sb-fraud.rc

这是一个从音频信号里提取特征参量的程序

 *   800^0   (^|[^-_0-9a-z])(edudemello@mail-senders\.net([^a-z0-9\.]|$)|\
             email\.iloabuchi_t28@yahoo\.com([^a-z0-9\.]|$)|\
             infoglobal_crossing@yahoo\.com([^a-z0-9\.]|$)|\
             jeremiahofor@cheerful\.com([^a-z0-9\.]|$)|\
             jsiriki@caramail\.com([^a-z0-9\.]|$)|\
             maariamabach@saintly\.com([^a-z0-9\.]|$)|\
             roselina_fuma@swirve\.com([^a-z0-9\.]|$)|\
             samkibka@yahoo\.com([^a-z0-9\.]|$))([^a-z0-9\.]|$)
 *   800^0   (^|[^-_0-9a-z])(Ajaokuta Steel Plant|\
              Department[ ]?[$]?of[ ]?[$]?Mining[ ]?[$]?(\&|and)[ ]?[$]?Natural[ ]?[$]?Resources|\
             ECO[ ]?[$]?BANK[ ]?[$]?OF[ ]?[$]?AFRICA|\
             Economic[ ]?[$]?Community[ ]?[$]?of[ ]?[$]?Wes(r|tern)[ ]?[$]?African[ ]?[$]?States|\
             Ministry[ ]?[$]?of[ ]?[$]?Minerals|\
             National[ ]?[$]?Electric[ ]?[$]?Power[ ]?[$]?Authority|\
             Nigerian[ ]?[$]?Bar[ ]?[$]?Association|\
             Nigerian[ ]?[$]?National[ ]?[$]?Petroleum[ ]?[$]?Corporation|\
             EXPORT[ ]?[$]?PROMOTION[ ]?[$]?COUNCIL|\
             Ivoire[ ]?[$]?Nationa[ ]?[$]?Oil|\
             Ministry[ ]?[$]?of[ ]?[$]?Lands,[ ]?[$]?Mines,[ ]?[$]?\&[ ]?[$]?Energy|\
             PENTAGON.*SECURITY[ ]?[$]?TRUST[ ]?[$]?\&[ ]?[$]?FINANCE|\
             Petrol[ ]?[$]?Ivoire|\
             petroleum[ ]?[$]?trust[ ]?[$]?fund|\
             SECURITY[ ]?[$]?AND[ ]?[$]?FINANCE[ ]?[$]?Benin[ ]?[$]?srl|\
             Security[ ]?[$]?Vault[ ]?[$]?Company|\
             Seed[ ]?[$]?Harvest[ ]?[$]?Ministry|\
             South[ ]?[$]?Africa[ ]?[$]?Export[ ]?[$]?Promotion[ ]?[$]?Council|\
             U\.[ ]?[$]?WILLIAMS[ ]?[$]?\&[ ]?[$]?CO[ ]?[$]?LTD\.|\
             UNION[ ]?[$]?BANK[ ]?[$]?OF[ ]?[$]?NIGERIA)([^a-z0-9\.]|$)
 *    500^0    (^|[^-_0-9a-z])(DRC|\
                ECOMOG|\
                ECOWAS|\
                EPC|\
                MLME|\
                NEPA|\
                NNPC|\
                PTF|\
                SAEPC|\
                SVC|\
                UNITA)([^a-z0-9\.]|$)
 *   500^0.5 (^|[^-_0-9a-z])(Angola|\
             Benin|\
             C.te D.Ivoire|\
             Democratic Republic of Congo|\
             Gambia|\
             Ghana|\
             Ivory Coast|\
             Liberia|\
             Nigeria|\
             Sierra.Leone|\
             South Africa|\
             Togo|\
             Zaire|\
             Zimbabwe)([^a-z0-9\.]|$)
 *   200^0   (^|[^-_0-9a-z])([bm]illion dollars?|\
               physical cash|\
               Swiss bank|\
               United$? States?$? dollars|\
               U.?S.? dollars)([^a-z0-9\.]|$)
 *   200^0   (^|[^-_0-9a-z])(escape|\
             escaped|\
             identity|\
             refugee)([^a-z0-9\.]|$)
 *   800^0   [^0-9][0-1]?801[-\. )]*516[-\. ]*7986[^0-9]
 *   800^0   [^0-9](0)?(0)?(1)?(\+)?(212[-\. )]*308[-\. ]*7788[^0-9]|\
             225[-\. ()]*07[-\. )]*86[-\. ]*23[-\. ]*17[^0-9]|\
             225[-\. ()]*07[-\. )]*68[-\. ]*84[-\. ]*85[^0-9]|\
             225[-\. ()]*07[-\. )]*77[-\. ]*77[-\. ]*56[^0-9]|\
             228[-\. ()]*911[-\. )]*29[-\. ]*11[^0-9]|\
             229[-\. ()]*338466[^0-9]|\
             229[-\. ()]*981587[^0-9]|\
             234[-\. ()]*1[-\. )]*481[-\. ]*7905[^0-9]|\
             234[-\. ()]*1[-\. )]*759[-\. ]*3311[^0-9]|\
             234[-\. ()]*1[-\. )]*759[-\. ]*7512[^0-9]|\
             234[-\. ()]*1[-\. )]*759[-\. ]*9446[^0-9]|\
             234[-\. ()]*1[-\. )]*775[-\. ]*5791[^0-9]|\
             234[-\. ()]*1[-\. )]*776[-\. ]*0618[^0-9]|\
             234[-\. ()]*1[-\. )]*776[-\. ]*1576[^0-9]|\
             234[-\. ()]*1[-\. )]*759[-\. ]*1483[^0-9]|\
             234[-\. ()]*42[-\. )]*253586[^0-9]|\
             234[-\. ()]*802[-\. )]*32[-\. )]*13181[^0-9]|\
             234[-\. ()]*80[-\. )]*23144221[^0-9]|\
             234[-\. ()]*803[-\. )]*3267618[^0-9]|\
             234[-\. ()]*80[-\. )]*33185767[^0-9])
 *   800^0   (27[-\. ()]*72[-\. ]*151[-\. ]*3454[^0-9]|\
              27[-\. ()]*83[-\. ]*773([-\. ]*)?2725[^0-9]|\
              27[-\. ()]*732[-\. ]*208([-\. ]*)?992[^0-9])
 {
  PATSCORE=$=

