#!/usr/bin/perl ########################################################################################## # # qmail-localfilter.pl # # A modest spam-blocking/mail-filtering tool, largely derived from SpamAssassin. # # This program is mainly intended for individuals/small groups who run their own # domains and manage their own mail servers. It was written to work with qmail, # and is unashamedly biased in favor of English speaking mail operators. # # Version: 1.56d # # Copyright/License/Disclaimer: # ----------------------------- # Copyright (c) 2004 by John Fitzgibbon (fitz@jfitz.com). # # Permission to use, copy, modify, and distribute this software for any purpose # with or without fee is hereby granted, provided that the above copyright notice, # this permission notice and the following disclaimer appear in all copies. # # THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD # TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR # CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR # PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Inane Rambling: # --------------- # The main reason this program exists is because I found it hard to modify SpamAssassin # to meet my needs, and maintenance was difficult because of the number of files involved. # Here, all the settings, lists, rules and code are in two files - if you want to know # where to change/add something, (and I encourage you to do so), the answer is either # "here" or in the settings file, (qmail-localfilter-settings.pl). In addition, there are # three optional files, qmail-localfilter-custom-body.pl, qmail-localfilter-custom-hdr.pl # and qmail-localfilter-custom-raw.pl. These files, (described below), can be used to add # custom rules. # # This tool is not designed to "tag" mail. It is designed to reject it, (based on the # exit code). The reasons why the mail was rejected are logged to the mail log. When # dealing with large volumes of spam, I find this approach better than just dumping spam # into a folder - where I'm very likely to "silently" delete the occasional "false # positive". By rejecting the mail, a legitimate sender will know immediately that they # didn't get through, and can contact me by some other means if the message is important. # # Also, because this program simply rejects mail instead of tagging it, it can stream # the mail as it is read - it doesn't need to store the mail to tag the header. Also, it # can terminate prematurely if it detects that the mail is spam, because it knows that # the mail is not going to be delivered. This "one-pass" filter approach is useful for # "real-time" rejection of spam where memory and CPU cycles are important. # # Usage summary: # -------------- # Note: You'll need the following perl modules: # use IO::Socket; # use Expect; # use Net::DNS; # use Sys::Syslog qw(:DEFAULT setlogsock); # use Getopt::Std; # use MIME::QuotedPrint; # use MIME::Base64; # use IO::File; # use File::Temp qw/ tempfile tempdir /; # use HTML::Entities; # # (Some of these modules have other dependencies, so please ensure that you install # the full package, MIME, HTML, etc. and not just the specific modules listed.) # # To see what this program does, you can try this: # # qmail-localfilter.pl -d < some_mail_file.eml # # The -d puts the program in debug mode so output goes to the screen, not maillog. # You can add -r, (show raw text), -t, (show test text) and -m (show mail headers) # to get a good idea of what's actually being tested in the rules sections below. # # Once you've got the hang of things, and made any settings/rule modifications you # need (in qmail-localfilter-settings.pl), plug these scripts into the filtering # portion of your mail delivery system, (without any command line parameters). # # When up and running, I find using the script from the command line with the -dtf # options is handy for coming up with new spam phrases when bad mail gets through. # # Installation: # ------------- # First step should be to customize qmail-localfilter-settings.pl and get things # working to your satisfaction using the debug command line settings. Then: # # I use this program with qmail, using the QMAILQUEUE patch, (http://www.qmail.org/) # and qmail-qfilter, (http://untroubled.org/qmail-qfilter/). I set up /var/qmail/rc # to call a script by adding the following near the top of the rc script: # # QMAILQUEUE=/var/qmail/bin/qmail-localfilter.sh # export QMAILQUEUE # # I then created a 2-line script /var/qmail/bin/qmail-localfilter.sh: # # #!/bin/sh # exec /var/qmail/bin/qmail-qfilter /var/qmail/bin/qmail-localfilter.pl # # The only other thing was to copy qmail-localfilter.pl and qmail-localfilter-settings.pl # into /var/qmail/bin and make sure all the scripts are executable, (chmod +x *.sh *.pl). # # I imagine it should be pretty straightforward to modify this code for use with other # mail filtering systems, but I'm not the right person to ask how. I'm also pretty # useless with perl, so the answer to "why did you do such-and-such?" is probably that # I didn't know any better, (though I did find some surprising performance improvements # by NOT using some of the perl's "performance-improving" features, (like (?:...)). # # One more thing: no, very sorry, but I won't help you set up qmail. # # Adding Customized Rules: # ------------------------ # qmail-localfilter.pl supports four optional files that can contain custom settings # and rules. The files are: # # qmail-localfilter-custom-settings.pl # qmail-localfilter-custom-body.pl # qmail-localfilter-custom-hdr.pl # qmail-localfilter-custom-raw.pl # # If you create any of these files to implement custom settings or rules, you should # definitely check that the code executes correctly by running qmail-localfilter.pl # from the command line before putting the new files in /var/qmail/bin. # # Individual users can also create custom settings and rule files, (with the same names # as above), and place them in a directory called ".qmail-localfilter" off their home # directory. The administrator can enable/disable user-specific settings/rules by # modifying the $allow_user_configuration, $users_home_path and $mail_alias_list # settings in the system-wide settings file. # # NOTE THAT THESE SETTINGS/RULES FILES ACTUALLY EXECUTE PERL CODE WITH THE PRIVILEGES # OF THE MAIL FILTER USER, SO YOU SHOULD ONLY ALLOW TRUSTED USERS TO MODIFY SETTINGS. # # For user-specific settings to work, the "MAIL TO" portion of the mail envelope must # match the name of a user on your system, or the name that appears in the MAIL TO must # be mapped to a user on your system with an entry in $mail_alias_list. The alias list # can only be set by the administrator in the system-wide settings file. # # What follows is a brief description of each of the settings/rules files: # # # qmail-localfilter-custom-settings.pl # ------------------------------------ # "qmail-localfilter-custom-settings.pl" is called immediately after the default # settings file is loaded. There are 2 useful approaches to using custom settings: # 1) You can add all non-default settings to qmail-localfilter-custom-settings.pl. # This means you will never need to alter qmail-localfilter-settings.pl # 2) You can just add the various whitelists, blacklists, etc. to the custom file # and set the other variables in qmail-localfilter-settings.pl # # The advantage of 1) is that you keep the default installation "clean". The # advantage of 2) is that you can "diff" new releases of the settings file against # your local copy to see if the settings you are using still make sense. # # In both cases, you should always check any new releases to see if there are any # new settings that need to be set by you. # # Note that you must include the following (uncommented) line somewhere in # qmail-localfilter-custom-settings.pl: # # $settings_custom_found = 1; # # You can copy any other setting from qmail-localfilter-settings.pl and modify # the values as you wish. The most common settings you will probably want to modify # are the lists, (whitelist, darklist, blacklist, etc.). If you want to extend a # system-wide list, (rather than replace it), you can simply add the existing list # at the start of the new one. For example: # # $whitelist = " # $whitelist # myfriend\@somedomain.com # *\@friendlydomain.com # "; # # # qmail-localfilter-custom-body.pl # -------------------------------- # "qmail-localfilter-custom-body.pl" is called from the subroutine "body_tests". # This subroutine performs tests on the email text after it has been reduced to a # single-spaced, lower case