403Webshell
Server IP : 103.119.228.120  /  Your IP : 18.227.0.255
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /var/lib/spamassassin/3.004003/updates_spamassassin_org/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /var/lib/spamassassin/3.004003/updates_spamassassin_org/20_drugs.cf
# SpamAssassin rules file: drug tests
#
# This ruleset is intended to detect common "pill spam" however, it is not
# appropriate for all environments. It may not be appropriate for a medical or
# pharmaceutical environment. If in doubt, adjust the scores of all the rules
# to 0.01 and see if they fire off on your daily nonspam.
#
# Please don't modify this file as your changes will be overwritten with the
# next update. Use /etc/mail/spamassassin/local.cf instead. See 'perldoc
# Mail::SpamAssassin::Conf' for details.
#
# Note: body tests are run with long lines, so be sure to limit the size of
# searches; use /.{0,30}/ instead of /.*/ to avoid huge search times.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
# 
#     http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################

require_version 3.004003

###########################################################################
# header rules
# (only use sufficiently long drug name to make name unique)

header SUBJECT_DRUG_GAP_C	Subject =~ /\bc[\sc]{0,2}i[\si]{0,2}a[\sa]{0,2}l[\sl]{0,2}i[\si]{0,2}s{1,3}\b/i
describe SUBJECT_DRUG_GAP_C	Subject contains a gappy version of 'cialis'

header SUBJECT_DRUG_GAP_L	Subject =~ /l.{0,2}e.{0,2}v.{0,2}i.{0,2}t.{0,2}r.{0,2}a/i
describe SUBJECT_DRUG_GAP_L	Subject contains a gappy version of 'levitra'


header SUBJECT_DRUG_GAP_S	Subject =~ /\bs.{0,1}o.{0,1}m.{0,1}a\b/i
describe SUBJECT_DRUG_GAP_S	Subject contains a gappy version of 'soma'

# Bug 5396 - Hits visa and random finnish words
#header SUBJECT_DRUG_GAP_VA	Subject =~ /v.{0,2}a.{0,2}l.{0,2}i.{0,2}u.{0,2}m/i
#describe SUBJECT_DRUG_GAP_VA	Subject contains a gappy version of 'valium'


header SUBJECT_DRUG_GAP_X	Subject =~ /x.{0,2}a.{0,2}n.{0,2}a.{0,2}x/i
describe SUBJECT_DRUG_GAP_X	Subject contains a gappy version of 'xanax'

###########################################################################
# body rules

body DRUG_DOSAGE		m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
describe DRUG_DOSAGE		Talks about price per dose

# jm: keep this case-sensitive, otherwise it FP's
body DRUG_ED_CAPS		/\b(?:CIALIS|LEVITRA|VIAGRA)/
describe DRUG_ED_CAPS		Mentions an E.D. drug


body DRUG_ED_SILD		/\bsildenafil\b/i
describe DRUG_ED_SILD		Talks about an E.D. drug using its chemical name

body DRUG_ED_GENERIC		/\bGeneric Viagra\b/
describe DRUG_ED_GENERIC	Mentions Generic Viagra

body DRUG_ED_ONLINE		/\bviagra .{0,25}(?:express|online|overnight)/i
describe DRUG_ED_ONLINE		Fast Viagra Delivery 

body ONLINE_PHARMACY		/\bonline pharmacy|\b(?:drugs|medications) online/i
describe ONLINE_PHARMACY	Online Pharmacy

# Updated bug 6448
body NO_PRESCRIPTION		/N[o0].{1,10}P(?:er|re)scr[i1]pt[i1][o0]n.{1,10}(?:n[e3][e3]d[e3]d|requ[1i]re|n[e3]c[e3]ssary)/i
describe NO_PRESCRIPTION	No prescription needed

# too easy
body VIA_GAP_GRA                /\bvia.gra\b/i
describe VIA_GAP_GRA            Attempts to disguise the word 'viagra'

########################################################################
# male sexual dysfunction drugs
#
# This section is undergoing improvements and I'm trying to track down a 
# FP case that seems to mostly affect technical emails.
# However, all of the test cases so far fail to match when retested.
# note: The regex /v.i.a.g.r.a/ was intentionally not used
# due to potential false positive cases with PGP signatures
# and other base-64ish stuff.
# instead other patterns are used catch non alphanumeric gapping patterns
# note: \W = "non word character"