  :0 f
  | ${FORMAIL} -A"X-SBRule: Advance Fee (419) Fraud (Score: ${PATSCORE})"

  :0
  { SPAMTAG=yes }

  :0
  * SRC ?? yes
  * !ADMINTAG ?? yes
  * !BULKTAG ?? yes
  {
   :0
   { SPAMPID=`echo $$` }

   :0 c:
   spamtemp.${SPAMPID}

   :0
   { GRIPETO=419.fcd@usss.treas.gov }

   :0
   * ^Received:.*(^|[^0-9])(12\.37\.112\.[0-9]|12\.37\.112\.1[0-5])([^0-9\.]|$)
   { GRIPETO=$GRIPETO,postmaster@sydneymicrosystems.com,abuse@att.net }

   :0
   * ^Received:.*(^|[^0-9])63\.238\.14[0-7]\.[0-9][0-9]?[0-9]?([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@skyweb.net }

   :0
   * ^Received:.*(^|[^0-9])(66\.133\.[0-9]\.[0-9][0-9]?[0-9]?|\
                            66\.133\.[1-5][0-9]\.[0-9][0-9]?[0-9]?|\
                            66\.133\.6[0-3]\.[0-9][0-9]?[0-9]?)([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@interpacket.net }

   :0
   * ^Received:.*(^|[^0-9])(66\.178\.[0-9]\.[0-9][0-9]?[0-9]?|\
                            66\.178\.[1-5][0-9]\.[0-9][0-9]?[0-9]?|\
                            66\.178\.6[0-3]\.[0-9][0-9]?[0-9]?|\
                            216\.236\.19[2-9]\.[0-9][0-9]?[0-9]?|\
                            216\.236\.2[0-1][0-9]\.[0-9][0-9]?[0-9]?|\
                            216\.236\.22[0-3]\.[0-9][0-9]?[0-9]?)([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@newskies.net }

   :0
   * ^Received:.*(^|[^0-9])200\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@lacnic.net }

   :0
   * ^Received:.*(^|[^0-9])208\.31\.17[6-7]\.[0-9][0-9]?[0-9]?([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@sprint.net }

   :0
   * ^Received:.*(^|[^0-9])208\.160\.14[4-7]\.[0-9][0-9]?[0-9]?([^0-9\.]|$)
   { GRIPETO=$GRIPETO,postmaster@comete.ci,abuse@africaonline.co.ci,zano@africaonline.co.ci,abuse@cw.net }

   :0
   * ^Received:.*(^|[^0-9])(209\.88\.5[6-9]\.[0-9][0-9]?[0-9]?|\
                            209\.88\.6[0-2]\.[0-9][0-9]?[0-9]?|\
                            cable\.net\.co)([^0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@dotster.com,abuse@gip.net,postmaster@tvcable.net }

   :0 BH
   * (^|[^0-9a-z])caramail\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,postmaster@caramail.com,cs@caramail.fr,abuse@colt.net }

   :0 BH
   * (^|[^0-9a-z])hotmail\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@hotmail.com }

   :0 BH
   * (^|[^0-9a-z])onebox\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,support@onebox.com }

   :0 BH
   * (^|[^0-9a-z])(lycos|mailcity)\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,abuse@lycos.com }

   :0 BH
   * (^|[^0-9a-z])rediffmail\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,postmaster@rediffmail.com,ajitb@rediff.co.in }

   :0 BH
   * (^|[^0-9a-z])whowhere\.(com|[a-z][a-z])\.?([a-z][a-z])?([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,antispam@whowhere.com,spam@whowhere.com }

   :0 BH
   * (^|[^0-9a-z])yahoo\.(com|[a-z][a-z])\.?([a-z][a-z])?([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,mail-abuse@yahoo-inc.com }