stream of words with no special characters. A sample # "qmail-localfilter-custom-body.pl" file might look something like this: # # $body_custom_found=1; # if (/some annoying spammy text/) { spam("c00001",2.0, $&); } # if (/more annoying spammy text/) { spam("c00002",1.2, $&); } # # Note that you must set "$body_custom_found=1;" somewhere in your custom file. The # code above would assign a score of 2.0 if the text "some annoying spammy text" was # found, or a score of 1.2 if the text "more annoying spammy text" was found. The # "$&" parameter means that the matching text is passed to the spam scoring subroutine. # This means the message in the maillog would look like: # # c00001: some annoying spammy text (2.0) # # ... for the first rule above. It's a good idea to use spam IDs with an initial # character other than "s", (like "c00001", for "Custom rule #1"), so as not to # confuse your custom spam IDs with predefined IDs. # # # qmail-localfilter-custom-hdr.pl # ------------------------------- # "qmail-localfilter-custom-hdr.pl" is called from the subroutine "hdr_main_tests", # (when checking the main header section of the email). You can include checks here # that use the various header variables defined in this program. Please see the # subroutine "hdr_main_tests" for examples of rules that check the email header. # # A sample file might look something like this: # # $hdr_custom_found=1; # if ($hdr_main =~ /\nsubject: annoying subject/) { spam("c00003",2.2, "Annoying Subject"); } # # Note that you must set "$hdr_custom_found=1;" somewhere in your custom file. # # # qmail-localfilter-custom-raw.pl # ------------------------------- # "qmail-localfilter-custom-raw.pl" is called from the subroutine "body_raw_tests". # This subroutine performs tests on the email text before it has been processed to # remove special characters and make the text single spaced. (Note, however, that the # text is converted to lower-case.) # # A sample file might look something like this: # # $raw_custom_found=1; # if (/<\!-- spam -->/) { spam("c00004",3.2, "Spammy HTML comment: " . $& ); } # # Note that you must set "$raw_custom_found=1;" somewhere in your custom file. # ########################################################################################## $version = "1.56d"; $time_start = time(); $settings_path = "/var/qmail/bin/"; $settings_file = "qmail-localfilter-settings.pl"; $settings_custom_file = "qmail-localfilter-custom-settings.pl"; $hdr_custom_file = "qmail-localfilter-custom-hdr.pl"; $body_custom_file = "qmail-localfilter-custom-body.pl"; $body_stripped_custom_file = "qmail-localfilter-custom-body-stripped.pl"; $raw_custom_file = "qmail-localfilter-custom-raw.pl"; # # The following variables can all be overridden in qmail-localfilter-settings.pl, # (and many should). See that file for a description of each setting. # $users_home_path = "/home"; $save_spam_users_home_path = ""; %score_override = (); %mail_alias_list = (); $mail_domain = ""; $smtp_server = ""; $smtp_server_ip = "255\.255\.255\.255"; $smtp_server_internal = ""; $stop_on_spam = 1; $body_max_len = 40960 + int(rand(10240)); $attach_max_len = 10240 + int(rand(1024)); $time_max_allowed = 15; $delay_spammers_time = $time_max_allowed; $delay_spammers = 1; $attach_lines_to_check = 20; $spam_threshold = 5.0; $spam_exit_code = 31; $spam_score_headers_too_long = 5.0; $spam_score_whitelist = -100.0; $spam_score_beigelist = -10.0; $spam_score_blacklist = 10.0; $spam_score_darklist = 2.0; $spam_score_graylist = 0.8; $spam_score_internal = -100.0; $spam_score_internal_abuse_report = -100.0; $spam_whitelist_bypass = 1; $neuter_bad_tags = 1; $neuter_img_tags = 1; $html_safe_logging = 1; $http_link_checking = 1; $http_link_exclude = "yahoo|msn|hotmail|lycos|excite|aol|netscape|mail|w3|ebay|paypal|amazon|kodakgallery"; $http_link_include = "groups\.yahoo"; $log_passed_score = 0; $spam_score_recv_from_whitelist = -10.0; $recv_from_whitelist = "\.ofoto\.com|\.amazon\.com"; $whitelist = ""; $beigelist = ""; $blacklist = ""; $darklist = ""; $graylist = ""; $localmailuserlist = ""; $settings_found = 0; $settings_custom_found = 0; $not_to_us = 0; $exe_file_types = "pif|scr|cmd|exe|bat|lnk|com|hta|vbs|cpl"; $save_spam = 0; $save_spam_path = "/var/qmail/log/spam/"; $save_spam_prefix = "spam_"; $save_spam_ext = ".eml"; $save_spam_to_user_home = 0; $save_spam_user_path = "/.qmail-localfilter/log/"; $save_spam_global_file_permission_mask = 0600; $save_spam_user_file_permission_mask = 0660; $single_word_count = 0; # # Some commonly used lists # $fuzzy_numbers = "(zero|only|a {0,1}few|up {0,1}to|(no {0,1}|)(less|fewer|more) than|about|almost|over|several|one|two|twen|three|thir|fou{0,1}r|five|fif|six|seven|eight|nine{0,1}|ten|eleven|twelve|[0-9]{1,}|hundred|thousand|([gb]a|)([mbz]|tr)illion)t{0,1}(een|y|)s{0,1}(.{0,1}of|)"; $fuzzy_timeframe = "(second|minute|hour|da[iy]|week|month|year)(s|ly|)"; $done_body_presubstitution_tests = 0; $done_body_site_tests = 0; $done_body_raw_tests = 0; $done_body_tests = 0; $done_hdr_main_tests = 0; $done_hdr_part_tests = 0; $done_attach_tests = 0; $done_final_tests = 0; ########################################################################################## # # Spam tests section. # # You are highly encouraged to add/change specific tests and scores to meet your needs. # Spammers will always find ways around widely published spam tests. Your best protection # is to "mix things up" by adding your own private rules, or changing the scores for # existing rules. Please see the introduction for info on adding custom rule files. # # The test subroutines are: # # sub body_raw_tests - tests that require the original puncuation and tags # sub body_presubstitution_tests - tests before a word like vi@gr@ is changed to viagra. # sub body_tests - tests on unpuncuated, lower-case, single-spaced text. # sub body_line_tests - line-by-line tests on the text, (try to use sparingly) # sub hdr_main_tests - tests on the main (first) header section of the mail # sub hdr_part_tests - tests on the headers of MIME encoded parts of the mail # sub attach_tests - tests performed on portions of binary attachments # sub final_tests - final tests after processing the mail # # body_tests is a good place to look if you just want ideas on how to add new # words/phrases to your custom filtering. You may also want to look at hdr_main_tests # for ideas if you want to add extra header tests to catch trickier spam. # ########################################################################################## sub trim_ends { local $_ = shift(@_); s/^\s*//; s/\s*$//; return $_; } # # Adds a score and description to the global spam score/description # sub spam { my $id = shift(@_); my $score = shift(@_); my $description = shift(@_); $description =~ s/,//g; if (exists $score_override{$id}) { $score = $score_override{$id}; } if (($id eq "s01766") && ($spam_desc =~ /s01314:/)) { $score += 0.5; } if ($save_spam_exclude_list && ($save_spam_exclude_list =~ /$id/)) { $save_spam_exclude_list =~ s/\+$id//g; $save_spam_exclude_list =~ s/$id\+//g; if ($save_spam_exclude_list =~ /$id/) { $opt_d && print "\n----------------------------\n" . "This spam will not be saved." . "\n----------------------------\n"; if ($save_spam_fh) { unlink($save_spam_fh, $save_spam_file); $save_spam_fh = 0; } } } $spam_score += $score; # # Round the overall score to three decimal places. # This is a workaround for weird perl rounding errors. # $spam_score = int (int($spam_score * 10000 + 5) / 10.0) / 1000; $spam_desc .= $id .": " . $description . " (" . $score . "), "; return 1; } # # You can call this once or twice in the body_tests if you feel you've added any # tests that might take a while to execute on large pieces of text: # # if (time_limit_up()) { return; } # sub time_limit_up { if ($time_max_allowed && (time() - $time_start > ($time_max_allowed * 2))) { return 1; } else { return 0; } } $html_body_bgcolor = ""; $html_font_test_color = ""; # use Lingua::Ispell qw(spellcheck); # $Lingua::Ispell::path = '/usr/bin/ispell'; # # Spelling tests on a lower-case, stripped concatenation of the text portions of the message. # # sub body_spell_tests # { # for my $r ( spellcheck($body_test_text) ) # { # if ( $r->{'type'} eq 'miss' ) # { # print $r->{'term'} ." was not found in the dictionary;\n"; # print "Near misses: " . @{$r->{'misses'}} . "\n"; # } # elsif ( $r->{'type'} eq 'none' ) # { # print "No match for term " . $r->{'term'} . "\n"; # } # } # } # # Tests for bad sites in a lower-case, non-stripped, (includes tags, spacing and special # characters), version of a concatenation of all the text portions of the message. # sub body_site_tests { $done_body_site_tests = 1; if ($body_raw_text =~ /l[\-\. ]e[\-\. ]g[\-\. ]a[\-\. ]l[\-\. ]{0,1}/) { $body_raw_text =~ s/l[\-\. ]e[\-\. ]g[\-\. ]a[\-\. ]l[\-\. ]{0,1}/legal/g; } if ($body_raw_text =~ /(free|adult(s|only){0,})\.