Server IP : 103.119.228.120 / Your IP : 3.144.42.174 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/lib/spamassassin/3.004002/updates_spamassassin_org/ |
Upload File : |
# SpamAssassin rules file: Image information tests # # Please don't modify this file as your changes will be overwritten with # the next update. Use /etc/mail/spamassassin/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # </@LICENSE> # ########################################################################### ifplugin Mail::SpamAssassin::Plugin::ImageInfo ## # you can match by image name ## body DC_IMAGE001_GIF eval:image_named('image001.gif') ## describe DC_IMAGE001_GIF Contains image named image001.gif ## # you can do exact image size matches ## body DC_GIF_264_127 eval:image_size_exact('gif','264','127') ## describe DC_GIF_264_127 Found 264x127 pixel gif, possible pillz # you can do image to text, or image to html ratios rawbody __DC_IMG_HTML_RATIO eval:image_to_text_ratio('all', '0.000', '0.015') describe __DC_IMG_HTML_RATIO Low rawbody to pixel area ratio body __DC_IMG_TEXT_RATIO eval:image_to_text_ratio('all', '0.000', '0.008') describe __DC_IMG_TEXT_RATIO Low body to pixel area ratio # body DC_GIF_TEXT_RATIO eval:image_to_text_ratio('gif',0.000, 0.008) # describe DC_GIF_TEXT_RATIO Low body to GIF pixel area ratio # rawbody DC_GIF_HTML_RATIO eval:image_to_text_ratio('gif',0.000, 0.008) # describe DC_GIF_HTML_RATIO Low rawbody to GIF pixel area ratio # using exact size match to identify things like screenshots # body __SCREEN_640x480 eval:image_size_exact('all',800,600) # body __SCREEN_800x600 eval:image_size_exact('all',800,600) # body __SCREEN_1024x768 eval:image_size_exact('all',1024,768) # body __SCREEN_1280x1024 eval:image_size_exact('all',1280,1024) # meta DC_SCREENSHOT_JPG ( __SCREEN_640x480 || __SCREEN_800x600 || __SCREEN_1024x768 || __SCREEN_1280x1024 ) # describe DC_SCREENSHOT_JPG Contains image matching common screen resolution # score DC_SCREENSHOT_JPG -0.01 # you can do minimum demension matches # body DC_GIF_300 eval:image_size_range('gif',300,300) # describe DC_GIF_300 Contains a 300x300 pixels gif or larger # score DC_GIF_300 0.01 # you can do ranged demension matches # body DC_JPEG_200_300 eval:image_size_range('gif', 200, 300, 250, 350) # describe DC_JPEG_200_300 Contains jpeg 200-250 (high) x 300-350 (wide) # score DC_JPEG_200_300 0.01 # you can count the number of images (all or by image type) body __GIF_ATTACH_1 eval:image_count('gif','1','1') body __GIF_ATTACH_2P eval:image_count('gif','2') body __PNG_ATTACH_1 eval:image_count('png','1','1') body __PNG_ATTACH_2P eval:image_count('png','2') body __JPEG_ATTACH_1 eval:image_count('jpeg',1,1) body __JPEG_ATTACH_2P eval:image_count('jpeg',2) # you can determine pixel coverage (all or by image type) body __GIF_AREA_180K eval:pixel_coverage('gif','180000','475000') body __PNG_AREA_180K eval:pixel_coverage('png','180000','475000') # body __JPEG_AREA_180K eval:pixel_coverage('jpeg',180000,475000) # meta together something useful meta DC_GIF_UNO_LARGO ( __GIF_ATTACH_1 && __GIF_AREA_180K ) describe DC_GIF_UNO_LARGO Message contains a single large gif image meta __DC_GIF_MULTI_LARGO ( __GIF_ATTACH_2P && __GIF_AREA_180K ) describe __DC_GIF_MULTI_LARGO Message has 2+ inline gif covering lots of area meta DC_PNG_UNO_LARGO ( __PNG_ATTACH_1 && __PNG_AREA_180K ) describe DC_PNG_UNO_LARGO Message contains a single large png image meta __DC_PNG_MULTI_LARGO ( __PNG_ATTACH_2P && __PNG_AREA_180K ) describe __DC_PNG_MULTI_LARGO Message has 2+ png images covering lots of area # meta DC_JPEG_UNO_LARGO ( __JPEG_ATTACH_1 && __JPEG_AREA_180K ) # describe DC_JPEG_UNO_LARGO Message hash single large jpeg image # meta DC_JPEG_MULTI_LARGO ( __JPEG_ATTACH_2P && __JPEG_AREA_180K ) # describe DC_JPEG_MULTI_LARGO Message has 2+ jpeg images covering lots of area meta DC_IMAGE_SPAM_TEXT ( !__HAS_URI && __DC_IMG_TEXT_RATIO && ( DC_GIF_UNO_LARGO || DC_PNG_UNO_LARGO || __DC_GIF_MULTI_LARGO || __DC_PNG_MULTI_LARGO )) describe DC_IMAGE_SPAM_TEXT Possible Image-only spam with little text # meta the stock rules together for HTML_IMAGE_ONLY_* meta __HTML_IMG_ONLY ( HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 ) meta DC_IMAGE_SPAM_HTML (!__HAS_URI && ( __HTML_IMG_ONLY || __DC_IMG_HTML_RATIO ) && ( DC_GIF_UNO_LARGO || DC_PNG_UNO_LARGO || __DC_GIF_MULTI_LARGO || __DC_PNG_MULTI_LARGO )) describe DC_IMAGE_SPAM_HTML Possible Image-only spam endif