403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.12.34.209
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /var/lib/spamassassin/3.004002/updates_spamassassin_org/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_vbounce.cf
# A virus-bounce ruleset, suitable for use by anyone receiving a lot of joe-job
# virus-blowback, or spam-blowback bounce messages.
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use /etc/mail/spamassassin/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
#
# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.
#
# You should also add 'whitelist_bounce_relays' lines, describing the names of
# your own outgoing mail relays, like so:
#
#   whitelist_bounce_relays       dogma.boxhost.net
#
# This is used to 'rescue' legitimate bounce messages that were generated in
# response to mail you really *did* send.  If you don't do this, the
# "BOUNCE_MESSAGE" rule will not fire.  See 'perldoc VBounce.pm' for more
# details.
#
# This ruleset is substantially based on
# https://www.timj.co.uk/linux/bogus-virus-warnings.cf ; the main difference is
# that I (jm) prefer to keep bounces and spam separate, so it now uses a single
# rule for each type of message, instead of having multiple individual rules
# with high scores.  That way, you can spot the individual rule names, as
# described in the paragraph above. There's a couple of rules that were FPing,
# too, so I fixed or removed them; and there's been substantial additions, too.
#
###########################################################################

ifplugin Mail::SpamAssassin::Plugin::VBounce

body __MY_SERVERS_FOUND       eval:check_whitelist_bounce_relays()
body __HAVE_BOUNCE_RELAYS     eval:have_any_bounce_relays()

endif

# ---------------------------------------------------------------------------
# General bounce messages

header __BOUNCE_FROM_DAEMON   From =~ /(?:^(?:mail\S+daemon|d[ae][ae]mon|majordomo|postmaster|automated-response|mailadmin|mailmaster|surfcontrol|You_Got_Spammed|SMTP.gateway)\@|scanner\S*\@|<>)/i

header __BOUNCE_RPATH_NULL    Return-Path =~ /<>/
header __BOUNCE_READ_NOTIFICATION   Subject =~ /^Read: /

header __BOUNCE_RPATH_MD      Return-Path =~ /(?:mailer-(?:daemon|deamon)|quotaagent|pleaseforward|autoresponder|autoresponse-\S+|devnull\S*)\@/i

# can appear in non-bounce mails with __XM_VBULLETIN,
# or with X-Cron-Env headers, so exclude those cases
header __XM_VBULLETIN   X-Mailer =~ /^vBulletin Mail/
header __X_CRON_ENV     X-Cron-Env =~ /^</

header __AUTO_GEN_MS    exists:X-MS-Embedded-Report
header __AUTO_GEN_AG    exists:X-autogenerated
header __AUTO_GEN_CM    exists:X-Choicemail-Registration-Request
header __AUTO_GEN_3     X-MailScanner =~ /generated/
header __AUTO_GEN_4     X-Mailer =~ /autoresponder/i
header __AUTO_GEN_XXSP  X-XSP-Msgclass =~ /NOTIFICATION/
header __AUTO_GEN_PREC  Precedence =~ /auto/
meta __BOUNCE_AUTO_GENERATED     ((__AUTO_GEN_MS||__AUTO_GEN_3||__AUTO_GEN_4||__AUTO_GEN_AG||__AUTO_GEN_XXSP ||__AUTO_GEN_CM||__AUTO_GEN_PREC) && !__XM_VBULLETIN && !__X_CRON_ENV)

header __BOUNCE_Y_AUTOGEN     Subject =~ /^Yahoo! Auto Response/
header __BOUNCE_SYMANTEC      Subject =~ /^Returned mail.{0,5}(?:Error During Delivery|see transcript for details|)$/i
header __BOUNCE_X_ERR_STAT    X-Error-Status =~ /User unknown/
header   __BOUNCE_RETURNED Subject =~ /^Returned mail: (?:User unknown|unreachable recipients)/
header   __BOUNCE_MAILDELFAIL Subject =~ /^Mail delivery failed: /
header   __BOUNCE_MSGDELFAIL Subject =~ /^Message Delivery Failure/
body     __BOUNCE_ESMTP /^This messages was created automatically by mail delivery software/
# JM: prev versions used "automaticly", that was a typo