(com|net|biz|org|info)/is) { spam("s02692",0.8,"Somewhat suspicious site: ..." . $&); } if ($body_raw_text =~ /(hetmodel|halosout|disnui|dieznutz|dibres|dfendme|disonne|diasoul|disnniy|digglog|dicnay|simpleitislove|heartsattach|herbalonez|xtra.{0,1}size.{0,1}plus|fromcupidwithlove|f(i|ou)nd(some|the|){0,}love|(steamy|adult|freaky|sexy){1,}.{0,1}((play|movie|video|single|dat(e|ing))s{0,1}){1,}|(pink|dream).{0,1}dat(es{0,1}|ing)|love-buddy|download-wizard|smart.{0,1}capsules{0,1}|justremedy|couldsenitmorethen|canyougetitforwhatit|promoteitthatand|(sos|please|someone){1,}help|(the|)searchdoctors{0,1}|my.{0,1}new.{0,1}profile|(get|find|a){1,}.{0,1}new.{0,1}love|(look|search|seek|wait|)ing.{0,1}(for|4)(love|luv)|marketingsystems{0,1}|((super|great|hard|core|hot|sexy|steamy)[\-\.\_]{0,1}){1,}action|((med|drug|p[il]{1,})[szx]|rx|matchmaker)([0-9]{1,}|z{0,1}one|store|bargain[szx]{0,}|online|store|(to|2|4|every|for){1,}(day|health)){0,}|bad.{0,1}love|freemoney(link|)|(online|bargain|generic|wholesale|warehouse|med[szx]|rx|(to|2|4|every|for){1,}(day|health)){1,}(med[szx]|rx)(zone|store|bargains|online|store|(to|2|4|every){0,}(day|health)){0,}|(quote|your|rate){3}|(valuable|great|hot|top|wonderful|successful|problem)(consumer|)(deal|buy|loan)[sz]{0,1}|(simple|)successtools|[a-z]{1,}[42](day|you)|speedzie|r[e3].{0,1}f[il1]nanc[e3](now|[0-9]|to|day){0,}|refi(now|[0-9]|to|day){0,}|lolitas{0,1}|bitch[esz]{0,}|come.{0,1}on.{0,1}down|(new|)(medi|rx.{0,1}|)(bargain|(drug|rx|med[sz]{0,1}).{0,1}(s{0,1}ource|s{0,1}tore|s{0,1}solutio{0,1}n|direct|info){1,}))\.(com|net|biz|org|info)/is) { spam("s01717",3.0,"Suspicious site: " . $&); } if ($body_raw_text =~ /[^\.^\/^ ]*(med|pre.{0,1}scription|deal)[sz][0-9]{0,}\.biz/is) { spam("s01858",3.5,"Very suspicious site: " . $&); } if ($body_raw_text =~ /((bgcolor)\.info|http\:\/\/finance\.yahoo\.com\/q\?s\=EXMT\.PK)/is) { spam("s01721",5.0,"Bad site: " . $&); } if ($body_raw_text =~ /((web|)cam.{0,1}singles|boobcam|(horne{0,1}y|depraved|sexy|h[o0]t)(house|).{0,1}(wi[fv]e|ladie|gal|teen)[sz]{0,1}|izzlepizzle|legalteens{0,1}|(online|)replicastore|ezsweeps|private.{0,1}health.{0,1}(store|source)|placement.{0,1}review|timeforu|herballylarge|cantwaittodate|(hot|mega|ez){1,}deal[sz]{0,1}|(super|value)(drug|pill)[sz]{0,1}(online|)|(pill|drug)source|cashbuilder|broadcast[^m]{0,2}mail(ing|)(today|)|gamesofvegas|\.gopic|canad(a|ian)(rx|drugs{0,1})|\.5-pm|massmed|intercheap|pharm1|cottonboss|adultrag|injustitie\.nervure|easy.x10|followmytrades|themortgage|yellowsun01|casinobuilder|seek99|web.{0,1}deal[zs]|orangetechinc|toplenders|web-vit|ladieslookingforlove|marketingmarketing|pacificmedicines|emailremovalregistry|findagrant|spyvalues|\.cmax|helpu(-w(eb|orld)){0,1}|porno|gigamort|expressscb|specialz|mcableppvnow|dealz|majorgoals|reserveadot|onlinefullservice|mnjmtech|bookcdrom|gainsleeploseweight|freeoffers|shopnow|hifice|directnetoffers.{0,3}|loanhunters|winningopportunities|quickhost|bioseeker(group){0,1}|orgycorner|emailoffer|get.{0,1}deals|overcomedepression|rxmedsovernight|real.{0,1}sales|great.{0,1}deals|financerate|hitznow|jimmyzzz|webmail2u|viosofthome|quickleadz|localhostsbox|bigbadted|investracs|votetoimpeach|zapdiscount|universalcablefilter|nomoredebt|netdeals|siccash|123winners|insaneprizes|savebigwithus|naked.{0,1}amateurs|greatsavingsrus|powerwebgate|kittypages|myhotsites|angels-mail|evaluemail|ultrastats|pickyourflick|uklifeonline|designwebpronews|(great|hot|super)(est|).{0,1}adult.{0,1}stuff|multiplayerpoker|prankcall.{0,1}|ientry(mail){0,1}|cibres|hornyhousewives|RenewMyDomains|opinionsurveys|fastnetspain|(site-|xxx)personals|top10sites|easygoingcompanion|eligiblebrides|allpointe|endallspam|opt.{0,1}(in|out))[0-9]{0,}\.[a-z]{0,3}|www.{0,3}rxshop.{0,5}net/is) { spam("s00002",4.0,"Bad site: " . $&); } if ($body_raw_text =~ /(http:\/\/manster\.info|www\.howmcuhleftfor|(top(win|biz)(soft|mentoring)|(download|health).{0,1}st[o0]re|(big|top)dealalerts{0,1}|(instant|online|lowprice).{0,1}pharm(acy|))\.(com|net)|(doctor|teen)[sz]{0,1}\.(biz|info)|medkit\.info|(watch|rolex|)[^r]{0,1}replicas{0,1}\.com|private[^d]{0,1}desires{0,1}\.com|antispywarecash\.com|pharmacybymail|healthsolutins\.info|indx\.ca|pillsavings|h[1l]gher\.net|advizemark|digital(cable|descram)|netbargain|exposedteen|shackdelamor|www\.{0,20}?discountdomain|www .{0,1} rxshop.{0,2} .{0,1} net)/is) { spam("s00003",4.0,"Bad site: " . $&); } if ($body_raw_text =~ /(http\:\/\/[a-z]{1,}\.com\/gal\/gsm\/)/is) { spam("s03325",4.0,"Bad link: " . $&); } if ($body_raw_text =~ /http[^ ]{1,}geocities\.com[^\r^\n^\.^ ^\"^\>]{0,}/is) { spam("s03033",1.0,"Suspicious link: " . $&); } } # # Tests on a lower-case, non-stripped, (includes tags, spacing and special characters), # version of a concatenation of all the text portions of the message. # Unless you specifically want to check tags/special characters, it's better to add # rules to body_tests instead of here. # sub body_raw_tests { # # Note: The initial section of body_raw_tests is executed even if the user # is whitelisted and $spam_whitelist_bypass is enabled. This allows us to # catch spam that forges well known company email addresses that may appear # in our whitelist. # # Note that custom raw tests are included, so be careful not to be too # aggressive in these tests or you may end up throwing out whitelisted mail. # # ========================================================================== # >>> WHITELIST TESTS BEGIN HERE <<< # ========================================================================== # local $_ = lc($body_raw_text); local $raw_custom_found = 0; $done_body_raw_tests = 1; if (!$body_stripped_test) { if (length($_) && (length($_) < 20)) { $temp = $_; $temp =~ s/[a-z]//g; if (!length($temp)) { $single_word_count = $single_word_count + 1; $opt_d and $opt_r and !$opt_q and print "\nSingleword!\n"; } else { $opt_d and $opt_r and !$opt_q and print "\nNot a Singleword!\n"; } } } # # Execute the code in "raw_custom_file". # Include site-specific customizations in this file. # do $raw_custom_file; if (!$raw_custom_found) { do $settings_path . $raw_custom_file; } if (length($custom_path)) { do $custom_path . $raw_custom_file; } if (!$hdr_in_hdr_test && !$body_stripped_test) { if (/]{0,}>(<[^>]{1,}>){0,}.{0,5}(https{0,1}:\/\/[^ ^\/]{0,}(wellsfargo|bankofamerica|boa|bankofthewest|citibank)[^.]{0,}\.com[^ ^;^\?^\"^\/]{0,}).{0,}?<\/a>/is) { $tmp1 = $1; $tmp2 = $3; $opt_d && $opt_m and print "\n------------------------------\n" . "Phishing check HREF: " . $tmp1 . "\nPhishing check Link: " . $tmp2 . "\n------------------------------\n"; # # Note: Phishing may come from an account we have whitelisted, # so give it a whopping score. # if (!($tmp1 eq $tmp2)) { spam("s02792",-$spam_score_whitelist,"Looks like a phishing link: " . $tmp2 . " actually links to " . $tmp1); } } elsif (/]{0,}?)>(.{0,}?)<\/a>/is) { $tmp = $1 . $2 . $3 . $4; spam("s02793",4.0,"Looks like a phishing link: " . $tmp); } elsif (/https{0,1}:\/\/[^\/^:^\?]{0,}($http_link_exclude)(\.(com|org|net|co\.[a-z]{0,2}))\.[^\/^:^\?]{0,}[\/:\?]/is) { spam("s02848",4.0,"Looks like a phishing link: " . $&); } if (/[bcdfghjklmnpqrvwxz]{5,}/i) { if (!(uc($&) eq "FFFFFF")) { spam("s01614",0.1 * length($&),substr($&,0,20)); } } } # # ========================================================================== # >>> WHITELIST TESTS END HERE <<< # ========================================================================== # # Include any tests that should be done even if the user is whitelisted # above this section. The tests below are all skipped for whitelisted # users, (unless $spam_whitelist_bypass is turned off). # if ($spam_whitelist_bypass && $whitelist_bypass) { if ($spam_score < 0.0) { return; } else { $whitelist_bypass = 0; } } if (!$hdr_in_hdr_test && !$body_stripped_test) { if (length($mail_domain) && (/a message sent from.{0,80}\sto\s.{0,30}\@$mail_domain/si)) { spam("s03169",1.6,$&); } if (/http:\/\/(www|)([^ ^\/]{0,}[0-9bcdfghjklmnpqrvwxz]{4,}[^ ^\/]{0,}\.){1,}(com|org|net|biz|info|)/i) { spam("s02345",1.6,$&); } elsif (/www[0-9]{0,1}\.([^ ^\/]{0,}[0-9bcdfghjklmnpqrvwxz]{4,}[^ ^\/]{0,}\.){1,}(com|org|net|biz|info|)/i) { spam("s02345",1.6,$&); } elsif (/^http:\/\/([a-z]{1,}\.)