# Note: many of the drugs named in here are brand-names and are trademarked.
# All trademarks are property of the respective owners.
#current best char substitutions
# i - [i1!|l\xEC-\xEF]
# a - [a4\xE0-\xE6@]  
# e - [e3\xE8-\xEB]
# o - [o0\xF2-\xF6]
# u - [u\xB5\xF9-\xFC] 

# v - (?:\\\/|V)
# l - [l!|1]
#plain Viagra and Cialis (used in obfu detection)
body __DRUGS_ERECTILE_V	/\bViagra\b/i
body __DRUGS_ERECTILE_C	/\bCialis\b/i
body __DRUGS_ERECTILE_L	/\bLevitra\b/i
#  obfu/plain and mis-spelled Viagra variants
body __DRUGS_ERECTILE1	/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}[xyz]?[gj][_\W]{0,3}r[_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i
body __DRUGS_ERECTILE2	/\bV(?:agira|igara|iaggra|iaegra)\b/i
#  cialis variants (spelling correct now)
# note: the rather strange pre-amble is to avoid FPs on french words containing high-ascii chars surrounding
# "cialis".
# try to avoid FPs on "specialist"
body __DRUGS_ERECTILE3 /(?:\A|[\s\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])[_\W]{0,3}(?!cialist|c i a l i s t)C[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}l?[l!|1][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}s[_\W]{0,3}(?:\b|\s)/i
body __DRUGS_ERECTILE4	/\bC(?:alis|ilias|ilais)\b/i
# generic names
#sildenafil citrate
body __DRUGS_ERECTILE5	/\b_{0,3}s[_\W]?[i1!|l\xEC-\xEF][_\W]?l[_\W]?d[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?f[_\W]?[i1!|l\xEC-\xEF][_\W]?l c[_\W]?[i1!|l\xEC-\xEF][_\W]?t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?t[_\W]?[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i
#Levitra
body __DRUGS_ERECTILE6	/\b_{0,3}L[_\W]?[e3\xE8-\xEB][_\W]?(?:\\\/|V)[_\W]?[i1!|l\xEC-\xEF][_\W]?t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?(?:\b|\s)/i
#tadalafil
body __DRUGS_ERECTILE8 /\b_{0,3}T[_\W]?[a4\xE0-\xE6@][_\W]?d[_\W]?[a4\xE0-\xE6@][_\W]?l[_\W]?[a4\xE0-\xE6@][_\W]?f[_\W]?[i1!|l\xEC-\xEF][_\W]?l_{0,3}\b/i
# gapped/obfu viagra variants using funky html-style character codes
rawbody __DRUGS_ERECTILE10   /\b_{0,3}V[_\W]?(?:i|\&iuml\;)[_\W]?(?:a|\&agrave|\&aring)\;?[_\W]?g[_\W]?r[_\W]?(?:a|\&agrave|\&aring)\b/i
#apcalis - a generic of cialis
body __DRUGS_ERECTILE11 		/(?:\b|\s)_{0,3}[a4\xE0-\xE6@][_\W]{0,3}p[_\W]{0,3}c[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}[l!|1][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}s_{0,3}\b/i
meta DRUGS_ERECTILE (__DRUGS_ERECTILE1 || __DRUGS_ERECTILE2 || __DRUGS_ERECTILE3 || __DRUGS_ERECTILE4 || __DRUGS_ERECTILE5 || __DRUGS_ERECTILE6 || __DRUGS_ERECTILE8 || __DRUGS_ERECTILE10 || __DRUGS_ERECTILE11 )
describe DRUGS_ERECTILE 	Refers to an erectile drug
meta DRUGS_ERECTILE_OBFU ( (__DRUGS_ERECTILE1 &&!__DRUGS_ERECTILE_V) || (__DRUGS_ERECTILE3 && !__DRUGS_ERECTILE_C) ||__DRUGS_ERECTILE2 || (__DRUGS_ERECTILE10 &&!__DRUGS_ERECTILE_V) || (__DRUGS_ERECTILE6 &&!__DRUGS_ERECTILE_L))
describe DRUGS_ERECTILE_OBFU 	Obfuscated reference to an erectile drug

 