body  __BOUNCE_NEVER_SEE  /\bThis is an autoresponder. I'll never see your message\b/i
body  __BOUNCE_NONWORKING  /\bYou have reached a non.?working address.  Please check\b/i

header   __BOUNCE_UNDELIVERABLE Subject =~ /^Undeliverable(?: -|:) /
header   __BOUNCE_UNDELIVERABLE_ML Subject =~ /^Undeliver(?:able|ed) Mail\b/
header   __BOUNCE_NOTDEL Subject =~ /^MESSAGE NOT DELIVERED: /
header   __BOUNCE_ADDR_ERR Subject =~ /^e-mail addressing error \(/
header   __BOUNCE_NO_VAL Subject =~ /^No valid recipient in /
header   __BOUNCE_DATA_FORMAT Subject =~ /^Returned mail: Data format error$/
header   __BOUNCE_COULD_NOT Subject =~ /^Mail could not be delivered$/
header   __BOUNCE_UNDEL_MSG Subject =~ /^Undeliverable (?:Message|Mail)$/
header   __BOUNCE_CTYPE Content-Type =~ /\bmultipart\/report\b/
header   __BOUNCE_DEL_FAIL  Subject =~ /^Delivery Failure Notification/
header   __BOUNCE_STAT_FAIL Subject =~ /^Delivery Status Notification/

header __BOUNCE_NOTIF Subject =~ /^Notification d\'.tat de la distribution$/
header __BOUNCE_RET_MAIL Subject =~ /^Returned Mail$/
header __BOUNCE_DEL_FAIL Subject =~ /^DELIVERY FAILURE/i
header __BOUNCE_MAIL_DEL_FAIL Subject =~ /^Mail Delivery Failure$/

header __NONBOUNCE_READ_RECEIPT_CTYPE Content-Type =~ /\breport-type=disposition-notification\b/
# bug 6051, some bounces *do* use that ctype
header __YESBOUNCE_AUTO_REPLIED_REJ  Auto-Submitted =~ /^auto-replied \(rejected\)/
meta __NONBOUNCE_READ_RECEIPT   (__NONBOUNCE_READ_RECEIPT_CTYPE && !__YESBOUNCE_AUTO_REPLIED_REJ)

# Return-path: <delete@errmail.kagoya.net>
# 'Invalid e-mail address.'
header __BOUNCE_RPATH_ERRMAIL Return-Path =~ /delete\@errmail\./i

header __BOUNCE_AUTO_RESPOND  Subject =~ /^(?:Automatically Generated Response from |Auto-Respond E-Mail from )/
header __BOUNCE_AUTO_RESPONSE Subject =~ /^automated response$/i
body __BOUNCE_ETRUST    /^eTrust Secure Content Manager SMTPMAIL could not deliver the e-mail /
header __BOUNCE_INTERSCAN   From =~ /\bInterscan MSS Notification\b/