(com|org|net|biz|info)$/i) { spam("s02345",4.6,$&); } if ($http_link_checking && !length($body_http_host) && (/http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s || /(www\.[a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $http_test_text = $1; if (!length($mail_domain) || ($http_test_text !~ /$mail_domain$/i)) { $body_http_host = $http_test_text; if (!($body_http_host =~ /(\.|^)($http_link_include)\.(co(m|\...)|org|net)$/s) && ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s)) { $http_test_text = $_; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; while (($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) && ($http_test_text =~ /http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $body_http_host = $1; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; } if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; $body_http_host = ""; } $opt_d && $opt_m and print "\n------------------------------\n" . "Host: " . $body_http_host . "\n------------------------------\n"; } } } if (length($mail_domain) && /from:\s{1,}(\<{0,1}[a-z0-9\_\.]{1,}\@$mail_domain\>{0,1})/s) { spam("s00001",1.0,"Fake from: " . $1); } if (/\<((ht|x)ml|\/{0,1}(p|br|div|font)\>)/si) { $body_has_html_tags = 1; } if (/]*bgcolor[^>]*?(black|white|[0-9a-f]{6})[^>]*>/s) { $html_body_bgcolor = $1; $opt_d && $opt_m and print "\n------------------------------\n" . "Body tag: " . $& . "\nBody bgcolor: " . $1 . "\n------------------------------\n"; $html_font_test_color = $html_body_bgcolor; $html_font_test_color =~ s/(black|000000)/black\|000000/; $html_font_test_color =~ s/(white|ffffff)/white\|ffffff/; } if (length($html_body_bgcolor)) { if (/<[^>]*?(font|style)[^>]*?color[^>]*($html_font_test_color)[^>]*>/s) { $html_font_tag = $&; $html_font_color = $2; if ($html_font_tag !~ /<[^>]*?body[^>]*?style[^>]*?bgcolor[^>]*($html_font_test_color)[^>]*>/s) { $opt_d && $opt_m and print "\n------------------------------\n" . "Font/Style tag: " . $& . "\nFont/Style color: " . $2 . "\n------------------------------\n"; spam("s01472",2.4,"HTML hidden text: font matches background: " . $html_body_bgcolor); if(!($html_font_color eq $html_body_bgcolor)) { spam("s01473",2.2,"HTML hidden text: mismatching colors: " . $html_font_color . " and " . $html_body_bgcolor); } } } } if (/<(html|body)[^>]*>(.+)<\/(html|body)>/s) { $temp_html = $2; # print "\n----------\nhtml:\n----------\n" . $temp_html . "\n----------\n"; while ($temp_html =~ /^<[^>]*>(.*)/s) { $temp_html = $1; } while ($temp_html =~ /(.*)<[^>]*>(.*)/s) { $temp_html = $1 . $2; } $temp_html =~ s/\&[^\s^\;]{1,6}\;//sg; $temp_html =~ s/\#[0-9a-f]{1,6}\;//sg; $temp_html =~ s/[0-9]//sg; $temp_html =~ s/[\r\n \t\_\-\s\,\:\;\.\"\'\`\(\)\*\&\^\#\~\+\=\<\>\[\]\\\!\{\}\§]//sg; # print "\n----------\nstripped html:\n----------\n" . $temp_html . "\n----------\n"; if (!length($temp_html)) { spam("s01470",1.8,"HTML portion has no text "); } elsif (length($temp_html) < 20) { spam("s01471",1.0,"HTML portion has almost no text: " . $temp_html); } } if (/\.((doc|txt|rtf)[ \s\r\n_]{0,}?\.)($exe_file_types_no_com|zip|rar|t{0,1}gz|bhx|hqx|uue{0,1})/is) { spam("s01707",0.4,"Mentions a \"" . $& . "\" file"); } elsif (/[ \'\"](te[sx]t|document|error|message)\.((doc|txt|rtf)[ \s\r\n_]{0,}?\.|)($exe_file_types_no_com|zip|rar|t{0,1}gz|bhx|hqx|uue{0,1})/is) { spam("s01707",0.4,"Mentions: " . substr($&,1)); } if (/was identified as spam since it was listed in list\.dsbl\.org\;dnsbl\.sorbs\.net/) { $tmp = $&; if (/with the following information\: ip address \: ([\[\:\.\]0-9]{1,})/) { $tmp_ip = $1; $tmp .= " " . $&; if (length($smtp_server_ip) && !($tmp_ip eq $smtp_server_ip)) { spam("s02805",4.5,$tmp); } else { spam("s02805",1.0,$tmp); } } } } body_site_tests(); if (/http\:\/\/www.google.com\/[^\?]{0,20}\?q\=https{0,1}\:\/\/[^\/]{0,}/) { $http_test_text = $&; spam("s03309",3.5,"Google query, possibly to hide link: " . $http_test_text); if ($http_link_checking && (!length($body_http_host) || ($body_http_host =~ /google.com/i))) { $http_test_text =~ s/(.*)\?q\=https{0,1}\:\/\///; if (!length($mail_domain) || ($http_test_text !~ /$mail_domain$/i)) { $body_http_host = $http_test_text; if (!($body_http_host =~ /(\.|^)($http_link_include)\.(co(m|\...)|org|net)$/s) && ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s)) { $http_test_text = $_; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; while (($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) && ($http_test_text =~ /http:\/{1,}([a-zA-Z0-9\_\-\.]{2,}[a-zA-Z0-9\_\-])/s)) { $body_http_host = $1; $http_test_text =~ s/http:\/{1,}(.*)/$1/s; } if ($body_http_host =~ /(\.|^)($http_link_exclude)\.(co(m|\...)|org|net)$/s) { $opt_d && $opt_m and print "\n--------------------------------------------------\n" . "Host: " . $body_http_host . " is in exclude list\n" . "Excl: " . $http_link_exclude . "\n--------------------------------------------------\n"; $body_http_host = ""; } $opt_d && $opt_m and print "\n------------------------------\n" . "Host: " . $body_http_host . "\n------------------------------\n"; } } } } if (/u( |re{0,1} | (we|a)re |)still |since.{0,2}we(.{0,4}ve|).{0,2}chatted|((mention|relat|verbaliz|nar{1,}at)ed|told).{0,2}(to |)me.{0,2}that.{0,2}you.{0,2}(ha|)(ve |)(seemingly|probably).{0,2}(have |)(heard|picked|become)|^i have been so busy on this /s) { $tmp_msg = $&; if ($tmp_msg =~ /(chat{1,}|verbaliz|nar{1,}at)ed/s) { $tmp_score = 2.0; } else { $tmp_score = 1.0; } if (/(https{0,1}\:\/\/|www\.)[^\s]{1,}/s) { $tmp_msg = $tmp_msg . " ... " . $&; $tmp_score = $tmp_score * 0.4 ; if (/ ((y(ea|)r|mo(nth|))s|long( time|)|time) (it has been |)since/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/get(ting|).{0,2}((fit|lean|back.{0,2}(to|in)|shape|(yo|)u) {0,1}){1,}/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/(like|how|the way) (i|you|he|she) (was|did|were) in college/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/weight/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/therapy/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/calories/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/los(e|ing).{0,2}(my|the|that|your).{0,2}gut/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/on.{0,2}(this|a|the).{0,2}diet/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/exact.{0,2}same.{0,2}thing/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/been.{0,2}hearing.{0,2}about/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/stumbled.{0,2}(up|)on/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.0 ; } if (/(take|give|them).{0,2}[0-9]{1,}.{0,1}secs{0,1}.{0,1}(to|and).{0,1}(start|that)/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 2.4 ; } if (/these.{0,2}guys/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = $tmp_score * 1.5 ; } if (/(all |that ){1,}the (top.|)((celeb|s{0,1}tar|film|rock|reties|s{0,1}port|player|olympian|fashion|model|people|world)s{0,1} {0,1}(in {0,1}(the {0,1}|)|)){1,}((are|have|been|using).){0,}/s) { $tmp_msg = $& . " ... " . $tmp_msg; $tmp_score = int (($tmp_score * 2.0 * (length($&)/12)) * 100) / 100; } spam("s03394",$tmp_score,$tmp_msg); } } if (/l[a\@][s\$].{0,1}\\\/eg[a\@][s\$]/) { spam("s03384",3.4,$&); } if (/http\:\/\/search.msn.com\/[^\?]{0,20}\?\&url\=https{0,1}\:\/\/[^\/]{0,}/) { spam("s03309",3.5,"MSN query, possibly to hide link: " . $&); } if (/getme{0,1}off/) { spam("s02825",1.4,$&); } if (/affiliate.{0,1}id/) { spam("s02339",0.4,$&); } if (/campaign.{0,1}id/) { spam("s02340",0.4,$&); } if (/x-rocket-spam/s) { spam("s02214",0.5,$&); } if (/x-rocket-track:.{0,30}sflag\=openrelay/s) { spam("s02215",4.5,"x-rocket-track openrelay"); } if (length($mail_domain) && /auto.{0,1}mailer\@$mail_domain/s) { spam("s02216",0.5,$&); } if (/font-size\s{0,}\:\s{0,}0{0,}1{0,1}(\.[0-9]{0,}){0,1}\s{0,}p[tx]/is) { spam("s01974",2.2,"Tiny font: " . $&); } if (/<\/html>[\r\n]{0,2}<.*?>/s) { spam("s00004",1.0,"Tags after closing HTML tag: " . $&); } if (/^.{0,10}?.{0,30}?