#diet
body __DRUGS_DIET_PHEN	/\bphentermine\b/i
#phentermine
body __DRUGS_DIET1	/(?:\b|\s)[_\W]{0,3}p[_\W]{0,3}h[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}n[_\W]{0,3}t[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}r[_\W]{0,3}m[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}n[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}(?:\b|\s)/i
#ionamin
body __DRUGS_DIET2	/(?:\b|\s)_{0,3}[i1!|l\xEC-\xEF][_\W]?o[_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?m[_\W]?[i1!|l\xEC-\xEF][_\W]?n_{0,3}\b/i
#bontril
body __DRUGS_DIET3	/\bbontril\b/i
#phendimetrazine
body __DRUGS_DIET4	/\bphendimetrazine\b/i
#diethylpropion, generic of Tenuate, uncommon in spam
body __DRUGS_DIET5	/\bdiethylpropion\b/i
#Meridia
body __DRUGS_DIET6	/(?:\b|\s)[_\W]{0,3}M[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}r[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}d[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}(?:\b|\s)/i
#tenuate
body __DRUGS_DIET7	/\b_{0,3}t[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?u[_\W]?a[_\W]?t[_\W]?[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i
#didrex
body __DRUGS_DIET8	/\b_{0,3}d[_\W]?[i1!|l\xEC-\xEF][_\W]?d[_\W]?r[_\W][e3\xE8-\xEB[_\W]?xx?_{0,3}\b/i
#adipex
body __DRUGS_DIET9	/\b_{0,3}a[_\W]?d[_\W]?[i1!|l\xEC-\xEF][_\W]?p[_\W]?[e3\xE8-\xEB][_\W]?x_{0,3}\b/i
#xenical
body __DRUGS_DIET10	/\b_{0,3}x?x[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?[i1!|l\xEC-\xEF][_\W]?c[_\W]?[a4\xE0-\xE6@][_\W]?l_{0,3}\b/i
meta DRUGS_DIET (__DRUGS_DIET1 || __DRUGS_DIET2 || __DRUGS_DIET3 || __DRUGS_DIET4 ||__DRUGS_DIET5 ||__DRUGS_DIET6 ||__DRUGS_DIET7 ||__DRUGS_DIET8 || __DRUGS_DIET9 || __DRUGS_DIET10 )
describe DRUGS_DIET 	Refers to a diet drug
meta DRUGS_DIET_OBFU (__DRUGS_DIET1 && !__DRUGS_DIET_PHEN)
describe DRUGS_DIET_OBFU	Obfuscated reference to a diet drug	