body __BOUNCE_NO_RESEND  /\bPlease do not resend your original message\./

header   __BOUNCE_AUTO_REPLY Subject =~ /\b(automatic reply|AutoReply)\b/

meta BOUNCE_MESSAGE         __HAVE_BOUNCE_RELAYS && !OOOBOUNCE_MESSAGE && !__MY_SERVERS_FOUND && !ALL_TRUSTED && !__NONBOUNCE_READ_RECEIPT && (__BOUNCE_FROM_DAEMON || (__BOUNCE_RPATH_NULL && !__BOUNCE_READ_NOTIFICATION) || __BOUNCE_RPATH_MD || __BOUNCE_AUTO_GENERATED || __BOUNCE_Y_AUTOGEN || __BOUNCE_SYMANTEC || __BOUNCE_X_ERR_STAT || __BOUNCE_RETURNED || __BOUNCE_MAILDELFAIL || __BOUNCE_MSGDELFAIL || __BOUNCE_ESMTP || __BOUNCE_NEVER_SEE || __BOUNCE_NONWORKING || __BOUNCE_UNDELIVERABLE || __BOUNCE_UNDELIVERABLE_ML || __BOUNCE_NOTDEL || __BOUNCE_CTYPE || __BOUNCE_DEL_FAIL || __BOUNCE_STAT_FAIL || __BOUNCE_ADDR_ERR || __BOUNCE_NO_VAL || __BOUNCE_DATA_FORMAT || __BOUNCE_COULD_NOT || __BOUNCE_UNDEL_MSG || __BOUNCE_RPATH_ERRMAIL || __BOUNCE_INTERSCAN || __BOUNCE_ETRUST || __BOUNCE_AUTO_RESPONSE || __BOUNCE_AUTO_RESPOND || __BOUNCE_NO_RESEND || __BOUNCE_NOTIF || __BOUNCE_RET_MAIL || __BOUNCE_DEL_FAIL || __BOUNCE_MAIL_DEL_FAIL || __BOUNCE_AUTO_REPLY)

describe BOUNCE_MESSAGE     MTA bounce message

# ---------------------------------------------------------------------------
# Out Of Office bounces

# Do not use subject/body rules without checking for autoreply headers also
header __AUTOREPLY_XAR  X-Autoreply =~ /\byes/i
header __AUTOREPLY_PRE  Precedence =~ /\bauto_reply/i
header __AUTOREPLY_XPR  X-Precedence =~ /\bauto_reply/i
header __AUTOREPLY_ASU  Auto-Submitted =~ /\bauto-(?:replied|generated)(?! \(rejected\))/i
meta __BOUNCE_OOO_ARHDR  __AUTOREPLY_XAR || __AUTOREPLY_PRE || __AUTOREPLY_XPR || __AUTOREPLY_ASU

# Standalone subjects that are clearly out of office
header __BOUNCE_OOO_S1  Subject =~ /^R.ponse automatique d'absence du bureau/
header __BOUNCE_OOO_S2  Subject =~ / \(away from the office\)$/
header __BOUNCE_OOO_S3  Subject =~ /^Out Of Office\b/
meta __BOUNCE_OOO_SUBJECT  __BOUNCE_OOO_S1 || __BOUNCE_OOO_S2 || __BOUNCE_OOO_S3

# Standalone body clauses that are clearly out of office
body  __BOUNCE_OOO_B1  /\bI ?.m away until .{10,20} and am unable to read your message\b/
body  __BOUNCE_OOO_B2  /\bI am currently out of the office\b/
meta __BOUNCE_OOO_BODY  __BOUNCE_OOO_B1 || __BOUNCE_OOO_B2

# Combined subject+body checks
header __BOUNCE_OOO_CS1  Subject =~ /^Automa(?:tic reply|attinen vastaus|tisch antwoord):/
body __BOUNCE_OOO_CB1  /\bout of (?:the )?office\b/i
body __BOUNCE_OOO_CB2  /\bon (?:vacation|holiday)\b/i
body __BOUNCE_OOO_CB3  /\bolen lomalla\b/i
body __BOUNCE_OOO_CB4  /\breturn to (?:the )?office\b/i
meta __BOUNCE_OOO_SUBJBODY  __BOUNCE_OOO_CS1 && (__BOUNCE_OOO_CB1 || __BOUNCE_OOO_CB2 || __BOUNCE_OOO_CB3 || __BOUNCE_OOO_CB4)

meta OOOBOUNCE_MESSAGE  __BOUNCE_OOO_ARHDR && (__BOUNCE_OOO_SUBJECT || __BOUNCE_OOO_BODY || __BOUNCE_OOO_SUBJBODY)

describe OOOBOUNCE_MESSAGE  Out Of Office bounce message

# ---------------------------------------------------------------------------
# Challenge/Response bounces

header __CRBOUNCE_UOL     From =~ /\bAntiSpam UOL\b/
header __CRBOUNCE_VERIF   Subject =~ /^(?:Your email requires verification verify:\S|Please Verify Your Email Address)/
header __CRBOUNCE_RP      Return-Path =~ /<(?:spamblocker-challenge|spambush|apd\.sspam|spamhippo|devnull-quarantine)\@/i
header __CRBOUNCE_RP_2    Return-Path =~ /\@(?:spamstomp\.com|ipermitmail\.com)>$/i
header __CRBOUNCE_VANQ    From =~ /<confirm-\S+\@spamguard\.vanquish\.com>/
header __CRBOUNCE_QURB    Subject =~ /\[Qurb .\d+\]$/

