# Subject: Your wife photos attached
header		SOSDG_VIRUS_WIFE1	Subject =~ /your (wife|wifes|wife's) (photo|photos) attached/i
describe	SOSDG_VIRUS_WIFE1	Subject is common virus/trojan sign
score		SOSDG_VIRUS_WIFE1	3.0

body		__LOCKY_TEST1		/I am sending copies of the documents as attachments/i
body		__LOCKY_TEST2		/Thank you very much for your reply/i
body		__LOCKY_TEST3		/I have attached the financial report you requested./i
body		__LOCKY_TEST4		/I am sending you the invoice you requested/i
body		__LOCKY_TEST5		/Attached please find the documents you requested/i
body		__LOCKY_TEST6		/wrong data file you received from me/i
body		__LOCKY_TEST7		/attached is concerned with the company database/i

mimeheader	__ZIP_ATTACHED		Content-Type =~ /zip/i
meta		SOSDG_LOCKY_RANSOMWARE1	(( __LOCKY_TEST1 + __LOCKY_TEST2 + __LOCKY_TEST3 + __LOCKY_TEST4 + __LOCKY_TEST5 + __LOCKY_TEST6 + __LOCKY_TEST7 + __ZIP_ATTACHED ) > 1)
score		SOSDG_LOCKY_RANSOMWARE1	4.0
describe	SOSDG_LOCKY_RANSOMWARE1	Common patterns for Locky ransomware