# # 2007 Victor Ustugov # header __FORGED_MUA_OE_CHARSET_SUBJECT Subject:raw =~ /^[\s\r\n]*(Spam:|\[(SPAM|Spam|spam)\] |\*S\*P\*A\*M\* |\{(SPAM|Spam|spam)\??\}|\[!! SPAM\]|\[SPAM PROBABLE\]:?|\[SUSPECTED SPAM\]|Suspected Spam:|\**May be Spam\**|\**(POSSIBLE )?SPAM\**|\[Spam Probability=\d+\]|X-IMail-SPAM-Premium|X-IMail-SPAM-Connection|!! SPAM Suspect : SPAM-Statistic !!)?[\s\r\n]*(((Re|RE|re)(\[\d+\])?|Fw|Fwd):|\[Re:\d+\])?\s*=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_SUBJECT __CUST_X_Mailer_OE && __FORGED_MUA_OE_CHARSET_SUBJECT describe FORGED_MUA_OE_CHARSET_SUBJECT Forged MUA Outlook Express (charset with capital in beginning of header Subject) score FORGED_MUA_OE_CHARSET_SUBJECT 1.0 header __FORGED_MUA_OE_CHARSET_FROM From:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_FROM __CUST_X_Mailer_OE && __FORGED_MUA_OE_CHARSET_FROM describe FORGED_MUA_OE_CHARSET_FROM Forged MUA Outlook Express (charset with capital in beginning of header From) score FORGED_MUA_OE_CHARSET_FROM 1.0 header __FORGED_MUA_OE_CHARSET_REPLY_TO Reply-To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_REPLY_TO __CUST_X_Mailer_OE && __FORGED_MUA_OE_CHARSET_REPLY_TO describe FORGED_MUA_OE_CHARSET_REPLY_TO Forged MUA Outlook Express (charset with capital in beginning of header Reply-To) score FORGED_MUA_OE_CHARSET_REPLY_TO 1.0 header __FORGED_MUA_OE_CHARSET_TO To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_TO __CUST_X_Mailer_OE && __FORGED_MUA_OE_CHARSET_TO describe FORGED_MUA_OE_CHARSET_TO Forged MUA Outlook Express (charset with capital in beginning of header To) score FORGED_MUA_OE_CHARSET_TO 1.0 header __FORGED_MUA_OE_CHARSET_CC Cc:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_CC __CUST_X_Mailer_OE && __FORGED_MUA_OE_CHARSET_CC describe FORGED_MUA_OE_CHARSET_CC Forged MUA Outlook Express (charset with capital in beginning of header Cc) score FORGED_MUA_OE_CHARSET_CC 1.0 ###################################################################### meta FORGED_MUA_OE_FROM_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_FROM_EMPTY && __HEADER_FROM_WITHOUT_QUOTES && !__HEADER_FROM_ENCODED describe FORGED_MUA_OE_FROM_WOUT_QUOTE Forged MUA Outlook Express (there aren't double quotes in header From) score FORGED_MUA_OE_FROM_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_FROM !__CUST_FROM_EMPTY && !__FROM_QUOTA_OR_ANGLE_BRACKET && !__HEADER_FROM_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) describe FORGED_MUA_OE_FROM Forged MUA Outlook Express (header From does not contains double quote and angle bracket) score FORGED_MUA_OE_FROM 2.0 meta FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_REPLY_TO_EMPTY && __HEADER_REPLY_TO_WITHOUT_QUOTES && !__HEADER_REPLY_TO_ENCODED describe FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE Forged MUA Outlook Express (there aren't double quotes in header Reply-To) score FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE 0.5 meta FORGED_MUA_OE_REPLY_TO !__CUST_REPLY_TO_EMPTY && !__REPLY_TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_REPLY_TO_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) describe FORGED_MUA_OE_REPLY_TO Forged MUA Outlook Express (header Reply-To does not contains double quote and angle bracket) score FORGED_MUA_OE_REPLY_TO 2.0 meta FORGED_MUA_OE_TO_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_TO_EMPTY && __HEADER_TO_WITHOUT_QUOTES && !__HEADER_TO_ENCODED describe FORGED_MUA_OE_TO_WOUT_QUOTE Forged MUA Outlook Express (there aren't double quotes in header To) score FORGED_MUA_OE_TO_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_TO !__CUST_TO_EMPTY && !__TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_TO_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) && __CUST_List_Id_EMPTY describe FORGED_MUA_OE_TO Forged MUA Outlook Express (header To does not contains double quote and angle bracket) score FORGED_MUA_OE_TO 2.0 meta FORGED_MUA_OE_CC_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_CC_EMPTY && __HEADER_CC_WITHOUT_QUOTES && !__HEADER_CC_ENCODED describe FORGED_MUA_OE_CC_WOUT_QUOTE Forged MUA Outlook Express (there aren't double quotes in header Cc) score FORGED_MUA_OE_CC_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_CC !__CUST_CC_EMPTY && !__CC_QUOTA_OR_ANGLE_BRACKET && !__HEADER_CC_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) describe FORGED_MUA_OE_CC Forged MUA Outlook Express (header Cc does not contains double quote and angle bracket) score FORGED_MUA_OE_CC 2.0 meta FORGED_MUA_OE_CTE __CUST_X_Mailer_OE && __Content_Transfer_Encoding_8BIT describe FORGED_MUA_OE_CTE Forged MUA Outlook Express (Content-Transfer-Encoding) score FORGED_MUA_OE_CTE 4.0 header __FORGED_MUA_OE_CT Content-type =~ /^multipart\/related;[\s\r\n]*boundary="Boundary_\(ID_[a-zA-Z\d\/]{22}\)"; Type="multipart\/alternative"/ meta FORGED_MUA_OE_CT __FORGED_MUA_OE_CT && __CUST_X_Mailer_OE describe FORGED_MUA_OE_CT Forged MUA Outlook Express (Content-Type, boundary) score FORGED_MUA_OE_CT 4.0 header __FORGED_MUA_OE_X_Mailer_CT ALL =~ /(?is)^(.*\r?\n)?X-Mailer:\s*Microsoft Outlook Express.*?\r?\nContent-Type:/ meta FORGED_MUA_OE_X_Mailer_CT __FORGED_MUA_OE_X_Mailer_CT && !MAILLIST_RU describe FORGED_MUA_OE_X_Mailer_CT Forged MUA Outlook Express (X-Mailer and Content-Type) score FORGED_MUA_OE_X_Mailer_CT 4.0 header __OE_Message_ID Message-ID:case =~ /^<(0[\da-f]{3})?01[\da-f]{6}\$[\da-f]{8}\$[\da-f]{8}\@\S+>$/ meta FORGED_MUA_OE_Message_ID __CUST_X_Mailer_OE && !__OE_Message_ID describe FORGED_MUA_OE_Message_ID Forged MUA Outlook Express score FORGED_MUA_OE_Message_ID 2.5 meta FORGED_MUA_OE_boundary __CUST_Content_Type_multipart && __CUST_X_Mailer_OE && !__CUST_Content_Type_multipart_OE_boundary describe FORGED_MUA_OE_boundary Forged MUA Outlook Express score FORGED_MUA_OE_boundary 2.5