uri __CRBOUNCE_0SPAM1    /^http:\/\/www\.0spam\.com\/v/
header __CRBOUNCE_0SPAM2 From:addr =~ /^verify\@0spam.com$/
meta __CRBOUNCE_0SPAM    (__CRBOUNCE_0SPAM1 && __CRBOUNCE_0SPAM2)

header __CRBOUNCE_SPAMARREST exists:X-Spamarrest-noauth

# https://mailinblack.com , a French C/R system with no other reliable
# signatures.  annoying!
header __CRBOUNCE_MIB    Content-Type =~ /mUlTiPaRtBoUnDaRy_MailInBlack/

uri __CRBOUNCE_SI1    m,^http://si20.com/auth,
header __CRBOUNCE_SI2 From:addr =~ /^siweb\@si20\.com/
meta __CRBOUNCE_SI    (__CRBOUNCE_SI1 && __CRBOUNCE_SI2)

# very frequent, using unrelated From lines; either spam or C/R, not yet
# sure which
header __CRBOUNCE_GETRESP Return-Path =~ /<bounce\S+\@\S+\.getresponse\.com>/

header __CRBOUNCE_TMDA  Message-Id =~ /\@\S+\-tmda\-confirm>$/
header __CRBOUNCE_ASK   X-AskVersion =~ /\d/
header __CRBOUNCE_SZ    X-Spamazoid-MD =~ /\d/
header __CRBOUNCE_SPAMLION Spamlion =~ /\S/

# something called /cgi-bin/notaspammer does this!
header __CRBOUNCE_PREC_SPAM  Precedence =~ /spam/

header __AUTO_GEN_XBT   exists:X-Boxtrapper
header __AUTO_GEN_BBTL  exists:X-Bluebottle-Request
meta __CRBOUNCE_HEADER    (__AUTO_GEN_XBT || __AUTO_GEN_BBTL)

header __CRBOUNCE_EXI   X-ExiSpam =~ /ExiSpam/

header __CRBOUNCE_UNVERIF   Subject =~ /^Unverified email to /
header __CRBOUNCE_BLOCKED   Subject =~ /^\*\*Message you sent blocked by our bulk email filter\*\*$/

meta __CHALLENGE_RESPONSE     __CRBOUNCE_UOL || __CRBOUNCE_VERIF || __CRBOUNCE_RP || __CRBOUNCE_VANQ || __CRBOUNCE_HEADER || __CRBOUNCE_QURB || __CRBOUNCE_0SPAM || __CRBOUNCE_GETRESP || __CRBOUNCE_TMDA || __CRBOUNCE_ASK || __CRBOUNCE_EXI || __CRBOUNCE_PREC_SPAM || __CRBOUNCE_SZ || __CRBOUNCE_SPAMLION || __CRBOUNCE_MIB || __CRBOUNCE_SI || __CRBOUNCE_UNVERIF || __CRBOUNCE_RP_2 || __CRBOUNCE_BLOCKED || __CRBOUNCE_SPAMARREST
meta CHALLENGE_RESPONSE      __MY_SERVERS_FOUND && __CHALLENGE_RESPONSE
describe CHALLENGE_RESPONSE  Challenge-Response message for mail you sent

meta CRBOUNCE_MESSAGE       !__MY_SERVERS_FOUND && __CHALLENGE_RESPONSE
describe CRBOUNCE_MESSAGE   Challenge-Response bounce message

