required_hits 5 rewrite_header Subject [SPAM] report_safe 0 use_dcc 0 use_pyzor 0 use_razor2 1 skip_rbl_checks 0 rbl_timeout 3 score RCVD_IN_BL_SPAMCOP_NET 3 use_bayes 1 bayes_auto_learn 1 header ISO2022JP_CHARSET Content-Type =~ /charset=['"]?iso-2022-jp['"]?/i describe ISO2022JP_CHARSET ISO-2022-JP message score ISO2022JP_CHARSET -0.182 header GB2312_CHARSET Content-Type =~ /charset=['"]?GB2312['"]?/i describe GB2312_CHARSET GB2312 message score GB2312_CHARSET 10.00 header KS5601_CHARSET Content-Type =~ /charset= ?['"]?ks_c_5601/i describe KS5601_CHARSET KS_C_5601 message score KS5601_CHARSET 10.00 header MISYOUDAKU Subject =~ /L\$.*(>|=3E)5.*Bz/ describe MISYOUDAKU Misyoudaku score MISYOUDAKU 2.0 header BANG_BANG Subject =~ /(!\*|\033\$[B@]).*(!\*|\033\([BJ]!)/ describe BANG_BANG !...! score BANG_BANG 2.00 header STAR Subject =~ /(\"\(|\*|\!v)/ describe STAR * score STAR 1.0 header KOUKOKU Subject =~ /9-9p/ describe KOUKOKU KOUKOKU score KOUKOKU 2.0 meta MISYOUDAKUKOUKOKU MISYOUDAKU && KOUKOKU && STAR describe MISYOUDAKUKOUKOKU MISYOUDAKU && KOUKOKU && STAR score MISYOUDAKUKOUKOKU 4.0 meta MALFORMED_TO_KOUKOKU TO_MALFORMED && MISYOUDAKUKOUKOKU describe MALFORMED_TO_KOUKOKU TO_MALFORMED && MISYOUDAKUKOUKOKU score MALFORMED_TO_KOUKOKU 3.5 # Special thanks to Satoshi IWAMOTO-san, for advice: 2002/10/21 rawbody HAISHINTEISHI /G\[\?\.(..){0,2}(Dd;_|ITMW)/ describe HAISHINTEISHI Haishin (no) Teishi score HAISHINTEISHI 2.0 body KOUDOKUKAIJO /9XFI(..)*2r=\|/ describe KOUDOKUKAIJO Koudoku Kaijo score KOUDOKUKAIJO 1.5 body MURYOU /L5NA/ describe MURYOU Muryou score MURYOU 0.5 body KANZENMURYOU /40A4L5NA/ describe KANZENMURYOU Kanzenmuryou score KANZENMURYOU 2.0 header HAJIMEMASHITE Subject =~ /\$O\$8\$a\$\^\$7\$F/ describe HAJIMEMASHITE Hajimemashite ? I don't know about you. score HAJIMEMASHITE 3.0 body ISO2022JP_BODY /\033\$[B@]/ describe ISO2022JP_BODY ISO-2022-JP message score ISO2022JP_BODY -2.394 header X_MAILER X-Mailer =~ /(GpsMailer|SpireMail|IM200[01] Version|Pinta Magazine|MultiMail|BSMTP DLL|E-Magazine|Direct Email|Achi-Kochi Mail|MagicalMail|InternetPost for Active Platform|Web Based Pronto|Oshirase.*-Mailer|SendMailEX|Douhou\@Mail|DM Mailer|Easy DM|{%xmailer%}|^[0-9A-Za-z]{10,}$|pJs/ describe GOKUHIJOUHOU Gokuhi Jouhou score GOKUHIJOUHOU 5.0 body CENTRALREMOVALSERVICE /http:\/\/www.centralremovalservice.com\/cgi-bin\/.*.cgi/ describe CENTRALREMOVALSERVICE http://www.centralremovalservice.com/cgi-bin/ score CENTRALREMOVALSERVICE 5.0 body REDLIGHTEMAIL1 /www\.redlightemail\.com\/remove\.cfm/ describe REDLIGHTEMAIL http://www.redlightemail.com/remove.cfm score REDLIGHTEMAIL 2.0 body REDLIGHTEMAIL2 /100% Spam Free RedLightEmail/ describe REDLIGHTEMAIL2 100% Spam Free RedLightEmail score REDLIGHTEMAIL2 2.0 meta REDLIGHTEMAIL REDLIGHTEMAIL1 && REDLIGHTEMAIL2 describe REDLIGHTEMAIL REDLIGHTEMAIL1 && REDLIGHTEMAIL2 score REDLIGHTEMAIL 6.0 rawbody RANDOM_ID3 /^\(.+\)[0-9]+[A-Za-z]+[0-9]/ describe RANDOM_ID3 random numeric and alphabet ID-like phrase score RANDOM_ID3 10.0 body RANDOM_ID4 /[A-Za-z]{18,} [A-Za-z-.]