.{0,10}?.{0,10}?.{0,10}?<\/a>.{0,10}?<\/p>.{0,10}?.{0,100}?<\/a>.{0,100}?<\/body><\/html>.{0,100}?$/s) { spam("s00005",4.0,"Spam-like HTML"); } if (/solutions\/testyourself\.html/si) { spam("s00006",3.0,$&); } if (/(random\_(word|text))/s) { spam("s00007",4.6,$&); } if (/rotates\.cgi/s) { spam("s00008",2.2,$&); } if (/[a-zA-Z].{0,100}/s) { spam("s00015",4.0,"Excessive HTML comments"); } if (/\.ffwd.{0,4}\.(com|net)/is) { spam("s00016",2.0,$&); } if (/(product|default|search|index|jump)\.(php|asp|html{0,1}|cfm)\?.{0,20}(id|ref|url)\=/is) { spam("s00017",2.2,$&); } if (/.{0,12}[^<]{0,100}/s) { spam("s00018",4.0,"Very excessive HTML comments"); } if (/dynsrc\s{0,10}=/ois) { spam("s00019",5.5,$&); } if (/iframe/oi && /src\s{0,10}=\s*(3dc|\"c|\'c|c)id/oi && /height\s*=\s*(3d0|\"0|\'0|0)/oi && /width\s*=\s*(3d0|\"0|\'0|0)/ois) { spam("s00020",5.0,"iframe"); } if (/src\s*=\s*(3dc|\"c|\'c|c)id:/ois) { spam("s00021",4.0,"src=cid"); } if (/http:\/\/.*25freemegs\.com/s) { spam("s00022",2.666,$&); } if (/href[3d=\s\"\']*\S+opt(-in|-out|in|out)/s) { spam("s00023",2.608,"href to opt in/out"); } if (/href[3d=\s\"\']*\S+remove/s) { spam("s00024",3.462,"href to remove"); } if (/href[3d=\s\"\']*\S+unsubscribe/s) { spam("s00025",4.112,"href to unsubscribe"); } if (/content-id: /s) { spam("s00026",10.0,$&); } if (/http:\/\/.*clicksformoney\.net/s) { spam("s00027",2.482,$&); } if (/jamie4u/s) { spam("s00028",2.4,$&); } if (/href.{0,50}mailto:.{0,50}click.{0,50}remove/s) { spam("s00029",3.385,"href mailto/click/remove"); } if (/\bclick to.{0,30}remove.{0,50}mailto:/s) { spam("s00030",1.0,"click to/remove/mailto"); } if (/^\*\*\* \S+ \S\S\S \S\S\S .\d \d\d:\d\d:\d\d \d+$/s) { spam("s00031",-5.0,$&); } if (/email harvest/s) { spam("s00032",1.0,$&); } if (/e-*mail (market|adverti[sz])ing/s) { spam("s00033",1.951,$&); } if (/directive 200.32.ce/s) { spam("s00034",1.0,$&); } if (/eu (e-{0,1}mail opt.{0,1}out|e.{0,1}commerce) directive/s) { spam("s00035",1.8,$&); } if (/evite.citysearch.com/s) { spam("s00036",-5.0,$&); } if (/http:\/\/.*e-webhostcentral\.com/s) { spam("s00037",4.558,$&); } if (/action=[3d=\s"']*mailto:/s) { spam("s00038",2.000,$&); } if (/https{0,1}:\/\/.*freewebco\.net/s) { spam("s00039",1.150,$&); } if (/https{0,1}:\/\/.*freewebhostingcentral/s) { spam("s00040",1.561,$&); } if (/https{0,1}:\/\/.*?\.biz/s) { $tmp = $&; if ($tmp =~ /http(.*)(https{0,1}:\/\/.*?\.biz)/s) { $tmp = $2; } spam("s01552",0.8,"Link to .biz: " . $tmp); } elsif (/www[0-9]{0,1}\..*?\.biz([^a-z]|$)/s) { spam("s02026",1.0,"Mentions a .biz: " . $&); } elsif (/\.biz([^a-z]|$)/s) { spam("s02027",0.4,"Mentions a .biz"); } if (/https{0,1}:\/\/.*?\.info/s) { $tmp = $&; if ($tmp =~ /http(.*)(https{0,1}:\/\/.*?\.info)/s) { $tmp = $2; } spam("s02282",0.8,"Link to .info: " . $tmp); } elsif (/www[0-9]{0,1}\..*?\.info([^a-z]|$)/s) { spam("s02715",1.0,"Mentions a .info: " . $&); } elsif (/\.info([^a-z]|$)/s) { spam("s02716",0.4,"Mentions a .info"); } if (/h\.\s*r\.\s*3113/s) { spam("s00041",1.904,$&); } if (/]+\bsrc=[3d=\s"']*http:\/\//s) { spam("s00074",2.545,$&); } if (/execcommand/s) { spam("s00075",2.4,"Dangerous scripting: " . $&); } if (/execcommand.{0,10}selectall/s) { spam("s00076",2.4,"Dangerous scripting: " . $&); } if (/execcommand.{0,10}copy/s) { spam("s00077",2.4,"Dangerous scripting: " . $&); } if (/\"remove\"/s) { spam("s00078",2.145,$&); } if (/https\/\/[^\/]+\/remove/s) { spam("s00079",4.109,$&); } if (/https\/\/.*cgi.*\/remove\./s) { spam("s00080",2.027,$&); } if (/\>{0,1}\s{0,}(remove me|take me off|unsubscribe|stop e{0,1}[^m]{0,1}mailing me)[\s\:]{0,}(go[\s\:]{0,}|click[\s\:]{0,}|here[\s\:]{0,}){0,}(\<|http)/s) { spam("s00081",2.0,$&); } if (/content-disposition: attachment;\s+filename=.[^\n]+.\S\S\S\.($exe_file_types)./s) { spam("s00082",10.0,$&); } if (/on(blur|error|keydown|keyup|load|mouseover|resize|unload)/s) { spam("s00083",1.259,$&); } if (//s) { spam("s00084",1.0,$&); } if (/^\@\@ [-+0-9]+,[0-9]+ [-+0-9]+,[0-9]+ \@\@$/s) { spam("s00085",-5.0,$&); } if (/font=3e/s) { spam("s00086",1.0,$&); } if (/https\/\/[^\/]+\/unsubscribe/s) { spam("s00087",3.247,"http:unsubscribe"); } if (/https\/\/.*cgi.*\/unsubscribe\./s) { spam("s00088",3.168,"http:cgi unsubscribe"); } if (/<\s*img\s[^>]*src[^>]+\?/s) { spam("s00089",1.4,"image tag with parameters"); } if (/\sstyle\S+\:url\S+\?/s) { spam("s02001",2.4,"style tag has URL with parameters"); } if (/<\s*img\s[^>]*src[^>]+\.(asp|php|htm)/s) { spam("s00090",1.4,"image tag with non-image source type (." . $1 . ")"); } if (/<\s*img\s[^>]*src[^>]+\/rd\.yahoo\.com/s) { spam("s01458",2.4,"image tag with yahoo redirect"); } if (/http:\/{1,}rds{0,1}\.yahoo\.com/s) { $has_yahoo_redirect = 1; } if (/http:\/\/.*(autoremove|clik4you|directforcemarketing|removeyou)\.com/s) { spam("s00091",2.0,$&); } if (/http:\/\/.*(netsitesforfree|trafficwow)\.net/s) { spam("s00092",2.0,$&); } if (/\s\.biz/s) { spam("s00093",2.0,$&); } if (/\s\.info/s) { spam("s00094",1.5,$&); } if (/\s\.name/s) { spam("s00095",1.5,$&); } if (/\s\.shop/s) { spam("s00095",1.0,$&); } if (/\s\.law/s) { spam("s00096",1.5,$&); } if (/\s\.travel/s) { spam("s00097",1.5,$&); } if (/\s\.inc[\s,]/s) { spam("s00098",1.5,$&); } if (/\s\.xxx[\s,]/s) { spam("s00099",1.5,$&); } if (/(\#[0-9a-z ]{0,4}){4}/s) { spam("s00100",1.5,$&); } if (/\.name domain/s) { spam("s00101",2.0,$&); } if (/\.name identity/s) { spam("s00102",2.0,$&); } if (/p.{0,1}r.{0,1}[o0].{0,1}p.{0,1}e.{0,1}c.{0,1}[li1j].{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 8) { if ($msg =~ /[01j\@]/) { spam("s00103",3.00,$msg); } else { spam("s00103",1.50,$msg); } } } if (/v.{0,1}[li1j].{0,1}([a\@]|l\\|\/l).{0,1}g.{0,1}r.{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 6) { spam("s00103",3.00,$msg); } } if (/v.{0,1}[li1j].{0,1}c.{0,1}[o0].{0,1}d.{0,1}[li1j].{0,1}n/s) { my $msg = $&; if (length($msg) > 7) { spam("s01856",3.00,$msg); } } if (/c.{0,1}[li1j].{0,1}([a\@]|l\\|\/l).{0,1}[li1j].{0,1}[li1j].{0,1}s/s) { my $msg = $&; if ((length($msg) > 6) && ($msg !~ /cial in{0,1}s/)) { spam("s00104",3.00,$msg); } } if (/l.{0,1}e.{0,1}v.{0,1}[li1j].{0,1}t.{0,1}r.{0,1}([a\@]|l\\|\/l)/s) { my $msg = $&; if (length($msg) > 7) { spam("s00105",3.00,$msg); } } if (/v([a\@]|l\\|\/l)[li1j]{2,}um/s) { my $msg = $&; if ($msg ne "vallium") { spam("s03067",3.00,$msg); } } if (/(\&\#[0-9]{1,6}|\;\s{0,}){4,}/is) { spam("s01819",(int ((0.6 * length($&) / 5) * 100)) / 100,"Lots of HTML encoded characters"); } if (/s(hipping|)\s{0,}(\&|and|\+)\s{0,}h(andling|)/si) { spam("s01863",0.4,$&); } if (/((archive|attach|password|protected|security).{0,50}?){2}\/si) { spam("s01881",1.8,$&); } elsif (/(archive|attach|password|protected|security).{0,50}?\.{0,50}?(archive|attach|password|protected|security)/si) { spam("s01881",1.8,$&); } elsif (/password.{0,10}?\/si) { spam("s01881",1.8,$&); } elsif (/\/si) { spam("s01882",0.2,$&); } if (/ m e d s/si) { spam("s03130",1.0,$&); } if (/\\\/egas/) { spam("s03448",3.0,$&); } if (/\{spur\_[0-9]{1,}\}/) { spam("s03474",3.0,$&); } # # Case-sensitive tests # if ($body_raw_text =~ /\%CUSTOM_/s) { $temp_custom_count = 0; $temp_text = $body_raw_text; while ($temp_text =~ /\%CUSTOM_(.*)/s) { $temp_text = $1; $temp_custom_count = $temp_custom_count + 1; } spam("s03530",1.0 * $temp_custom_count,"Contains \%CUSTOM_ tags"); } if ($body_raw_text =~ / HXPN/s) { spam("s03538",4.6,$&); } if ($body_raw_text =~ / ERMX/s) { spam("s03535",4.6,$&); } if ($body_raw_text =~ /F(REE|ree)/s) { spam("s00106",0.4,$&); } if ($body_raw_text =~ /f[^a-z]{0,}u{0,}[^a-z]{0,}c{0,}k/si) { if (length($&) > 2) { my $msg = $&; $body_raw_text =~ s/f[^a-z]{0,}u{0,}[^a-z]{0,}c{0,}k/fuck/gi; spam("s02283",2.0,$msg); } } if ($body_raw_text =~ /[a-z]I/s) { $body_raw_text =~ s/([a-z])I/${1}l/g; } } # # Tests on a lower-case, stripped, (no tags or special characters, and single spaced), # version of a concatenation of all the text portions of the message. At this stage, # commonly substituted characters haven't yet been replaced. So "pen1s" will not yet # have been changed to "penis". It's useful to check for some of these substitutions, # since they only occur in spam, (or maybe if the sender is a complete moron). # sub body_presubstitution_tests { local $_ = $body_test_text; $done_body_presubstitution_tests = 1; if (/p[eëéèê]n[\!1\|ÏÌÍÎìíîï]s/) { spam("s00107",4.0,$&); } elsif (/p[ëéèê]n[\!1\|ÏÌÍÎìíîïi]s/) { spam("s00107",4.0,$&); } if (/fet[\!1\|ÏÌÍÎìíîï]sh/) { my $msg = $&; if ($msg =~ /[\!1\|ÏÍÎìíîï]/) { spam("s01976",4.0,$msg); } } if (/ (n[\@\&ÂÁÀÄÅÃáàãåâä]me|t[\@\&ÂÁÀÄÅÃáàãåâä]ke|ch[\@\&ÂÁÀÄÅÃáàãåâä]rge)/) { spam("s00108",0.8,$&); } if (/ (s[\@\&ÂÁÀÄÅÃáàãåâä]ve|m[\@\&ÂÁÀÄÅÃáàãåâä]ke|e[\@\&ÂÁÀÄÅÃáàãåâä]rn)/) { spam("s00109",1.8,$&); } if (/(p[\!il1\|ÏÌÍÎìíîï]{3})/) { my $msg = $1; if ($msg =~ /[\!1\|ÏÍÎìíîï]/) { spam("s01526",1.0,$msg); } } if (/(s(ch|k)0{1,}l[^g]{0,1}(girl|))/) { spam("s01982",2.0,$&); } if (/(v {0,}[il\\\/\!1\|ÏÌÍÎìíîï] {0,}[a\@\&ÂÁÀÄÅÃáàãåâä] {0,}g{1,} {0,}r{1,} {0,}[a\@\&ÂÁÀÄÅÃáàãåâä])/) { my $msg = $1; if ($msg =~ /[\\\/\!l1\|ÏÌÍÎìíîï\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s00110",4.0,$msg); } } if (/(l {0,}e {0,}v {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}t {0,}r {0,}[a\@\&ÂÁÀÄÅÃáàãåâä])/) { my $msg = $1; if ($msg =~ /[\\\/\!1\|ÏÌÍÎìíîï\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s00111",4.0,$msg); } } if (/(c {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}[a\@] {0,}[\|l1] {0,}[i\\\/\!1\|ÏÌÍÎìíîï] {0,}s)/) { my $msg = $1; if ($msg =~ /[\\\/\!1\|\@ÏÌÍÎìíîï]/) { spam("s00112",4.0,$msg); } } if (/(ph[a\@\&ÂÁÀÄÅÃáàãåâä]rm[a\@\&ÂÁÀÄÅÃáàãåâä])(cy|[i\\\/\!1\|ÏÌÍÎìíîï]es|)/) { my $msg = $1 . $2; if ($msg =~ /[\\\/\!1\|\@\&ÏÌÍÎìíîïÂÁÀÄÅÃáàãåâä]/) { spam("s00113",4.0,$msg); } } if (/pr[0ÓÕÒÖòóöôõøo]f[\\\/\!