# ---------------------------------------------------------------------------
# "Virus found in your mail" bounces

# source: VirusBounceRules from the exit0 SA wiki

body __VBOUNCE_EXIM      /a potentially executable attachment /
body __VBOUNCE_STRIP_ATTACH  /\bhas stripped one or more attachments from the following message\b/
body __VBOUNCE_GUIN      /message contains file attachments that are not permitted/
body __VBOUNCE_CISCO     /^Found virus \S+ in file \S/m
body __VBOUNCE_SMTP      /host \S+ said: 5\d\d\s+Error: Message content rejected/
body __VBOUNCE_AOL       /TRANSACTION FAILED - Unrepairable Virus Detected. /
body __VBOUNCE_DUTCH     /bevatte bijlage besmet welke besmet was met een virus/
body __VBOUNCE_MAILMARSHAL       /Mail.?Marshal Rule: Inbound Messages : Block Dangerous Attachments/
header __VBOUNCE_MAILMARSHAL2    Subject =~ /^MailMarshal has detected possible spam in your message/
header __VBOUNCE_NAVFAIL   Subject =~ /^Norton Anti.?Virus failed to scan an attachment in a message you sent/
header __VBOUNCE_REJECTED   Subject =~ /^EMAIL REJECTED$/
header __VBOUNCE_PROBLEME   Subject:raw =~ /^=?iso-8859-1?Q?Messagerie_.{1,100}_=3A_probl=E8me_de_s=E9curit=E9=2E?=/
header __VBOUNCE_NAV   Subject =~ /^Norton Anti.?Virus detected and quarantined/
header __VBOUNCE_MELDING   Subject =~ /^Virusmelding$/
body __VBOUNCE_VALERT      /The mail message \S+ \S+ you sent to \S+ contains the virus/
body __VBOUNCE_REJ_FILT    /Reason: Rejected by filter/
header __VBOUNCE_YOUSENT   Subject =~ /^Warning - You sent a Virus Infected Email to /
body __VBOUNCE_MAILSWEEP   /MAILsweeper has found that a \S+ \S+ \S+ \S+ one or more virus/
header   __VBOUNCE_SCREENSAVER Subject =~ /\b(?:Re: ?)Wicked screensaver\b/i
header   __VBOUNCE_DISALLOWED Subject =~ /^Disallowed attachment type found/
header   __VBOUNCE_FROMPT From =~ /Security.?Scan Anti.?Virus/
header   __VBOUNCE_WARNING Subject =~ /^Warning:\s*E-?mail virus(es)? detected/i
header   __VBOUNCE_DETECTED Subject =~ /^Virus detected /i
header   __VBOUNCE_INTERSCAN Subject =~ /^Failed to clean virus\b/i
header   __VBOUNCE_VIOLATION Subject =~ /^Content violation/i
header   __VBOUNCE_ALERT Subject =~ /^Virus Alert\b/i
header   __VBOUNCE_NAV2 Subject =~ /^NAV detected a virus in a document /
body      __VBOUNCE_NAV3 /^Reporting-MTA: Norton Anti.?Virus Gateway/
header   __VBOUNCE_INTERSCAN2 Subject =~ /^InterScan MSS for SMTP has delivered a message/
header   __VBOUNCE_INTERSCAN3 Subject =~ /^InterScan NT Alert/
header   __VBOUNCE_ANTIGEN Subject =~ /^Antigen found\b/i
header   __VBOUNCE_LUTHER From =~ /\blutherh\@stratcom.com\b/
header   __VBOUNCE_AMAVISD Subject =~ /^VIRUS IN YOUR MAIL /i
body     __VBOUNCE_AMAVISD2 /\bV I R U S\b/
header __VBOUNCE_GSHIELD Subject =~ /^McAfee GroupShield Alert/

# off: got an FP in a simple forward
# rawbody  __VBOUNCE_SUBJ_IN_MAIL /^\s*Subject:\s*(Re: )*((my|your) )?(application|details)/i
# rawbody  __VBOUNCE_SUBJ_IN_MAIL2 /^\s*Subject:\s*(Re: )*(Thank you!?|That movie|Wicked screensaver|Approved)/i

header __VBOUNCE_SCANMAIL Subject =~ /^Scan.?Mail Message: .{0,30} virus found /i
header __VBOUNCE_DOMINO1 Subject =~ /^Report to Sender/
body __VBOUNCE_DOMINO2 /^Incident Information:/
header __VBOUNCE_RAV Subject =~ /^RAV Anti.?Virus scan results/

body __VBOUNCE_ATTACHMENT0     /(?:Attachment.{0,40}was Deleted|the infected attachment)/
# Bart says: it appears that _ATTACHMENT0 is an alternate for _NAV -- both match the same messages.