{18,} [A-Za-z]{18,}/ describe RANDOM_ID4 random alphabet ID-like phrase score RANDOM_ID4 5.0 header ILLEGULAR_FROM From =~ /^[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+$/ describe ILLEGULAR_FROM From: xxxx@xxxx.jp@xxxx.jp score ILLEGULAR_FROM 10.0 header BIZIMAGA Subject =~ /:G\?7%S%8%M%9>pJs%\^%,%8%s/ describe BIZIMAGA BIZIMAGA score BIZIMAGA 10.0 header X_MACKY_ID_PRESENT exists:X-Macky-ID score X_MACKY_ID_PRESENT 10.0 header X_MACKYCATCODE_PRESENT exists:X-MackyCatCode score X_MACKYCATCODE_PRESENT 10.0 header X_MACKYMEDIA_PRESENT exists:X-MackyMedia score X_MACKYMEDIA_PRESENT 10.0 body BIJINESUSHOUKAIHP /%S%8%M%9>R2p.\(BHP/ describe BIJINESUSHOUKAIHP BIJINESUSHOUKAIHP score BIJINESUSHOUKAIHP 3.0 body GENSENBIJINESUJOUHOUHP /87A\*%S%8%M%9>pJs.\(BHP/ describe GENSENBIJINESUJOUHOUHP GENSENBIJINESUJOUHOUHP score GENSENBIJINESUJOUHOUHP 3.0 body EURO_SCAM /Learn how \$10,000 in options will leverage \$1,000,000 in/ describe EURO_SCAM Learn how $10,000 in options will leverage $1,000,000 in score EURO_SCAM 10.0 body BROWSE_FREE /BROWSE FREE!/ describe BROWSE_FREE BROWSE FREE! score BROWSE_FREE 1.0 body B100P_FREE /100% FREE/ describe B100P_FREE 100% FREE score B100P_FREE 1.0 rawbody OPTOUT6 /the opt\-out instruction below\. We apologize for any inconvenience\./i describe OPTOUT6 the opt-out instruction below. We apologize for any inconvenience. score OPTOUT6 3.0 body OPTOUT1 /""OPT-OUT""/ describe OPTOUT1 ""OPT-OUT"" score OPTOUT1 1.0 body OPTOUT2 /If you wish to "OPT-OUT" from this mailing/ describe OPTOUT2 If you wish to "OPT-OUT" from this mailing score OPTOUT2 1.0 body OPTOUT3 /http:\/\/.+optout\.html/i describe OPTOUT3 http://*****/optout.html score OPTOUT3 2.0 meta OPTOUT4 OPTOUT1 && OPTOUT2 && OPTOUT3 describe OPTOUT4 OPTOUT1 && OPTOUT2 && OPTOUT3 score OPTOUT4 4.0 body BAD_CREDIT /We specialize in .+BAD CREDIT/i describe BAD_CREDIT We specialize in approving BAD CREDIT! score BAD_CREDIT 1.0 rawbody HTML_COMMENT_ID // describe HTML_COMMENT_ID random ID number in HTML comment score HTML_COMMENT_ID 2.0 rawbody SHINGATASIDEBUSINESSJOHO /\?7.*7\?.*%5.*%\$.*%I.*%S.*%8.*%M.*%9.*>p.*Js/ describe SHINGATASIDEBUSINESSJOHO SHIN. GATA. SA. I. DO. BI. JI. NE. SU. JOU. HOU. score SHINGATASIDEBUSINESSJOHO 5.0 score IN_REP_TO -0.5 score FROM_AND_TO_SAME -0.5 score CTYPE_JUST_HTML 4.0 score MIME_HTML_ONLY 4.0 score INVALID_DATE 5.4 score TO_LOCALPART_EQ_REAL 1.0 score SMTPD_IN_RCVD 3.0 score REMOVE_PAGE 2.0 score X_PRECEDENCE_REF 4.4 full GB2312ENC /\nContent-Type: .*; charset=.*gb2312[\n\r]/i describe GB2312ENC gb2312 message score GB2312ENC 1.0 full MIMEQENC /\nContent-Transfer-Encoding: quoted-printable[\n\r]/i describe MIMEQENC Quoted-Printable mime definition score MIMEQENC 1.0 full QENCPTR1 /=[1-9][A-F]/ describe QENCPTR1 Quoted-Printable mime pattern score QENCPTR1 1.0 full QENCPTR2 /=[\n\r]/ describe QENCPTR2 Quoted-Printable mime pattern score QENCPTR2 1.0 meta GB2312QENC GB2312ENC && MIMEQENC && QENCPTR1 && QENCPTR2 describe GB2312QENC GB2312 quoted-printable MIME body