\|ÏÌÍÎìíîïi1l]t[s\$]{0,1}/si) { my $msg = $&; if ($msg =~ /[0ÓÕÒÖòóöôõø\!\|\\\/ÏÌÍÎìíîï1l\$]/) { spam("s03089",3.0,$msg); } } if (/l[0OÓÕÒÖòóöôõøo][a\@\&ÂÁÀÄÅÃáàãåâä]n/si) { my $msg = $&; if ($msg =~ /[0ÓÕÒÖòóöôõø\@\&ÂÁÀÄÅÃáàãåâä]/) { spam("s03158",3.0,$msg); s/l[0OÓÕÒÖòóöôõøo][a\@\&ÂÁÀÄÅÃáàãåâä]n/loan/g; } } if (/([\177-\377].){16}/) { spam("s00114",3.6,"Lots of encoded text"); } if (/1[\s]8(00|88|77|66|55|44|33|22)[\s][0-9]{3}[\s]{0,1}[0-9]{4}/) { spam("s00115",0.6,$&); } if (!$hdr_in_hdr_test && length($stripped_mail_domain)) { if (/((h[i1]|he[l1][l1][o0]|greet[i1]ngs|de[a\@]r|cur[i1][o0]us) ([a-z0-9 ]{0,15})|^)([a-z0-9]{0,15})\@$stripped_mail_domain/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s00116",4.0, $msg); } if (/$stripped_mail_domain( technical| support| team){2,}/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s02349",1.0, $msg); } } if (/(b1[1il]{2})(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/(b[il]1[1il])(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/(b[il]{2}1)(\s|\!|$)/) { spam("s01830",4.0,$1); } if (/app1y/) { spam("s01831",4.0,$&); } if (/r[0ÓÕÒÖòóöôõøo][\!\|ÏÌÍÎìíîïi1l][ÈÊëéèê]x/) { spam("s02148",4.0,$&); } elsif (/r[0ÓÕÒÖòóöôõøo][\!\|ÏÌÍÎìíîïi1][ÈÊëéèêe]x/) { spam("s02148",4.0,$&); } elsif (/r[0ÓÕÒÖòóöôõø][\!\|ÏÌÍÎìíîïi1l][ÈÊëéèêe]x/) { spam("s02148",4.0,$&); } elsif (/p[ëéèê]n[\!\|1\|ÏÌÍÎìíîïi]s/) { spam("s00107",4.0,$&); } } # # Tests on a lower-case, stripped, (no tags or special characters, and single spaced), # version of a concatenation of all the text portions of the message. # sub body_tests { local $_ = $body_test_text; local $body_custom_found = 0; local $body_stripped_custom_found = 0; $done_body_tests = 1; # body_spell_tests(); # # Execute the code in "$body_custom_file". # Include site-specific customizations in this file. # do $body_custom_file; if (!$body_custom_found) { do $settings_path . $body_custom_file; } if (length($custom_path)) { do $custom_path . $body_custom_file; } if (!length($body_test_text)) { if (!$hdr_in_hdr_test && !$body_stripped_test && !($hdr_type == 2)) { spam("s02448",4.5,"Body of email is empty"); } else { return; } } if ($body_stripped_test) { if (($spam_desc =~ /s01471\: HTML/) && /^html body ppbodyhtml$/) { spam("s03010",4.5,$&); } if (/(div|span|font) style (margin |border |left |right |[0-9o]{1,}px ){0,}(clear|float) (left|right|both)/) { $tmp = $body_test_text; $tmp_count = 0; while ($tmp =~ /(div|span|font) style (margin |border |left |right |[0-9o]{1,}px ){0,}(clear|float) (left|right|both)(.*)/) { $tmp = $5; $tmp_count = $tmp_count + 1; } if ($tmp_count) { spam("s02806",0.8 * $tmp_count,"div/span/font style float/clear left/right/both X $tmp_count"); } } } if (/r{1,}e{1,}p{1,}l{1,}i{1,}c{1,}a{1,}/) { if (length($&) > 7) { spam("s02466",1.2,$&); s/r{1,}e{1,}p{1,}l{1,}i{1,}c{1,}a{1,}/replica/g; } else { spam("s02160",0.2,$&); } } if (/(^|[^a-z])r{1,}o{1,}l{1,}e{1,}x{1,}/) { if (length($&) > 6) { spam("s02467",1.2,$&); } else { spam("s02139",0.8,$&); } } if (/a{1,}f{1,}o{1,}r{1,}d{1,}a{1,}b{1,}[il]{1,}e{1,}/) { if (length($&) > 10) { spam("s02552",2.4,$&); s/a{1,}f{1,}o{1,}r{1,}d{1,}a{1,}b{1,}[il]{1,}e{1,}/affordable/g; } } if (/c{1,}[il]{2,}c{1,}k{1,} /) { if (length($&) > 6) { spam("s02553",2.4,$&); s/c{1,}[il]{2,}c{1,}k{1,} /click /g; } } if (/ p{1,}r{1,}[il]{1,0}c{1,}e{1,}/) { if (length($&) > 6) { spam("s02553",1.2,$&); s/ p{1,}r{1,}[il]{1,0}c{1,}e{1,}/ price/g; } } if (/p{1,}r{1,}[i]{0,}l{1,}i{0,}c{1,}e{1,}/) { spam("s02554",1.2,$&); s/p{1,}r{1,}[i]{0,}l{1,}i{0,}c{1,}e{1,}/price/g; } if (/m.{0,1}o.{0,1}r.{0,1}t{0,1}.{0,1}g.{0,1}a.{0,1}g.{0,1}e/s) { my $msg = $&; if (length($msg) > 8) { spam("s01862", 3.5,$msg); s/m.{0,1}o.{0,1}r.{0,1}t{0,1}.{0,1}g.{0,1}a.{0,1}g.{0,1}e/mortgage/g; } } if (/r.{0,1}e.{0,1}f.{0,1}i.{0,1}n.{0,1}a.{0,1}n.{0,1}c.{0,1}e/s) { my $msg = $&; if (length($msg) > 9) { spam("s01862", 3.5,$msg); s/r.{0,1}e.{0,1}f.{0,1}i.{0,1}n.{0,1}a.{0,1}n.{0,1}c.{0,1}e/refinance/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}i{1,}n{1,}e{1,}/) { if (length($&) > 9) { spam("s02750",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}i{1,}n{1,}e{1,}/ medicine/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}t{1,}i{1,}o{1,}n{1,}/) { if (length($&) > 11) { spam("s02750",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}t{1,}i{1,}o{1,}n{1,}/ medication/g; } } if (/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}l/) { if (length($&) > 7) { spam("s02751",1.2,$&); s/ m{1,}e{1,}d{1,}i{1,}c{1,}a{1,}l/ medical/g; } } if (/ p{1,}h{1,}y{1,}s{1,}i{1,}c{1,}i{1,}a{1,}n{1,}/) { if (length($&) > 10) { spam("s02752",1.2,$&); s/ p{1,}h{1,}y{1,}s{1,}i{1,}c{1,}i{1,}a{1,}n{1,}/ physician/g; } } if (/ h{1,}e{1,}a{1,}l{1,}t{1,}h{1,}/) { if (length($&) > 7) { spam("s02753",1.2,$&); s/ h{1,}e{1,}a{1,}l{1,}t{1,}h{1,}/ health/g; } } if (/ g{1,}e{1,}n{1,}e{1,}r{1,}i{1,}c{1,}/) { if (length($&) > 8) { spam("s02754",1.2,$&); s/ g{1,}e{1,}n{1,}e{1,}r{1,}i{1,}c{1,}/ generic/g; } } if (/ p{1,}i{1,}l{1,}s{1,}/) { if (length($&) > 6) { spam("s02755",1.2,$&); s/ p{1,}i{1,}l{1,}s{1,}/ pills/g; } } if (/ d{1,}e{1,}l{1,}i{1,}v{1,}e{1,}r{1,}i{1,}e{1,}/) { if (length($&) > 10) { spam("s02756",1.2,$&); s/ d{1,}e{1,}l{1,}i{1,}v{1,}e{1,}r{1,}i{1,}e{1,}/ deliverie/g; } } if (/ l{1,}i{1,}c{1,}e{1,}n{1,}s{1,}e{1,}d{1,}/) { if (length($&) > 9) { spam("s02757",1.2,$&); s/ l{1,}i{1,}c{1,}e{1,}n{1,}s{1,}e{1,}d{1,}/ licensed/g; } } if (/ r{1,}e{1,}m{1,}e{1,}d{1,}i{1,}e{1,}s{1,}/) { if (length($&) > 9) { spam("s02758",1.2,$&); s/ r{1,}e{1,}m{1,}e{1,}d{1,}i{1,}e{1,}s{1,}/ remedies/g; } } if (/ r{1,}e{1,}m{1,}e{1,}d{1,}y{1,}/) { if (length($&) > 7) { spam("s02759",1.2,$&); s/ r{1,}e{1,}m{1,}e{1,}d{1,}y{1,}/ remedy/g; } } if (/ d{1,}i{1,}r{1,}e{1,}c{1,}t{1,}/) { if (length($&) > 7) { spam("s02762",1.2,$&); s/ d{1,}i{1,}r{1,}e{1,}c{1,}t{1,}/ direct/g; } } if (/ x.{0,1}a.{0,1}n.{0,1}a.{0,1}x/) { if (length($&) > 6) { spam("s02866",3,$&); s/ x.{0,1}a.{0,1}n.{0,1}a.{0,1}x/ xanax/g; } } if (/ p.{0,1}r.{0,1}o.{0,1}p.{0,1}e.{0,1}c.{0,1}i.{0,1}a/) { if (length($&) > 9) { spam("s02867",3,$&); s/ p.{0,1}r.{0,1}o.{0,1}p.{0,1}e.{0,1}c.{0,1}i.{0,1}a/ propecia/g; } } if (/ p.{0,1}r.{0,1}o.{0,1}z.{0,1}a.{0,1}c/) { if (length($&) > 7) { spam("s02868",3,$&); s/ p.{0,1}r.{0,1}o.{0,1}z.{0,1}a.{0,1}c/ prozac/g; } } if (/ v.{0,1}a.{0,1}l.{0,1}i.{0,1}u.{0,1}m/) { if (length($&) > 7) { spam("s02869",1.2,$&); s/ v.{0,1}a.{0,1}l.{0,1}i.{0,1}u.{0,1}m/ valium/g; } } if (/ c.{0,1}e.{0,1}l.{0,1}e.{0,1}b.{0,1}r.{0,1}e.{0,1}x/) { if (length($&) > 9) { spam("s02870",3,$&); s/ c.{0,1}e.{0,1}l.{0,1}e.{0,1}b.{0,1}r.{0,1}e.{0,1}x/ celebrex/g; } } if (/ d.{0,1}i.{0,1}s.{0,1}c.{0,1}o.{0,1}u.{0,1}n.{0,1}t/) { if (length($&) > 9) { spam("s03054",2.5,$&); s/ d.{0,1}i.{0,1}s.{0,1}c.{0,1}o.{0,1}u.{0,1}n.{0,1}t/ discount/g; } } s/ ph[arm]{4}/ pharma/g; if (/ e[rec]{1,}t[io]{1,}n/) { if (length($&) != 9) { spam("s03053",0.8,$&); } s/ e[rec]{1,}t[io]{1,}n/ erection/g; } if (!$hdr_in_hdr_test) { if (/(\! {0,}){4,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) / 100,"Lots of exclamations" . $tmp); } elsif (/(\! {0,}){3,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) / 100,"Lots of exclamations" . $tmp); } elsif (/(\! {0,}){2,}/) { $tmp = trim_ends($&); spam("s03332",(int ((length($tmp) / 5) * 100)) /100,"Lots of exclamations" . $tmp); } if (/[ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ]{4}[\s\!\$0123456789ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ\,\.]{0,}/) { spam("s01489",0.1 * length($&),$&); } elsif (/[ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ]{2}[\s\!\$0123456789ÁÀÄÂáàäâÃãÅåªÉÈËÊéèëêÍÌÏÎíìïîÓÒÖÔóòöôÕõØøÚÙÜÛúùüûµÑñÇ碥ÝÿþÞÐðæ\,\.]