body __VBOUNCE_AVREPORT0       /(antivirus system report|the antivirus module has|illegal attachment|Unrepairable Virus Detected)/i
header __VBOUNCE_SENDER       Subject =~ /^Virus to sender/
body __VBOUNCE_MAILSWEEP2     /\bblocked by Mailsweeper\b/i

header __VBOUNCE_MAILSWEEP3   From =~ /\bmailsweeper\b/i
# Bart says: This one could replace both MAILSWEEP2 and MAILSWEEP as far as I can tell.
#            Perhaps it's too general?

body __VBOUNCE_CLICKBANK      /\bvirus scanner deleted your message\b/i
header __VBOUNCE_FORBIDDEN    Subject =~ /\bFile type Forbidden\b/
header   __VBOUNCE_MMS        Subject =~ /^MMS Notification/
# added by JoeyKelly

header __VBOUNCE_JMAIL Subject =~ /^Message Undeliverable: Possible Junk\/Spam Mail Identified$/

body __VBOUNCE_QUOTED_EXE     /> TVqQAAMAAAAEAAAA/

# majordomo is really stupid about this stuff
header __MAJORDOMO_SUBJ     Subject =~ /^Majordomo results: /
rawbody __MAJORDOMO_HELP_BODY  /\*\*\*\* Help for [mM]ajordomo\@/
rawbody __MAJORDOMO_HELP_BODY2 /\*\*\*\* Command \'.{0,80}\' not recognized\b/
meta __VBOUNCE_MAJORDOMO_HELP (__MAJORDOMO_SUBJ && __MAJORDOMO_HELP_BODY && __MAJORDOMO_HELP_BODY2)

header __VBOUNCE_AV_RESULTS   Subject =~ /AntiVirus scan results/
header __VBOUNCE_EMVD         Subject =~ /^Warning: E-mail viruses detected/
header __VBOUNCE_UNDELIV      Subject =~ /^Undeliverable mail, invalid characters in header/
header __VBOUNCE_BANNED_MAT   Subject =~ /^Banned or potentially offensive material/
header __VBOUNCE_NAV_DETECT   Subject =~ /^Norton AntiVirus detected and quarantined/
header __VBOUNCE_DEL_WARN     Subject =~ /^Delivery (?:warning|error) report id=/
header __VBOUNCE_MIME_INFO    Subject =~ /^The MIME information you requested/
header __VBOUNCE_EMAIL_REJ    Subject =~ /^EMAIL REJECTED/
header __VBOUNCE_CONT_VIOL    Subject =~ /^Content violation/
header __VBOUNCE_SYM_AVF      Subject =~ /^Symantec AVF detected /
header __VBOUNCE_SYM_EMP      Subject =~ /^Symantec E-Mail-Proxy /
header __VBOUNCE_VIR_FOUND    Subject =~ /^Virus Found in message/
header __VBOUNCE_INFLEX       Subject =~ /^Inflex scan report \[/
header __VBOUNCE_BITDEFENDER  X-Mailer =~ /^BitDefender VShield/
header __VBOUNCE_INF_ATTACH   Subject =~ /^\[Mail Delivery .{20,100} infected attachment  *removed/

header __VBOUNCE_RAPPORT      Subject =~ /^Spam rapport \/ Spam report \S+ -\s+\(\S+\)$/
header __VBOUNCE_GWAVA        Subject =~ /^GWAVA Sender Notification \(RBL block\)$/
header __VBOUNCE_GWAVA2       Subject =~ /Blocked Message \(RBL block\)$/