score GB2312QENC 10.0 header BINARY_ENCODING Content-Transfer-Encoding =~ /binary/ describe BINARY_ENCODING Content-Transfer-Encoding: binary score BINARY_ENCODING 3.0 body STRICTLY_CONFIDENTIAL /STRICTLY CONFIDENTIAL/ describe STRICTLY_CONFIDENTIAL "STRICTLY CONFIDENTIAL" is NOT confidential. score STRICTLY_CONFIDENTIAL 3.0 body ABSOLUTE_CONFIDENCE /I am writing you in absolute confidence primarily to seek/i describe ABSOLUTE_CONFIDENCE I am writing you in absolute confidence primarily to seek score ABSOLUTE_CONFIDENCE 1.0 body SOURCE_OF_THE_MONEY /^Source of the money:/i describe SOURCE_OF_THE_MONEY Source of the money: score SOURCE_OF_THE_MONEY 0.3 body MY_LATE_FATHER /My late father.+, a native of +Mende District in the/i describe MY_LATE_FATHER My late father XXXXXX, a native of Mende District in the score MY_LATE_FATHER 0.5 meta NIGERIAN_TRANSACTION_6 ABSOLUTE_CONFIDENCE && SOURCE_OF_THE_MONEY && MY_LATE_FATHER describe NIGERIAN_TRANSACTION_6 ABSOLUTE_CONFIDENCE && SOURCE_OF_THE_MONEY && MY_LATE_FATHER score NIGERIAN_TRANSACTION_6 8.0 full SHIFT_JIS1 /charset="shift_jis"/i describe SHIFT_JIS1 charset="shift_jis" score SHIFT_JIS1 1.0 meta MULTI_SJIS MULTIPART_ALTERNATIVE && SHIFT_JIS1 describe MULTI_SJIS MULTIPART_ALTERNATIVE && SHIFT_JIS1 score MULTI_SJIS 1.0 header VSOURCE From =~ /Vsource/i describe VSOURCE VSOURCE score VSOURCE 5.0 header FAKEDMSOE User-Agent =~ /Microsoft-Outlook-Express-Macintosh-Edition/ describe FAKEDMSOE User-Agent: Microsoft-Outlook-Express-Macintosh-Edition score FAKEDMSOE 3.0 body OSOKUNATTEGOMEN /\$\*JV;vCY\$\/\$J\$C\$F\$4\$a\$s\$M/ describe OSOKUNATTEGOMEN "OSOKUNATTEGOMENNE" score OSOKUNATTEGOMEN 0.1 body HPTSUKUCCHATTA /HP.+:n\$C\$A\$c\$C\$\?/ describe HPTSUKUCCHATTA "HPchokottotsukucchatta" score HPTSUKUCCHATTA 0.5 body ASOBINIKITENE /M7\$S\$KMh\$F\$M/ describe ASOBINIKITENE "ASOBINIKITENE" score ASOBINIKITENE 0.1 meta LOVE2HOMUPEWAARUDO FAKEDMSOE && OSOKUNATTEGOMEN && HPTSUKUCCHATTA && ASOBINIKITENE describe LOVE2HOMUPEWAARUDO FAKEDMSOE && OSOKUNATTEGOMEN && HPTSUKUCCHATTA && ASOBINIKITENE score LOVE2HOMUPEWAARUDO 8.0 score HOT_NASTY 2.0 score BIG_FONT 2.0 score RATWARE_JIXING 10.0 score NIGERIAN_TRANSACTION_1 2.0 score NIGERIAN_TRANSACTION_2 2.0 score SPAM_PHRASE_03_05 2.0 score USER_AGENT_OE 2.0 score USER_AGENT_THEBAT 7.0 score RISK_FREE 2.0 score RATWARE_OE_MALFORMED 4.1 score CLICK_BELOW 1.0 score CLICK_HERE_LINK 1.0 # score US_DOLLARS_2 1.0 # score US_DOLLARS_3 1.0 # score US_DOLLARS_4 1.0 score RATWARE_DIFFOND 10.0 score FOR_INSTANT_ACCESS 1.0 score INSTANT_ACCESS 1.0 score MICROSOFT_EXECUTABLE 4.0 score CHARSET_FARAWAY_HEADERS 4.0 score PORN_4 4.0 score UPPERCASE_75_100 1.0 body CLICK_HERE_TO_UNSUB /^Click.+here.+to.+unsubscribe from this list/i describe CLICK_HERE_TO_UNSUB Click here to unsubscribe from this list score CLICK_HERE_TO_UNSUB 2.0 meta CLICK_HTML (CTYPE_JUST_HTML || MIME_HTML_ONLY) && CLICK_HERE_TO_UNSUB describe CLICK_HTML (CTYPE_JUST_HTML || MIME_HTML_ONLY) && CLICK_HERE_TO_UNSUB score CLICK_HTML 2.0 header SPAMMERS_BOUNDARY Content-Type =~ /multipart\/mixed; boundary="===_[A-Z][a-zA-Z]{5}_000_1[a-z]{13}"/ describe SPAMMERS_BOUNDARY possibly spam mailer's boundary format score SPAMMERS_BOUNDARY 5.0 header MICROSOFT_ZIPPEDEXE Content-Type =~ /application\/x-compressed;.