REPEATED_VOCALS_O_BD /o{4,15}/i describe JAM_REPEATED_VOCALS_O_BD Body of mail contains repeats the vocal o score JAM_REPEATED_VOCALS_O_BD 0.3 body JAM_REPEATED_VOCALS_U_BD /u{4,15}/i describe JAM_REPEATED_VOCALS_U_BD Body of mail contains repeats the vocal u score JAM_REPEATED_VOCALS_U_BD 0.3 meta JAM_REPEATED_VOCALS_MANY_BD ((JAM_REPEATED_VOCALS_A_BD + JAM_REPEATED_VOCALS_E_BD + JAM_REPEATED_VOCALS_I_BD + JAM_REPEATED_VOCALS_O_BD + JAM_REPEATED_VOCALS_U_BD) > 3) describe JAM_REPEATED_VOCALS_MANY_BD Body of mail contains many repeated vocals score JAM_REPEATED_VOCALS_MANY_BD 1.5 header JAM_REPLACED_O Subject =~ /\s(?:[a-z]{2,15}0[a-z1.,!?]{2,15}|[a-z]0[a-z1.,!?]{2,15}|[a-z]{3,15}0[a-z1.,!?])\s/i describe JAM_REPLACED_O Header contains the words in which the letter O has beeen replaced by another sign like a zero score JAM_REPLACED_O 0.8 body JAM_REPLACED_O_BD /\s(?:[a-z]{2,15}0[a-z1.,!?]{2,15}|[a-z]0[a-z1.,!?]{3,15}|[a-z]{3,15}0[a-z1.,!?])\s/i describe JAM_REPLACED_O_BD Header contains the words in which the letter O has beeen replaced by another sign like a zero score JAM_REPLACED_O_BD 0.3 header JAM_REPLACED_I Subject =~ /\s(?:[a-z]{2,15}[1|!][a-z0.,!?]{2,15}|[a-z][1|!][a-z0.,!?]{2,15}|[a-z]{3,15}[1|!][a-z0.,!?])\s/i describe JAM_REPLACED_I Header contains the words in which the letter O has beeen replaced by another sign like a zero score JAM_REPLACED_I 0.8 body JAM_REPLACED_I_BD /\s(?:[a-z]{2,15}[1|!][a-z]{2,15}|[a-z][1|!][a-z]{3,15}|[a-z]{3,15}[1|!][a-z])\s/i describe JAM_REPLACED_I_BD Header contains the words in which the letter I has beeen replaced by another sign like a one or exclamation mark score JAM_REPLACED_I_BD 0.3 meta JAM_REPLACED_SIGNS_MANY ((JAM_REPLACED_O + JAM_REPLACED_O_BD + JAM_REPLACED_I + JAM_REPLACED_I_BD ) >= 2) describe JAM_REPLACED_SIGNS_MANY Several signs in the mail have been replaced by numbers score JAM_REPLACED_SIGNS_MANY 1.0 rawbody JAM_ENCRYPTED_HTML_STYLE /style.{0,9}=.{0,9}&\#/i describe JAM_ENCRYPTED_HTML_STYLE HTML mail contains style attribute that is encrypted using HTML entities like p score JAM_ENCRYPTED_HTML_STYLE 2.0 rawbody JAM_HTML_HIDDEN_ELEMS /(style.{1,5}display.{1,4}none.*?){2}/i describe JAM_HTML_HIDDEN_ELEMS HTML mail contains hidden elements score JAM_HTML_HIDDEN_ELEMS 1.0 header JAM_TYPICAL_SPAM_SUBJECT Subject =~ /(?:MONEY WITH STOCKS|hot stocks|cheap pharmacy)/i describe JAM_TYPICAL_SPAM_SUBJECT Header of mail contains repeats the vocal a score JAM_TYPICAL_SPAM_SUBJECT 2.2 #Re-score some rules #score HTML_IMAGE_ONLY_02 3.5 #score FORGED_IMS_TAG 2.5