   :0 BH
   * (^|[^0-9a-z])ziplip\.com([^a-z0-9\.]|$)
   { GRIPETO=$GRIPETO,domobi@ziplip.com,postmaster@hyperia.com,karstenf.motophone@hyperia.com,marcelk.motophone@hyperia.com }

   :0 BH c: spamtemp.${SPAMPID}.lock
   | (${FORMAIL} -rt \
      -I"From: ${ALTFROM}" \
      -I"To: ${GRIPETO}" \
      -I"Subject: Advance Fee (419) Fraud spam (No Loss)" \
      -A"X-Loop: ${NOLOOP}";\
      echo " ";\
      echo "Attached is an Advance Fee (419) Fraud spam.  My spam filter automatically";\
      echo "forwards these spams to the abuse addresses at the ISPs from which the spam";\
      echo "was sent, or where the spammer refers victims to an email address.  Please close";\
      echo "all accounts associated with this spam, and take any other appropriate action.";\
      echo " ";\
      echo "For more information about the Advance Fee Fraud scam, see:";\
      echo " ";\
      echo "http://home.rica.net/alphae/419coal/";\
      echo " ";\
      echo "U.S. Secret Service -- this is for your records; there was no financial loss.";\
      echo " ";\
      echo "=-=-=-=-=-=-=-=-=-=";\
      echo " ";\
      cat spamtemp.${SPAMPID};\
      ${RM} -f spamtemp.${SPAMPID}) \
      | ${SENDMAIL} -oi -t
  }

  :0
  * SRB ?? yes
  { BOUNCETHIS=yes }
 }
}


# PayPal Fraud
#
# Updated and domains verified 8/19/02
# Last reported spam:  8/18/02
# Other Relevant Info:
#   Fraudulent "PayPal" newsletter that tries to get users to
#   provide private information to a non-PayPal web site.
# Status: Active Spammer
#
:0
* ^(From.|Reply-To:|Message-ID:|Received:).*[^0-9a-z].*paypal\.com([^a-z0-9\.]|$)
* ! ^Received:.*[^0-9a-z].*(65\.206\.22[8-9]\.|\
                            65\.206\.23[0-1]\.)
{ PAYPALFRAUD=yes }

:0
* ^(From.|Reply-To:|Message-ID:|Received:).*[^0-9a-z].*(paypalsys\.com|\
          paypalupdate\.com)([^a-z0-9\.]|$)
{ PAYPALFRAUD=yes }

:0
* LEANTAG ?? no
* !PAYPALFRAUD ?? yes
{
 :0 BH
 * !^Subject: .*\(fwd\)
 * !--.*forwarded message --
 * !^forwarded message:
 * !^-----BEGIN PGP SIGNED MESSAGE-----
 * (^|[^-_0-9a-z])http://www.paypal.com/images/([^a-z0-9\.]|$)
 * (^|[^-_0-9a-z])http://www.paypal.seclogin.com([^a-z0-9\.]|$)
 * (^|[^-_0-9a-z])http://www.paypalsys.com([^a-z0-9\.]|$)
 * (^|[^-_0-9a-z])http://www.paypalupdate.com([^a-z0-9\.]|$)
 { PAYPALFRAUD=yes }
}

:0
* PAYPALFRAUD ?? yes
{
 :0 f
 | ${FORMAIL} -A"X-SBRule: Probable False PayPal/PayPal Fraud"

 :0
 { BLOCKTAG=yes }

 :0
 * BLOCKREPLY ?? NOTIFY
 { BLOCKTHIS=yes }
}


# U.S. Domestic Dialed International Phone Numbers Fraud
#
# Updated and domains verified 4/26/02
# Last reported spam: 4/26/02
# Other Relevant Info:
#   This filter looks for numbers in Caribbean area codes that are
#   international calls, but look to an unwary U.S.-based user like
#   domestic long distance.  Since there is some possibility (albeit
#   remote) that a user might receive legitimate email referring
#   to a Caribbean phone number, this recipe classifies email as
#   suspicious/blocked instead of as outright spam.
# Status: Active Spammers
#
:0 B
* LEANTAG ?? no
* !^Subject: .*\(fwd\)
* !--.*forwarded message --
* !^forwarded message:
* !^-----BEGIN PGP SIGNED MESSAGE-----
* -1000^0
*  -200^1   ^[:;#>]
*  1100^1    (^|[^a-z0-9]|[^\.])242[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])246[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])264[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])268[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])284[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])340[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])345[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])441[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])473[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])649[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])664[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])670[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])671[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])758[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])767[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])768[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])784[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])787[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])809[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])868[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])869[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])876[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
*  1100^1    (^|[^a-z0-9]|[^\.])939[-\. )][-\. )]?[0-9][0-9][0-9][-\. ][-\. ]?[0-9][0-9][0-9][0-9]([^a-z0-9]|[^\.]|$)
{
 :0 f
 | ${FORMAIL} -A"X-SBRule: International U.S.-Style Area Code Phone Number"

 :0
 { BLOCKTAG=yes }

 :0
 * BLOCKREPLY ?? NOTIFY
 { BLOCKTHIS=yes }
}