# pain relief drugs
body __DRUGS_PAIN_VICO	/vicodin/i
body __DRUGS_PAIN_VIOXX	/vioxx/i
body __DRUGS_PAIN_FIO	/fioricet/i
body __DRUGS_PAIN1	/\b_{0,3}h[_\W]?y[_\W]?d[_\W]?r[_\W]?[o0\xF2-\xF6][_\W]?c[_\W]?[o0\xF2-\xF6][_\W]?d[_\W]?[o0\xF2-\xF6][_\W]?n[_\W]?e_{0,3}\b/i
body __DRUGS_PAIN2	/\b_{0,3}c[o0\xF2-\xF6]deine_{0,3}\b/i
#ultram
body __DRUGS_PAIN3	/(?:\b|\s)[_\W]{0,3}[u\xB5\xF9-\xFC][_\W]{0,3}l[_\W]{0,3}t[_\W]{0,3}r[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}m_{0,3}\b/i
#vicodin
body __DRUGS_PAIN4	/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}c[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}d[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}ns?[_\W]{0,3}(?:\b|\s)/i
#tramadol
body __DRUGS_PAIN5	/\b_{0,3}t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?m[_\W]?[a4\xE0-\xE6@][_\W]?d[_\W]?[o0\xF2-\xF6][_\W]?[l!|1]_{0,3}\b/i
# ultracet, uncommon in spam.
body __DRUGS_PAIN6	/\b_{0,3}u[_\W]?l[_\W]?t[_\W]?r[_\W]?a[_\W]?c[_\W]?e[_\W]?t_{0,3}\b/i
#fioricet 
body __DRUGS_PAIN7	/\b_{0,3}f[_\W]?[i1!|l\xEC-\xEF][_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?[i1!|l\xEC-\xEF][_\W]?c[_\W]?[e3\xE8-\xEB][_\W]?[t7]_{0,3}\b/i
#celebrex
body __DRUGS_PAIN8	/\b_{0,3}c[_\W]?[e3\xE8-\xEB][_\W]?l[_\W]?[e3\xE8-\xEB][_\W]?b[_\W]?r[_\W]?[e3\xE8-\xEB][_\W]?x_{0,3}\b/i
#imitrex
body __DRUGS_PAIN9	/(?:\b|\s)_{0,3}[i1!|l\xEC-\xEF]m[i1!|l\xEC-\xEF]tr[e3\xE8-\xEB]x_{0,3}\b/i
#vioxx 
body __DRUGS_PAIN10	/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}x[_\W]{0,3}xx?_{0,3}\b/i
#zebutal, uncommon in spam.
body __DRUGS_PAIN11	/\bzebutal\b/i
#esgic plus, uncommon in spam.
body __DRUGS_PAIN12	/\besgic plus\b/i
#Darvon - a prescription narcotic
body __DRUGS_PAIN13	/\bD[_\W]?[a4\xE0-\xE6@][_\W]?r[_\W]?v[_\W]?[o0\xF2-\xF6][_\W]?n\b/i
body __DRUGS_PAIN14  /N[o0\xF2-\xF6]rc[o0\xF2-\xF6]/i
meta __DRUGS_PAIN (__DRUGS_PAIN1 || __DRUGS_PAIN2 || __DRUGS_PAIN3 || __DRUGS_PAIN4 ||__DRUGS_PAIN5 ||__DRUGS_PAIN6 ||__DRUGS_PAIN7 ||__DRUGS_PAIN8 || __DRUGS_PAIN9 || __DRUGS_PAIN10|| __DRUGS_PAIN11 || __DRUGS_PAIN12 || __DRUGS_PAIN13 ||__DRUGS_PAIN14)
#sleep aids
#ativan and lorazepam already under anxiety
#Ambien, brand of zolpidem tartrate
body __DRUGS_SLEEP1	/(?:\b|\s)[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}m[_\W]{0,3}b[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}n[_\W]{0,3}(?:\b|\s)/i
#sonata, brand of zaleplon
body __DRUGS_SLEEP2	/(?:\b|\s)[_\W]{0,3}S[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}n[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}t[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}(?:\b|\s)/i
#Restoril, brand of temazepam, uncommon in spam
body __DRUGS_SLEEP3	/\b_{0,3}R[_\W]?[e3\xE8-\xEB][_\W]?s[_\W]?t[_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?i[_\W]?l_{0,3}\b/i
#Halcion, brand of triazolam
body __DRUGS_SLEEP4	/\b_{0,3}H[_\W]?[a4\xE0-\xE6@][_\W]?l[_\W]?c[_\W]?i[_\W]?[o0\xF2-\xF6][_\W]?n_{0,3}\b/i

meta __DRUGS_SLEEP (__DRUGS_SLEEP1 || __DRUGS_SLEEP2 || __DRUGS_SLEEP3 ||__DRUGS_SLEEP4)