+name=".+.zip"/i describe MICROSOFT_ZIPPEDEXE possibly ZIP'ed Microsoft Windows virus score MICROSOFT_ZIPPEDEXE 7.0 # Sorry, below rules are under construction. 03/07/06 by [yoh] # rawbody MICROSOFT_ZIPPEDEXE2 /application\/x-.*compressed;.+name=".+.zip"/i # body MICROSOFT_ZIPPEDEXE2 /application\/x\-zip\-compressed./i # describe MICROSOFT_ZIPPEDEXE2 possibly ZIP'ed Microsoft Windows virus # score MICROSOFT_ZIPPEDEXE2 0.1 # body MICROSOFT_ZIPPEDEXE3 /name/i # describe MICROSOFT_ZIPPEDEXE3 possibly ZIP'ed Microsoft Windows virus # score MICROSOFT_ZIPPEDEXE3 0.1 # meta MICROSOFT_ZIPPEDEXE4 MICROSOFT_ZIPPEDEXE2 && MICROSOFT_ZIPPEDEXE3 # describe MICROSOFT_ZIPPEDEXE4 MICROSOFT_ZIPPEDEXE2 && MICROSOFT_ZIPPEDEXE3 # score MICROSOFT_ZIPPEDEXE4 7.0 header MICROSOFT_EXEC2 Content-Type =~ /application\/x-msdownload;.+name=".+.exe"/i describe MICROSOFT_EXEC2 possibly Microsoft Windows virus score MICROSOFT_EXEC2 7.0 meta NIGERIAN_SCAM2 NIGERIAN_TRANSACTION_1 && MIMEQENC && US_DOLLARS_2 && US_DOLLARS_3 describe NIGERIAN_SCAM2 NIGERIAN_TRANSACTION_1 && MIMEQENC && US_DOLLARS_2 && US_DOLLARS_3 score NIGERIAN_SCAM2 4.0 rawbody OPTI_TARGET /^This is an Opti-Target network mailing\. You were subscribed to this/ describe OPTI_TARGET This is an Opti-Target network mailing. You were subscribed to this score OPTI_TARGET 3.0 body OPTOUTINSTRUCTIONS /Opt-Out Instructions/ describe OPTOUTINSTRUCTIONS Opt-Out Instructions score OPTOUTINSTRUCTIONS 1.0 body AGAINST_SENDING_UNSOLICITED /We are strongly against sending unsolicited emails to those/ describe AGAINST_SENDING_UNSOLICITED We are strongly against sending unsolicited emails to those score AGAINST_SENDING_UNSOLICITED 2.0 meta OPTOUT5 OPTOUTINSTRUCTIONS && AGAINST_SENDING_UNSOLICITED describe OPTOUT5 OPTOUTINSTRUCTIONS && AGAINST_SENDING_UNSOLICITED score OPTOUT5 3.0 meta NIGERIAN_SCAM3 NIGERIAN_TRANSACTION_1 && RISK_FREE && LINES_OF_YELLING && US_DOLLARS_3 describe NIGERIAN_SCAM3 NIGERIAN_TRANSACTION_1 && RISK_FREE && LINES_OF_YELLING && US_DOLLARS_3 score NIGERIAN_SCAM3 4.0 full DREAMWIZ /dreamwiz\.com/ describe DREAMWIZ http://my.dreamwiz.com/ score DREAMWIZ 5.0 header HANMAIL_NET Reply-To =~ /\@hanmail\.net/ describe HANMAIL_NET hanmail.net score HANMAIL_NET 2.0 meta PORN_HTML CLICK_HERE_LINK && PORN_4 describe PORN_HTML CLICK_HERE_LINK && PORN_4 score PORN_HTML 4.0 # meta PORN_HTML2 PORN_4 && CTYPE_JUST_HTML # describe PORN_HTML2 PORN_4 && CTYPE_JUST_HTML # score PORN_HTML2 2.0 body USE_THIS_LINK /Use this link and we will not contact your email .+ at .+ again/i describe USE_THIS_LINK Use this link and we will not contact your email ++++ at ++++.+++ again score USE_THIS_LINK 2.0 body AS_SEEN_ON_NBC /As seen (on )*NBC, CBS, (and )*CNN, and even Oprah[!.]