{0,}/) { spam("s01489",0.1 * length($&),$&); } if (/[äÄ]/) { spam("s00641",0.4,$&); } if (/[ëË]/) { spam("s02902",0.4,$&); } if (/[ïÏ]/) { spam("s02903",0.4,$&); } if (/[öÖ]/) { spam("s00644",0.4,$&); } if (/[üÜ]/) { spam("s00643",0.4,$&); } if (/[ð]/) { spam("s02989",0.4,$&); } if (/[Åå]/) { spam("s02990",0.4,$&); } if (/[Ññ]/) { spam("s02992",0.4,$&); } if (/ß/) { spam("s00642",0.4,$&); } s/[ÁÀÄÂáàäâÃãÅåª]/a/g; s/[ÉÈËÊéèëê]/e/g; s/[ÍÌÏÎíìïî]/i/g; s/[ÓÒÖÔóòöôÕõØø]/o/g; s/[ÚÙÜÛúùüûµ]/u/g; s/[Ññ]/n/g; s/[Çç¢]/c/g; s/[¥Ýÿ]/y/g; s/[þÞ]/p/g; s/Ð/d/g; s/º/0/g; s/¹/1/g; s/²/2/g; s/³/3/g; tr/\x80\xA1\xA2\xA5\xA7\xAA\xB2\xB3\xB5\xB9\xBA\xC0\xC1\xC2\xC3\xC4\xC5\xC6\xC7\xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF\xD0\xD1\xD2\xD3\xD4\xD5\xD6\xD7\xD8\xD9\xDA\xDB\xDC\xDD\xDE\xDF\xE0\xE1\xE2\xE3\xE4\xE5\xE6\xE7\xE8\xE9\xEA\xEB\xEC\xED\xEE\xEF\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF/eicysa23uioaaaaaaaceeeeiiiidnoooooxouuuuypbaaaaaaaceeeeiiiionoooooouuuuypy/; if (/x mailscanner found to be clean/) { spam("s00117",2.0,$&); } if (/(([jkxz][jkqvwxzbcdfglmnprh]|[jkvwxzbcdfglmnprh][jkqxz]|hh|ii|uu|vv|yy|q[a-t]|q[v-z]|vg)[^\/]{0,12}?){4}/) { spam("s00118",1.0,substr($&,0,20)); } # if (/[bcdfghjklmnpqrsvwxz]{5}/) { spam("s00119",0.4,$&); } # if (/[bcdfgjklmpqsvwxz]{5}/) { spam("s00120",0.8,$&); } if (length($stripped_mail_domain)) { if (/$stripped_mail_domain s accounting/s) { my $msg = $&; $msg =~ s/$stripped_mail_domain/$mail_domain/; spam("s01647",2.0, $msg); } } if (/ f(ack|[au]kk|uk|kuc)/) { spam("s01859",0.4,$&); s/ f(ack|[au]kk)/ fuck/g; s/ fukc/ fuck/g; s/ fkuc/ fuck/g; s/ fuk/ fuck/g; } if (/vv/) { if (/vveight/) { spam("s02661",3.4,$&); s/vveight/weight/g; } if (/vvatch/) { spam("s02694",3.4,$&); s/vvatch/watch/g; } if (/vvonder/) { spam("s02695",1.2,$&); s/vvonder/wonder/g; } if (/vievv/) { spam("s02696",1.2,$&); s/vievv/view/g; } if (/brovvse/) { spam("s02699",1.2,$&); s/brovvse/browse/g; } s/vv/v/g; } s/aa/a/g; s/hh/h/g; s/medicai/medical/g; if (/farmacy/) { spam("s03347",3.6,$&); s/farmacy/pharmacy/g; } if (/phrmacy/) { spam("s03357",3.6,$&); s/phrmacy/pharmacy/g; } if (/erecxction/) { spam("s03349",4.6,$&); s/erecxction/erection/g; } if (/ giri/) { spam("s01860",0.4,$&); s/ giri/ girl/g; } if ($hdr_from =~ /abuse\@(hotmail|msn)\.(com|net|org)/ && /we cannot take action on the mail you sent us because it does not reference a hotmail account/) { spam("s01979",5.0,"Bounce probably to a forged address from hotmail abuse: message does not reference a hotmail account"); } if (/ vallum /) { spam("s02397",1.4,$&); s/ vallum / valium /g; } if (/ c[i1l]a[i1l]{1,}s/) { if (!($& eq " cialis")) { spam("s02611",2.4,$&); s/ c[i1l]a[i1l]{1,}s/ cialis/g; } } if (/ lev[il1]tra/) { if (!($& eq " levitra")) { spam("s02612",2.4,$&); s/ lev[il1]tra/ levitra/g; } } if (/ a\$\$/) { spam("s02742",0.8,$&); s/ a\$\$/ass/g; } if (/ kok( |$|\!)/) { spam("s02743",1.8,$&); s/ kok( |$|\!)/ cock /g; } if (/ s{1,}t{1,}o{1,}k{1,}c{1,}[\!\? ]/) { spam("s03222",1.8,$&); s/ s{1,}t{1,}o{1,}k{1,}c{1,}[\!\? ]/ stock /g; } if (/ s{1,}o{1,}t{1,}c{1,}k{1,}[\!\? ]/) { spam("s03222",1.8,$&); s/ s{1,}o{1,}t{1,}c{1,}k{1,}[\!\? ]/ stock /g; } if (/ sttock[\!\? ]/) { spam("s03223",1.8,$&); s/ sttock[\!\? ]/ stock /g; } if (/ stoock[\!\? ]/) { spam("s03224",1.8,$&); s/ stoock[\!\? ]/ stock /g; } if (/ stocck[\!\? ]/) { spam("s03225",1.8,$&); s/ stocck[\!\? ]/ stock /g; } if (/ stockk[\!\? ]/) { spam("s03226",1.8,$&); s/ stockk[\!\? ]/ stock /g; } if (/ flxed /) { spam("s03229",1.8,$&); s/ flxed / fixed /g; } if (/ var[li]abie /) { spam("s03230",1.8,$&); s/ var[li]abie / variable /g; } if (/(^| )refi[nace]{3,}([ \?\!]|$)/s) { my $msg = $&; if (!($msg =~ /(^| )refinance([ \?\!]|$)/)) { spam("s03431", 2.6,$msg); s/(^| )refi[nace]{3,}([ \?\!]|$)/ refinance /g; } } s/(^| )\/egas/vegas/g; s/b{2,}/b/g; s/c{2,}/c/g; s/d{2,}/d/g; s/f{2,}/f/g; s/n{2,}/n/g; s/r{2,}/r/g; } if (/did you know/) { spam("s00547",0.6,$&); } if (/did u know/) { spam("s01401",1.0,$&); } if (!$hdr_in_hdr_test) { s/ u / you /g; } if (length($hdr_to_user)) { if (/$hdr_to_user you decide/) { spam("s00121",1.5,$&); } if (/$hdr_to_user you (can|will)/) { spam("s00122",1.0,$&); } if (/$hdr_to_user you /) { spam("s00123",0.4,$&); } } if (/(copy|paste|type) th(e|is) (above |following |web.{0,1}){0,}ad{1,}ress (in|to){1,} (your|a) (web.{0,1}|)browser/) { spam("s01871",1.0, $&); if ($http_link_checking && !length($body_http_host)) { spam("s01872",2.5, "Copy request with no HTTP link: " . $&); } } if (/ pani[sz] /) { if (/ pani[sz] size/) { spam("s02807",1.4,$&); } if (/ pani[sz] enlarg/) { spam("s02807",1.4,$&); } if (/ pani[sz] length/) { spam("s02807",1.4,$&); } if (/your pani[sz] /) { spam("s02807",1.4,$&); } } if (/ p[ei]na[sz] /) { if (/ p[ei]na[sz] size/) { spam("s02808",1.4,$&); } if (/ p[ei]na[sz] enlarg/) { spam("s02808",1.4,$&); } if (/ p[ei]na[sz] length/) { spam("s02808",1.4,$&); } if (/your p[ei]na[sz] /) { spam("s02808",1.4,$&); } } if (/food critic/) { spam("s02969",0.4,$&); if (/become a (secret |)food critic/) { spam("s02970",2.4,$&); } } if (/going to be huge/) { spam("s03499",0.8,$&); } if (/(((expec|wai)t|go)(ing|s) (for |it |to ){1,}|gon{1,}a )(double|triple|quadruple|explode|jump|soar)( (with|)in| the| next| few| coming| days{0,1}| weeks{0,1}| months{0,1}| a[nd]{0,}(other|)| matter| of| (up|)coming| the| or| two| so| get| it){0,}/) { spam("s03473",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(short|long|stock).{0,1}(buy|sel{1,}|job{1,})(er|s){0,}/) { spam("s03468",1.0,$&); } if (/(buy|sell|trad|brok|job{1,})ers (drop|raise) the(ir|) (price|estimate)/) { spam("s03469",2.0,$&); } if (/its time to get in/) { spam("s03470",0.8,$&); } if (/^pick a lock to your girlfriends heart with your ultimate key/) { spam("s03464",5.0,$&); } if (/^hi [a-z]{1,} (i |hope ){1,2}(this |is |hit |have |got ){1,}(your |the )(cor{1,}ect |right |).{0,2}(mail(box|)|address)/) { spam("s03465",4.0,$&); } if (/^hi i want to share my photo with you/) { spam("s03467",4.0,$&); } if (/^(.{0,20} ago |on ).{0,30}found.{0,30}(page|site) (for|with) the.{0,30} mp3 /) { spam("s03435",2.8,$&); } if (/the most wanted/) { spam("s03435",0.8,$&); } if (/^aqui esta el cupon de descuentos que te prometi/) { spam("s03430",5.0,$&); } if (/^alert for all investors\! important news/) { spam("s03429",5.0,$&); } if (/free.{0,1}sexy{0,1}dat(e|ing)/) { spam("s03425",3.2,$&); } elsif (/sexy{0,1}dat(e|ing)/) { spam("s03425",2.0,$&); } if (/(get|find) (yourself |some ){0,}sex/) { spam("s03411",0.6,$&); } if (/(lies |a{0,1}wait(ing|s|) |to |be |found |the(se|) |world(s|.{0,1}wide) |large(st|) |unt(apped|ouched) |glob(al|es) |best |big(gest|) ){0,}oil reserv(e|oir)s{0,1}( $fuzzy_numbers| bar{1,}els{0,1}){0,}/) { spam("s03408",(int ((length($&) / 28) * 100)) / 100,$&); } if (/test dril{1,}ing|dril{1,}ing (achie{0,1}vemen|resul)ts/) { spam("s03409",1.6,$&); } if (/get (in(side|) |on |th(is|e) |track ){1,}deal/) { spam("s03410",0.4,$&); } if (/mensagem/) { spam("s03396",0.4,$&); } if (/encaminhada/) { spam("s03397",0.4,$&); } if (/enviadas/) { spam("s03398",0.4,$&); } if (/servidor/) { spam("s03399",0.4,$&); } if (/precisarao/) { spam("s03400",0.4,$&); } if (/confirmadas/) { spam("s03401",0.4,$&); } if (/pornografia/) { spam("s03402",0.4,$&); } if (/proaganda/) { spam("s03403",0.4,$&); } if (/cor{1,}entes/) { spam("s03404",0.4,$&); } if (/(we |guarantee |you |will |not |find |a |any |wont |that ){1,}better ((prices{0,1}|selections{0,1})(\/| (or|and) |)){1,}( any(where|)| else| in| on| the| planet| world| internet| online| than| ours{0,1}| these| this| your{0,1}| meds{0,1}| pills{0,1}){0,}/) { spam("s03391",(int ((length($&) / 28) * 100)) / 100,$&); } if (/download movies/) { spam("s03390",0.4,$&); } if (/(there|places|availability) (is|are) (no |never |a ){0,}limit(ed|)/) { spam("s03389",0.4,$&); } if (/(get |not |why |dont |not |you | can ){0,}start(ed|) (right (now|away)|today)\!{0,}/) { spam("s03388",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(^| )ebook/) { spam("s03377",0.4,$&); } if (/we are giving away/) { spam("s03376",0.6,$&); } if (/(^| )vages[ \!\?]/) { spam("s03364",0.6,$&); s/(^| )vages[ \!\?]/ vegas /g; } if (/(^| )(las |)vegas[ \!\?]/) { spam("s03489",0.4,$&); } if (/ vegas is (go|com|wait)ing (to|for) you/) { spam("s03392",2.6,$&); if (/ vegas is going to you/) { spam("s03393",1.0,$&); } } if (/dont go to vages /) { spam("s03363",4.6,$&); } if (/your meds directly from the manufacturer/) { spam("s03356",4.6,$&); } if (/you(re{0,1} | are | |)crav(e|ing)/) { spam("s03354",0.8,$&); } if (/more intense/) { spam("s03355",0.4,$&); } if (/you (crave|gape|wish) (to|for) shoot(ing|) like (you |have |had |seen |in ){0,}(a|those|the) ((film|rock|star|stud)s{0,1} {0,}){1,}/) { spam("s03353",4.6,$&); } elsif (/shoot(ing|) like (you |have |had |seen |in ){0,}(a|those|the) ((film|rock|star|stud)s{0,1} {0,}){1,}/) { spam("s03353",2.0,$&); } if (/(greetings{0,1} |hi |)if you(re{0,1}| are| feel(ing|)){1,}( {0,}(sad|lonely)( {0,}(and|or|go|then|to|my|a|page|this|web|site)){0,}){1,}/) { spam("s03352",(int ((length($&) / 25) * 100)) / 100,$&); } if (/cor{1,}espond with (me|you)/) { spam("s03345",0.8,$&); } if (/now it.