#muscle relaxants
#soma - removed due to Bug 7612
#body __DRUGS_MUSCLE1	/(?:\b|\s)[_\W]{0,3}s[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}m[_\W]{0,3}[a4\xE0-\xE3\xE5\xE6@][_\W]{0,3}(?:\b|\s)/i
#cyclobenzaprine
body __DRUGS_MUSCLE2	/\b_{0,3}cycl[o0\xF2-\xF6]b[e3\xE8-\xEB]nz[a4\xE0-\xE6@]pr[i1!|l\xEC-\xEF]n[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i
#flexeril
body __DRUGS_MUSCLE3	/\b_{0,3}f[_\W]?l[_\W]?[e3\xE8-\xEB][_\W]?x[_\W]?[e3\xE8-\xEB][_\W]?r[_\W]?[i1!|l\xEC-\xEF]_{0,3}[_\W]?l_{0,3}\b/i
#zanaflex
body __DRUGS_MUSCLE4	/\b_{0,3}z[_\W]?a[_\W]?n[_\W]?a[_\W]?f[_\W]?l[_\W]?e[_\W]?x_{0,3}\b/i
#skelaxin
body __DRUGS_MUSCLE5	/\bskelaxin\b/i
meta DRUGS_MUSCLE (__DRUGS_MUSCLE2 || __DRUGS_MUSCLE3 || __DRUGS_MUSCLE4 ||__DRUGS_MUSCLE5 )
describe DRUGS_MUSCLE 	Refers to a muscle relaxant
#anti-anxiety
#these two rules are used to differentiate between obfu and non-obfu spellings
body __DRUGS_ANXIETY_XAN	/xan[ae]x/i
body __DRUGS_ANXIETY_VAL	/valium/i
#xanax - note: second a sometimes done as e.
body __DRUGS_ANXIETY1	/(?:\b|\s)[_\W]{0,3}x?x[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}n[_\W]{0,3}[ea4\xE1\xE2\xE3@][_\W]{0,3}xx?_{0,3}\b/i
#alprazolam
body __DRUGS_ANXIETY2	/\bAlprazolam\b/i
#valium
body __DRUGS_ANXIETY3	/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}[l|][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[u\xB5\xF9-\xFC][_\W]{0,3}m\b/i
#diazepam, generic of valium
body __DRUGS_ANXIETY4	/\b_{0,3}D[_\W]?[i1!|l\xEC-\xEF][_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?[ea3\xE9\xEA\xEB][_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m_{0,3}\b/i
#ativan
body __DRUGS_ANXIETY5	/(?:\b|\s)[a4\xE0-\xE6@][_\W]?t[_\W]?[i1!|l\xEC-\xEF][_\W]?v[_\W]?[a4\xE0-\xE6@][_\W]?n_{0,3}\b/i
#lorazepam - generic of ativan, uncommon in spam
body __DRUGS_ANXIETY6	/\b_{0,3}l[_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?[e3\xE8-\xEB][_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m_{0,3}\b/i
#clonazepam, generic.
body __DRUGS_ANXIETY7	/\b_{0,3}c[_\W]?l[_\W]?[o0\xF2-\xF6][_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?e[_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m\b/i
#klonopin, brand of clonazepam, uncommon in spam
body __DRUGS_ANXIETY8	/\bklonopin\b/i
#rivotril, brand of clonazepam, uncommon in spam
body __DRUGS_ANXIETY9	/\brivotril\b/i
meta DRUGS_ANXIETY (__DRUGS_ANXIETY1 || __DRUGS_ANXIETY2 || __DRUGS_ANXIETY3 || __DRUGS_ANXIETY4 ||__DRUGS_ANXIETY5 ||__DRUGS_ANXIETY6 ||__DRUGS_ANXIETY7 ||__DRUGS_ANXIETY8 || __DRUGS_ANXIETY9 )
describe DRUGS_ANXIETY 	Refers to an anxiety control drug
meta DRUGS_ANXIETY_OBFU ( (__DRUGS_ANXIETY1 &&! __DRUGS_ANXIETY_XAN) || (__DRUGS_ANXIETY3 && !__DRUGS_ANXIETY_VAL))
describe DRUGS_ANXIETY_OBFU 	Obfuscated reference to an anxiety control drug

body DRUGS_SMEAR1		/(?:Viagra|Valium|Xanax|Soma|Cialis){2}/i
describe DRUGS_SMEAR1	Two or more drugs crammed together into one word

#search for "weird" combinations that are unlikely to 
#be prescribed together for a single event, thus unlikely to be
#mentioned in the same email, except an online pharmacy ad.
meta DRUGS_ANXIETY_EREC (DRUGS_ERECTILE && DRUGS_ANXIETY)
describe DRUGS_ANXIETY_EREC 	Refers to both an erectile and an anxiety drug
meta DRUGS_SLEEP_EREC	(DRUGS_ERECTILE && __DRUGS_SLEEP)
describe DRUGS_SLEEP_EREC 	Refers to both an erectile and a sleep aid drug

# note: some 3 item combos are "normal" ie: a patient might legitimately
# be prescribed depression, anxiety and sleep aid drugs all at once.
# however, I know of no "normal" 4-item combinations.
meta DRUGS_MANYKINDS	(DRUGS_ERECTILE + DRUGS_DIET + __DRUGS_PAIN + __DRUGS_SLEEP + DRUGS_MUSCLE + DRUGS_ANXIETY > 3)
describe DRUGS_MANYKINDS 	Refers to at least four kinds of drugs

########################################################################


Youez - 2016 - github.com/yon3zu
LinuXploit