/i describe AS_SEEN_ON_NBC As seen on NBC, CBS, and CNN, and even Oprah! score AS_SEEN_ON_NBC 3.0 body THIS_EMAIL_SURPRISE /I presume this email will not be a surprise to you/i describe THIS_EMAIL_SURPRISE I presume this email will not be a surprise to you score THIS_EMAIL_SURPRISE 3.0 meta NIGERIAN_SCAM4 THIS_EMAIL_SURPRISE && (US_DOLLARS_2 || US_DOLLARS_3 || US_DOLLARS_4) describe NIGERIAN_SCAM4 THIS_EMAIL_SURPRISE && (US_DOLLARS_2 || US_DOLLARS_3 || US_DOLLARS_4) score NIGERIAN_SCAM4 3.0 rawbody FOXMAIL /^X-Mailer: FoxMail 3\.11 Release \[cn\]/ describe FOXMAIL X-Mailer: FoxMail 3.11 Release [cn] score FOXMAIL 8.0 rawbody FUKUGYOU /I{6H/ describe FUKUGYOU FUKUGYOU score FUKUGYOU 0.5 rawbody SIDEBUSINESS /%5%\$%I%S%8%M%9/ describe SIDEBUSINESS SIDEBUSINESS score SIDEBUSINESS 1.0 rawbody BUSINESSJOUHOU /%S%8%M%9>pJs/ describe BUSINESSJOUHOU BUSINESSJOUHOU score BUSINESSJOUHOU 1.0 body FETIGAZOU /%U%'%A2hA\|/ describe FETIGAZOU FETIGAZOU score FETIGAZOU 2.0 body RAPEGAZOU /%l%\$%W2hA\|/ describe RAPEGAZOU RAPEGAZOU score RAPEGAZOU 3.0 body CHIRAGAZOU /%A%i2hA\|/ describe CHIRAGAZOU CHIRAGAZOU score CHIRAGAZOU 2.0 body IDOLOTAKARA /%"%\$%I%k\$\*Ju/ describe IDOLOTAKARA IDOLOTAKARA score IDOLOTAKARA 2.0 body KONKAIKAGIRI /\$3\$N%a!<%k\$O:\#2s8B\$j/ describe KONKAIKAGIRI KONKAIKAGIRI is NOT one-time mailing. score KONKAIKAGIRI 2.0 body YOU_RECEIVED_THIS_EMAIL /You received this email because you signed up/i describe YOU_RECEIVED_THIS_EMAIL You received this email because you signed up score YOU_RECEIVED_THIS_EMAIL 2.5 header XMIMETRACK X-MIMETrack =~ /Serialize by Router on .*\(Release / describe XMIMETRACK Serialize by Router on ...(Release ... score XMIMETRACK 1.0 # Special thanks to Hisaaki SHIBATA-san: 2003/04/04 header UNDISCLOSED To =~ /undisclosed-recipients*:/i describe UNDISCLOSED Undisclosed-recipients score UNDISCLOSED 2.00 meta PORN_SPAM1 (HOT_NASTY || LARGE_COLLECTION || NASTY_GIRLS || SPAM_PHRASE_01_02) && USE_THIS_LINK describe PORN_SPAM1 (HOT_NASTY || LARGE_COLLECTION || NASTY_GIRLS || SPAM_PHRASE_01_02) && USE_THIS_LINK score PORN_SPAM1 7.0 meta SUBJ_SPACES_UNIQID SUBJ_HAS_SPACES && SUBJ_HAS_UNIQ_ID describe SUBJ_SPACES_UNIQID SUBJ_HAS_SPACES && SUBJ_HAS_UNIQ_ID score SUBJ_SPACES_UNIQID 6.4 meta BROKEN_HEADERS DATE_MISSING && FROM_MISSING && MISSING_HEADERS && SUBJ_MISSING describe BROKEN_HEADERS DATE_MISSING && FROM_MISSING && MISSING_HEADERS && SUBJ_MISSING score BROKEN_HEADERS 8.0 meta MICROSOFT_VIRUS MICROSOFT_EXECUTABLE && (MIME_HTML_NO_CHARSET || MULTIPART_ALTERNATIVE || MIMEQENC) describe MICROSOFT_VIRUS MICROSOFT_EXECUTABLE && (MIME_HTML_NO_CHARSET || MULTIPART_ALTERNATIVE || MIMEQENC) score MICROSOFT_VIRUS 8.0 meta MIMEHEXQENC MIME_BOUND_MANY_HEX && MIMEQENC describe MIMEHEXQENC MIME_BOUND_MANY_HEX && MIMEQENC score MIMEHEXQENC 1.1 meta MIMEHEXLONGQ MIME_BOUND_MANY_HEX && MIME_LONG_LINE_QP describe MIMEHEXLONGQ MIME_BOUND_MANY_HEX && MIME_LONG_LINE_QP score MIMEHEXLONGQ 2.0 meta LOTSCCSPAMADDR LOTS_OF_CC_LINES && MAILTO_TO_SPAM_ADDR describe LOTSCCSPAMADDR LOTS_OF_CC_LINES && MAILTO_TO_SPAM_ADDR score LOTSCCSPAMADDR 2.0 meta IDMTAXPRIHIGH