SOSDG Spam Assassin Rules
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

30_virus.cf 1.0KB

1234567891011121314151617
  1. # Subject: Your wife photos attached
  2. header SOSDG_VIRUS_WIFE1 Subject =~ /your (wife|wifes|wife's) (photo|photos) attached/i
  3. describe SOSDG_VIRUS_WIFE1 Subject is common virus/trojan sign
  4. score SOSDG_VIRUS_WIFE1 3.0
  5. body __LOCKY_TEST1 /I am sending copies of the documents as attachments/i
  6. body __LOCKY_TEST2 /Thank you very much for your reply/i
  7. body __LOCKY_TEST3 /I have attached the financial report you requested./i
  8. body __LOCKY_TEST4 /I am sending you the invoice you requested/i
  9. body __LOCKY_TEST5 /Attached please find the documents you requested/i
  10. body __LOCKY_TEST6 /wrong data file you received from me/i
  11. body __LOCKY_TEST7 /attached is concerned with the company database/i
  12. mimeheader __ZIP_ATTACHED Content-Type =~ /zip/i
  13. meta SOSDG_LOCKY_RANSOMWARE1 (( __LOCKY_TEST1 + __LOCKY_TEST2 + __LOCKY_TEST3 + __LOCKY_TEST4 + __LOCKY_TEST5 + __LOCKY_TEST6 + __LOCKY_TEST7 + __ZIP_ATTACHED ) > 1)
  14. score SOSDG_LOCKY_RANSOMWARE1 4.0
  15. describe SOSDG_LOCKY_RANSOMWARE1 Common patterns for Locky ransomware