SpamAssassin's list is moved to apache's mailing list server and I'm not receiving it properly so please excuse my writing here but there is enough crossover that I am hoping it will not be pointless.
In any case, I am trying to write a rule that helps catch phishing emails. I have started with the following: #COMBO rules to catch phishing expeditions #SWITCH TO __KAM_PHISH AFTER TESTING body KAM_PHISH_01 /<input /i describe KAM_PHISH_01 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_01 0.15 body KAM_PHISH_02 /credit card fail/i describe KAM_PHISH_02 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_02 0.15 body KAM_PHISH_03 /\bauthoriz/i describe KAM_PHISH_03 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_03 0.15 body KAM_PHISH_04 /\bname=cc/i describe KAM_PHISH_04 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_04 0.15 body KAM_PHISH_05 /\bname=cvv/i describe KAM_PHISH_05 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_05 0.15 body KAM_PHISH_06 /\bname=pin/i describe KAM_PHISH_06 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_06 0.15 body KAM_PHISH_07 /\bname=date/i describe KAM_PHISH_07 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_07 0.15 body KAM_PHISH_08 /\bname=year/i describe KAM_PHISH_08 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_08 0.15 body KAM_PHISH_09 /\bname=month/i describe KAM_PHISH_09 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_09 0.15 body KAM_PHISH_10 /\btype=submit/i describe KAM_PHISH_10 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_10 0.15 body KAM_PHISH_11 /\baccount management\b/i describe KAM_PHISH_11 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_11 0.15 body KAM_PHISH_12 /\bname=password/i describe KAM_PHISH_12 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_12 0.15 body KAM_PHISH_13 /<form.*action\=.*>/i describe KAM_PHISH_13 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_13 0.15 body KAM_PHISH_14 /\bname\=username/i describe KAM_PHISH_14 Partial Rule to try and Catch Phishing Emails score KAM_PHISH_14 0.15 meta KAM_combo_PHISH ((KAM_PHISH_01 + KAM_PHISH_02 + KAM_PHISH_03 + KAM_PHISH_04 + KAM_PHISH_05 + KAM_PHISH_06 + KAM_PHISH_07 + KAM_PHISH_08 + KAM_PHISH_09 + KAM_PHISH_10 + KAM_PHISH_11 + KAM_PHISH_12 + KAM_PHISH_13 + KAM_PHISH_14) > 6) describe KAM_combo_PHISH KAM - Phishing Expedition Email Probability High score KAM_combo_PHISH 1.0 #RAISE AFTER MORE TESTING I am having troubles getting the rules like name=password to match. Any insight? Regards, KAM _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