MSG_ID_ADDED_BY_MTA_2 && X_PRIORITY_HIGH describe IDMTAXPRIHIGH MSG_ID_ADDED_BY_MTA_2 && X_PRIORITY_HIGH score IDMTAXPRIHIGH 2.0 body FUJITAYUZAN /F\#EDM\:\;3/ describe FUJITAYUZAN FUJITAYUZAN score FUJITAYUZAN 0.5 body HIROSHIMAKENCHIJI /9\-Eg8\)CN\;v/ describe HIROSHIMAKENCHIJI HIROSHIMAKENCHIJI score HIROSHIMAKENCHIJI 0.5 body NOMOTODENO /\$N85\$G\$N/ describe NOMOTODENO NOMOTODENO score NOMOTODENO 0.1 body OSOROSHIIHANASHI /62\$m\$7\$\$OC/ describe OSOROSHIIHANASHI OSOROSHIIHANASHI score OSOROSHIIHANASHI 0.1 body GYOUSEISOSHO /9T\@\/AJ\>Y/ describe GYOUSEISOSHO GYOUSEISOSHO score GYOUSEISOSHO 0.1 body SOKURYOSHI /B\,NL\;N/ describe SOKURYOSHI SOKURYOSHI score SOKURYOSHI 0.1 meta FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI describe FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI score FUJITACHIJI 1.0 meta CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO describe CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO score CHIJINOMOTO 1.0 meta MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI describe MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI score MOTODEOSORO 1.0 meta OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO describe OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO score OSOROGYOUSEI 1.0 meta FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO describe FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO score FUJITASPAM1 3.0 meta FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI describe FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI score FUJITASPAM2 3.0 meta MULTIMIME MULTIPART_ALTERNATIVE && (MIME_BOUND_DIGITS_7 || MIME_BOUND_DIGITS_4) describe MULTIMIME MULTIPART_ALTERNATIVE && (MIME_BOUND_DIGITS_7 || MIME_BOUND_DIGITS_4) score MULTIMIME 3.0 header NIKKEIBP From =~ /nikkeibp.co.jp/ describe NIKKEIBP nikkeibp.co.jp score NIKKEIBP -10 # Thanks to: SHIBATA Hisaaki san body AFAF /(zimbabwe|nigeria|angola|south afric|Sierra|UNITA)/i describe AFAF Afaf score AFAF 1.5 # following "OBFUSCATING_COMMENT" body OBFUSCATING_COMMENT2 /(<\![[:print:]]+>).+\1.+\1.+\1.+\1/ describe OBFUSCATING_COMMENT2 HTML comments which obfuscate text score OBFUSCATING_COMMENT2 4.0 rawbody OBFUSCATING_COMMENT3 /<\!--[a-zA-Z0-9]+-->/ describe OBFUSCATING_COMMENT3 HTML comments which obfuscate text score OBFUSCATING_COMMENT3 2.0 # body FAKEWORDEMAIL /em\@il/i # describe FAKEWORDEMAIL em@il # score FAKEWORDEMAIL 0.5 # # body FAKEWORDEXTENTION /extensi0n/i # describe FAKEWORDEXTENTION extensi0n # score FAKEWORDEXTENTIONS 0.5 # # body FAKEWORDPLEASE /Ple\@se/i # describe FAKEWORDPLEASE Ple@se # score FAKEWORDPLEASE 0.5 # # body FAKEWORDREMOVE /rem0ve/i # describe FAKEWORDREMOVE rem0ve # score FAKEWORDREMOVE 0.5 # # body FAKEWORDPLEASEREMOVE /Ple\@se.