header __VBOUNCE_EMANAGER     Subject =~ /^\[MailServer Notification\]/
header __VBOUNCE_MSGLABS      Return-Path =~ /alert\@notification\.messagelabs\.com/i
body __VBOUNCE_ATT_QUAR       /\bThe attachment was quarantined\b/
body __VBOUNCE_SECURIQ        /\bGROUP securiQ.Wall\b/

header __VBOUNCE_PT_BLOCKED   Subject =~ /^\*\*\*\s*Mensagem Bloqueada/i

meta VBOUNCE_MESSAGE        !__MY_SERVERS_FOUND && (__VBOUNCE_MSGLABS || __VBOUNCE_EXIM || __VBOUNCE_GUIN || __VBOUNCE_CISCO || __VBOUNCE_SMTP || __VBOUNCE_AOL || __VBOUNCE_DUTCH || __VBOUNCE_MAILMARSHAL || __VBOUNCE_MAILMARSHAL2 || __VBOUNCE_NAVFAIL || __VBOUNCE_REJECTED || __VBOUNCE_PROBLEME || __VBOUNCE_NAV || __VBOUNCE_MELDING || __VBOUNCE_VALERT || __VBOUNCE_REJ_FILT || __VBOUNCE_YOUSENT || __VBOUNCE_MAILSWEEP || __VBOUNCE_SCREENSAVER || __VBOUNCE_DISALLOWED || __VBOUNCE_FROMPT || __VBOUNCE_WARNING || __VBOUNCE_DETECTED || __VBOUNCE_INTERSCAN || __VBOUNCE_VIOLATION || __VBOUNCE_ALERT || __VBOUNCE_NAV2 || __VBOUNCE_NAV3 || __VBOUNCE_INTERSCAN2 || __VBOUNCE_INTERSCAN3 || __VBOUNCE_ANTIGEN || __VBOUNCE_LUTHER || __VBOUNCE_AMAVISD || __VBOUNCE_AMAVISD2 || __VBOUNCE_SCANMAIL || __VBOUNCE_DOMINO1 || __VBOUNCE_DOMINO2 || __VBOUNCE_RAV || __VBOUNCE_GSHIELD || __VBOUNCE_ATTACHMENT0 || __VBOUNCE_AVREPORT0 || __VBOUNCE_SENDER || __VBOUNCE_MAILSWEEP2 || __VBOUNCE_MAILSWEEP3 || __VBOUNCE_CLICKBANK || __VBOUNCE_FORBIDDEN || __VBOUNCE_MMS || __VBOUNCE_QUOTED_EXE || __VBOUNCE_MAJORDOMO_HELP || __VBOUNCE_AV_RESULTS || __VBOUNCE_EMVD || __VBOUNCE_UNDELIV || __VBOUNCE_BANNED_MAT || __VBOUNCE_NAV_DETECT || __VBOUNCE_DEL_WARN || __VBOUNCE_MIME_INFO || __VBOUNCE_EMAIL_REJ || __VBOUNCE_CONT_VIOL || __VBOUNCE_SYM_AVF || __VBOUNCE_SYM_EMP || __VBOUNCE_ATT_QUAR || __VBOUNCE_SECURIQ || __VBOUNCE_VIR_FOUND || __VBOUNCE_EMANAGER || __VBOUNCE_JMAIL || __VBOUNCE_GWAVA || __VBOUNCE_GWAVA2 || __VBOUNCE_PT_BLOCKED || __VBOUNCE_INFLEX || __VBOUNCE_INF_ATTACH || __VBOUNCE_STRIP_ATTACH || __VBOUNCE_BITDEFENDER)

describe VBOUNCE_MESSAGE    Virus-scanner bounce message

# ---------------------------------------------------------------------------
# a catch-all type for all the above

meta     ANY_BOUNCE_MESSAGE (CRBOUNCE_MESSAGE||BOUNCE_MESSAGE||VBOUNCE_MESSAGE||OOOBOUNCE_MESSAGE)
describe ANY_BOUNCE_MESSAGE Message is some kind of bounce message


Youez - 2016 - github.com/yon3zu
LinuXploit