+rem0ve:/i # describe FAKEWORDPLEASEREMOVE Ple@se rem0ve: # score FAKEWORDPLEASEREMOVE 1.5 # # body FAKEWORDNO /N0/i # describe FAKEWORDNO N0 # score FAKEWORDNO 0.5 # # body FAKEWORDTRANSFER /tr\@nsfer/i # describe FAKEWORDTRANSFER tr@nsfer # score FAKEWORDTRANSFER 0.5 # # rawbody REMOVEDOMAINSFORPEOPLE /^http\:\/\/www.domainsforpeople.com\/cgi\-bin\/off_list\.pl/i # describe REMOVEDOMAINSFORPEOPLE http://www.domainsforpeople.com/cgi-bin/off_list.pl # score REMOVEDOMAINSFORPEOPLE 1.5 # # meta DOMAINSFORPEOPLE REMOVEDOMAINSFORPEOPLE && (FAKEWORDEMAIL || FAKEWORDEXTENTION || FAKEWORDPLEASE || FAKEWORDREMOVE || FAKEWORDNO || FAKEWORDTRANSFER) # describe DOMAINSFORPEOPLE REMOVEDOMAINSFORPEOPLE && (FAKEWORDEMAIL || FAKEWORDEXTENTION || FAKEWORDPLEASE || FAKEWORDREMOVE || FAKEWORDNO || FAKEWORDTRANSFER) # score DOMAINSFORPEOPLE 3.0 rawbody FAKEDWORD_ATMARK /(^| |\r|\n)[A-Za-z]{0,}(\@[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ describe FAKEDWORD_ATMARK ex. em@il (this rule is only for body) score FAKEDWORD_ATMARK 0.5 # full FAKEDWORD_ZERO /((^)|( ))[A-Za-z]{0,}(0[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ full FAKEDWORD_ZERO /( |\r|\n)[A-Za-z]{0,}(0[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ describe FAKEDWORD_ZERO ex. Cust0mer score FAKEDWORD_ZERO 0.5 full FAKEDWORD_ONE /( |\r|\n)[A-Za-z]{0,}(1[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ describe FAKEDWORD_ONE ex. l1st score FAKEDWORD_ONE 0.5 full FAKEDWORD_EXCLAMATION /( |\r|\n)[A-Za-z]{0,}(\![A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ describe FAKEDWORD_EXCLAMATION ex. MED!C!NE score FAKEDWORD_EXCLAMATION 0.5 full FAKEDWORD_VERTICALLINE /( |\r|\n)[A-Za-z]{0,}(\|[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/ describe FAKEDWORD_VERTICALLINE ex. REM|O|VED score FAKEDWORD_VERTICALLINE 0.5 body GAPPY_REM0VED / R E M 0 V E D / describe GAPPY_REM0VED R E M 0 V E D score GAPPY_REM0VED 1.5 # special thanks to: R.Takashi ISHIOKA-san! 2003/07/16 body SJIS_SOSHINSHA /\221\227\220M\216\322/ describe SJIS_SOSHINSHA soushinsha using sjis score SJIS_SOSHINSHA 0.1 meta FAKED_SJISBODY1 SJIS_SOSHINSHA && ISO2022JP_BODY describe FAKED_SJISBODY1 SJIS_SOSHINSHA && ISO2022JP_BODY score FAKED_SJISBODY1 5.0 # body SJIS_URAVIDEO /\227\240\203r\203f\203\111/ # body SJIS_URAVIDEO /\227.\203r\203f\203\111/ body SJIS_URAVIDEO /\x97.\x83\x72\x83\x66\x83\x49/ describe SJIS_URAVIDEO uravideo using sjis score SJIS_URAVIDEO 0.5 body SJIS_SAISHINRYUSHUTSU /\x8d\xc5\x90\x56\x97\xac\x8f\x6f/ describe SJIS_SAISHINRYUSHUTSU saishinryushutsu using sjis score SJIS_SAISHINRYUSHUTSU 0.5 body SJIS_BURUSERA /\x83\x75\x83\x8b\x83\x5a\x83\x89/ describe SJIS_BURUSERA burusera using sjis score SJIS_BURUSERA 0.5 body SJIS_SHIROUTOTOUKOU /\x91\x66\x90\x6c\x93\x8a\x8d\x65/ describe SJIS_SHIROUTOTOUKOU shiroutotoukou using sjis score SJIS_SHIROUTOTOUKOU 0.5 body SJIS_YOUMONO /\x97\x6d\x95\xa8/ describe SJIS_YOUMONO youmono using sjis score SJIS_YOUMONO 0.5 body SJIS_TOUSATSU /\x93\x90\x8e\x42/ describe SJIS_TOUSATSU tousatsu using sjis score SJIS_TOUSATSU 0.5 body SJIS_LOLIKEI /\x83\x8d\x83\x8a\x8c\x6e/ describe SJIS_LOLIKEI lolikei using sjis score SJIS_LOLIKEI 0.5 body SJIS_ZENKAKU_SM /\x82\x72\x82\x6c/ describe SJIS_ZENKAKU_SM SM in zenkaku using sjis score SJIS_ZENKAKU_SM 0.5 meta PORN_SJIS (SJIS_BURUSERA||SJIS_LOLIKEI||SJIS_SAISHINRYUSHUTSU||SJIS_SHIROUTOTOUKOU||SJIS_TOUSATSU||SJIS_URAVIDEO||SJIS_YOUMONO||SJIS_ZENKAKU_SM)&&ISO2022JP_BODY describe PORN_SJIS (SJIS_BURUSERA||SJIS_LOLIKEI||SJIS_SAISHINRYUSHUTSU||SJIS_SHIROUTOTOUKOU||SJIS_TOUSATSU||SJIS_URAVIDEO||SJIS_YOUMONO||SJIS_ZENKAKU_SM)&&ISO2022JP_BODY score PORN_SJIS 5.0 body SJIS_SHUUDANSTALKER /\x8f\x57\x92\x63\x83\x58\x83\x67\x81\x5b\x83\x4a\x81\x5b/ describe SJIS_SHUUDANSTALKER Shuudan Stalker score SJIS_SHUUDANSTALKER 0.5 body SJIS_HONOMEKASHI /\x81\x75\x82\xd9\x82\xcc\x82\xdf\x82\xa9\x82\xb5\x81\x76\x82\xc6\x82\xcd/ describe SJIS_HONOMEKASHI Honomekashi Toha score SJIS_HONOMEKASHI 0.5 header HOSYOU_JPSPAM Received =~ /\(HELO hosyou/ describe HOSYOU_JPSPAM ZAITAKUBUSINESS type Japanese spammer score HOSYOU_JPSPAM 7.0 body SHOUKOMISEMASU /\>Z5r.+8\+\$\;\$\^\$9/ describe SHOUKOMISEMASU SHOUKO MISEMASU score SHOUKOMISEMASU 2.0 body MENSEKIJIKOU /LH\@U\;v9\`/ describe MENSEKIJIKOU MENSEKIJIKOU score MENSEKIJIKOU 0.5 body ZAITAKU /\:_Bp/ describe ZAITAKU ZAITAKU score ZAITAKU 0.5 body BUSINESS /%S%8%M%9/ describe BUSINESS BUSINESS score BUSINESS 0.5 body SHUUNYUU /\<\}F\~/ describe SHUUNYUU SHUUNYUU score SHUUNYUU 0.5 body HOSYOU_590MYEN /\#52\/\#9\@iK\|1_/ describe HOSYOU_590MYEN 590000000yen score HOSYOU_590MYEN 2.0 meta HOSYOUSPAM2 HOSYOU_JPSPAM && HOSYOU_590MYEN describe HOSYOUSPAM2 HOSYOU_JPSPAM && HOSYOU_590MYEN score HOSYOUSPAM2 5.0 body NO_LONGER_WISH /but if you no longer wish to receive our emails please:/i describe NO_LONGER_WISH but if you no longer wish to receive our emails please: score NO_LONGER_WISH 1.5 body ENJOYED_RECEIVING_EMAIL /We hope you enjoyed receiving this email/i describe ENJOYED_RECEIVING_EMAIL We hope you enjoyed receiving this email score ENJOYED_RECEIVING_EMAIL 1.0 meta ENJOYED_NO_LONGER NO_LONGER_WISH && ENJOYED_RECEIVING_EMAIL describe ENJOYED_NO_LONGER NO_LONGER_WISH && ENJOYED_RECEIVING_EMAIL score ENJOYED_NO_LONGER 2.5 body SOBIG_BODY /^(Please ){0,1}See the attached file for details/i describe SOBIG_BODY Please see the attached file for details. score SOBIG_BODY 1.0 header SOBIG_HEADER Content-Type =~ /multipart\/mixed;.+boundary="_NextPart_/ describe SOBIG_HEADER Probably Sobig.F's multipart header score SOBIG_HEADER 0.1 full SOBIG_HEADER2 /\nContent-Type: multipart\/mixed;\n\tboundary="_NextPart_/ describe SOBIG_HEADER2 Probably Sobig.F's multipart header score SOBIG_HEADER2 0.1 meta SOBIG_F SOBIG_BODY && (SOBIG_HEADER || SOBIG_HEADER2) describe SOBIG_F SOBIG_BODY && (SOBIG_HEADER || SOBIG_HEADER2) score SOBIG_F 8.0 uri OFF_LIST_CGI /www\..+\.com\/cgi(-bin){0,1}\/off_list\.(cgi|pl)/ describe OFF_LIST_CGI www.????.com/cgi-bin/off_list.cgi score OFF_LIST_CGI 1.0 meta FAKEDWORD_OFFLIST (FAKEDWORD_ATMARK|| FAKEDWORD_ZERO || FAKEDWORD_ONE || FAKEDWORD_EXCLAMATION || FAKEDWORD_VERTICALLINE) && OFF_LIST_CGI describe FAKEDWORD_OFFLIST (FAKEDWORD_ATMARK|| FAKEDWORD_ZERO || FAKEDWORD_ONE || FAKEDWORD_EXCLAMATION || FAKEDWORD_VERTICALLINE) && OFF_LIST_CGI score FAKEDWORD_OFFLIST 5.0 header OBFUS_JP_TO To =~ /=\?ISO-2022-JP\?B\?\?=