{0,1}(s|is) pos{1,}ible/) { spam("s03341",0.4,$&); } if (/med[sz].{0,1}rx|rx.{0,1}med[sz]/) { spam("s03327",1.0,$&); } if (/fatblaster/) { spam("s03326",1.4,$&); } if (/ extratime /) { spam("s03323",1.4,$&); } if (/(find|get|we have) (what|ever|ything){1,} (that |)you (need|want|are looking for)/) { spam("s03322",0.4,$&); } if (/studies (have |)shown{0,1}/) { spam("s03316",0.4,$&); } if (/common disorder/) { spam("s03317",0.6,$&); } if (/af{1,}ect(s|ing) (thousands|millions) of (men |and |women |peoples{0,1} |lives ){1,}/) { spam("s03318",0.8,$&); } if (/your partner/) { spam("s03319",0.2,$&); } if (/bonusbucks/) { spam("s03315",1.2,$&); } if (/(da[iy]|week|month)ly (special|of{1,}er)|special (da[iy]|week|month)ly/) { spam("s03286",0.6,$&); } if (/we only (sell|of{1,}er)( the(se|)|)( premium| finest| best| exclusive| top| quality| highest| most){1,}/) { spam("s03287",0.6,$&); } if (/((superb |luxury |rep[li]{1,}ca |premium |finest |best |exclusive |top |first.{0,1}rate |quality |high(est|) |popular |brand(.{0,1}name|) |most |elegant |ladies |gents )(and |or |of ){0,}){1,}watche{0,1}s{0,1}/) { spam("s03288",(int ((length($&) / 24) * 100)) / 100,$&); } if (/its me sor{1,}y for this junk/) { spam("s03279",4.2,$&); } if (/i(m| am) an{0,1} ($fuzzy_numbers |pretty |nice |single |year |old |mature |hot |sexy |college |co.{0,1}ed |teenage |russian |lonely ){0,}(girl|chick|woman|co.{0,1}ed|(house|)wife)/) { spam("s03276",1.0,$&); } if (/(^| )jamais( |\!|$)/) { spam("s03365",0.4,$&); } if (/(^| )computador( |\!|$)/) { spam("s03366",0.4,$&); } if (/(^| )prescricao/) { spam("s03264",1.4,$&); } if (/(^| )medica( |$)/) { spam("s03265",0.4,$&); } if (/(^| )confiante( |$)/) { spam("s03266",0.4,$&); } if (/(^| )aprovado( |$)/) { spam("s03267",0.4,$&); } if (/(^| )ef{1,}icaz( |$)/) { spam("s03268",0.4,$&); } if (/(^| )corpo( |$)/) { spam("s03269",0.4,$&); } if (/^how r things at work/) { spam("s03263",3.0,$&); } if (/hot(test|).{0,1}(selling {0,1}|)((new|title|med(ication)|drug)s{0,1} {0,1}){1,}/) { spam("s03231",(int ((length($&) / 24) * 100)) / 100,$&); } if (/(need |like |want |to |get |looking |interested |in |are |would |you |be |finding |out |getting |how |know |do |an{0,1} |want ){0,}(improv(e[sd]{0,1}|ing)|better|higher|increas(e[sd]{0,1}|ing)) (the |your |web(.{0,1}sites{0,1}|) ){0,}(ranking|placement|traf{1,}ic)( for| your{0,1}| to| with| all| the(se|)| major| web(.{0,1}sites{0,1}|)| internet| search| let| me| us| know| best| way| how| contact| details{0,1}|\?){0,}/) { spam("s03221",(int ((length($&) / 20) * 100)) / 100,$&); } if (/oil (partner(ship|)|merchant)/) { spam("s03216",1.0,$&); } if (/(oil|gas) (company|business|market)/) { spam("s03217",0.4,$&); } if (/saudi arabia/) { spam("s03218",0.4,$&); } if (/exceed(s|ed|ing) expectations/) { spam("s03495",0.4,$&); } if (/qatar/) { spam("s03219",0.4,$&); } if (/(di|kill)ed in a car ac{1,}ident/) { spam("s03220",0.8,$&); } if (/revolucinario/) { spam("s03207",0.6,$&); } if (/ produto /) { spam("s03208",0.6,$&); } if (/revolucinario produto/) { spam("s03209",1.4,$&); } if (/rigorosament/) { spam("s03210",0.6,$&); } if (/ risiko/) { spam("s03333",0.6,$&); if (/tiada risiko/) { spam("s03334",1.4,$&); } } if (/ selecion/) { spam("s03211",0.4,$&); } if (/rigorosamente selecionadas/) { spam("s03212",1.4,$&); } if (/ melhores /) { spam("s03213",0.4,$&); } if (/ mundo /) { spam("s03214",0.4,$&); } if (/melhores do mundo/) { spam("s03215",1.0,$&); } if (/ ur /) { spam("s03206",0.4,$&); } if (/re(garding|) your message/) { spam("s03205",0.4,$&); } if (/ yang /) { spam("s03196",0.2,$&); } if (/ kita /) { spam("s03197",0.4,$&); } if (/ koronari /) { spam("s03198",0.8,$&); } if (/ kolestrol /) { spam("s03199",0.8,$&); } if (/ bakteria /) { spam("s03200",0.8,$&); } if (/ mengambil(nya|) /) { spam("s03201",0.8,$&); } if (/ menguba[a-z]{0,} /) { spam("s03202",0.6,$&); } if (/ meng[a-z]{0,8}kan /) { spam("s03203",0.8,$&); } if (/ yang kita | kita yang /) { spam("s03204",0.8,$&); } if (/una respuesta autom.{0,2}tica/) { spam("s03193",1.4,$&); } if (/generado autom.{0,2}tica/) { spam("s03194",1.4,$&); } if (/no es operativo/) { spam("s03195",1.0,$&); } if (/(send |you |see ){2}my pi[cx](ture|)/) { spam("s03191",0.6,$&); } if (/hope (this is|i have) the right ad{1,}ress/) { spam("s03192",0.4,$&); } if (/(job|hate) your{0,1} (hob|hate)/) { spam("s03172",0.4,$&); } if (/wish you had( your| an{0,1}| even| better| bigger){0,}( degree| masters| job| house){1,}/) { spam("s03173",0.4,$&); } if (/valum/ && /vagra/ && /calis/) { spam("s03166",1.2,"valum/vagra/calis"); } if (/valum/ && /somx/ && /amben/) { spam("s03167",1.2,"valum/somx/amben"); } if (/[kc]um.{0,1}shot/) { spam("s03163",1.2,$&); } if (/mother.{0,1}f.{0,2}k/) { spam("s03164",0.4,$&); } if (/final.{0,1}attempt/) { spam("s03159",0.4,$&); } if (/je suis/) { spam("s03160",0.4,$&); } if (/actuellement/) { spam("s03161",0.4,$&); } if (/en vacances/) { spam("s03162",0.4,$&); } if (/what(s| is) your (old |used ){0,}car (really |is ){0,}worth/) { spam("s03155",0.8,$&); } if (/trade(.{0,1}in|) your (old|used)/) { spam("s03156",0.4,$&); } if (/(buy|sell|purchas)([es]{0,}|ing) a (new|old|used)/) { spam("s03157",0.4,$&); } if (/web.{0,1}(sit|ad{1,}ress)e{0,1}s{0,1} you want to promote/) { spam("s03154",1.2,$&); } if (/(an{0,1} |blondes{0,1} |brunettes{0,} |girls{0,1} |chicks{0,1} |wom[ea]n |hot |amateurs{0,1} ){1,}(doing it |playing |with |each other|themsel(f|ves) ){1,}/) { spam("s03137",(int ((length($&) / 26) * 100)) / 100,$&); } if (/(play(ing|s|) |with |an{0,1} |blondes{0,1} |brunettes{0,} |girls{0,1} |wom[ea]n |chicks{0,1} |hot |amateurs{0,1} ){0,}(anal |sex ){1,}toy/) { spam("s03136",(int ((length($&) / 12) * 100)) / 100,$&); } if (/(i|we) need (you(r | to )help|help from you)/) { spam("s03134",0.4,$&); } if (/gold min(e|ing)/) { spam("s03133",0.4,$&); } if (/your meds/) { spam("s03131",0.8,$&); } if (/(^| )hoodia( |$)/) { spam("s03128",1.8,$&); } if (/((awesome|powerful|natural|food|hebal|working)(ly|) ){1,}supplement/) { spam("s03127",(int ((length($&) / 24) * 100)) / 100,$&); } if (/you emailed your business details to me a few months ago sor{1,}y i didnt join then but i am ready again now would you please send me an email with details how to join your business/) { spam("s03122",4.5, $&); } if (/you want to promote|to promote (your{0,1}|this)( product|)/) { spam("s03121",0.4, $&); } if (/to (in|as|en|make |be )sure we have/) { spam("s03120",0.4, $&); } if (/simply.{0,1}(send|update|go.{0,1}to|visit|fill|check|select|reply|answer)/) { spam("s03119",0.8, $&); } if (/passionate lover{0,1}/) { spam("s03115",0.4, $&); } if (/bulk.{0,1}up your (boner|manhood)/) { spam("s03116",3.4, $&); } if (/ne(w|xt) levels{0,1} of pleasure/) { spam("s03117",1.4, $&); } if (/(hard|hot) and (hot|hard)/) { spam("s03118",0.4, $&); } if (/(develop(ed|ing|s|) |a |the(ir|se|) |this |new |amazing |technology |that |will |promis(es{0,1}|ing) |with |to |is ){1,}revolution(i[zs](e|ing)|ary) (develop(ed|ing|s|) |a |the(ir|se|) |this |new |amazing |technology |that |will |promis(es{0,1}|ing) |to |is |online |media |broadcasting |market |internet |business |world |with ){1,}/) { spam("s03114",(int ((length($&) / 34) * 100)) / 100,$&); } if (/((stock|inc) symbol|trading (as|under|symbol))/) { spam("s03113",0.4, $&); } if (/join(ing|) your business/) { spam("s03110",0.8, $&); } if (/your business details/) { spam("s03111",0.6, $&); } if (/domain or host not allowed by this mail server/) { spam("s03109",0.8, $&); } if (/((keep|y{0,1}our{0,1}|girl|woman|wife|lady|chick|gal|i[sfnt]{1,}|happy|(un|)satisf[ysied]{1,}|with|wil{1,} be|(breath|spe{1,}ch)les{1,})[ \!\?]{1,}){4,}/) { spam("s03107",(int ((length($&) / 30) * 100)) / 100,$&); } if (/mailinfo$/) { spam("s03106",3.6, $&); } if (/set.{0,1}to.{0,1}explode/) { spam("s03103",0.8, $&); } if (/^.{0,40}i found your (picture|.{0,2}mail) .{0,50}(can we|decided to) (talk|write).{0,80}(coming to|visting) your (place|town|city|area)/) { spam("s03100",3.0, $&); } elsif (/^.{0,40}i found your (picture|.{0,2}mail) .{0,50}(can we|decided to) (talk|write)/) { spam("s03100",0.8, $&); } elsif (/^.{0,40}i found your (picture|.{0,2}mail) .{0,120}(coming to|visting) your (place|town|city|area)/) { spam("s03100",0.8, $&); } if (/^(please |)do not ignore/) { spam("s03277",0.4, $&); } if (/coming .{0,10} your place/) { spam("s03102",0.4, $&); } if (/(proven|guaranteed) results{0,1}/) { spam("s03096",0.6, $&); } if (/deadend job/) { spam("s03090",0.6, $&); } if (/(generat|earn)(e|ing|s){0,1} (double|triple|twice)/) { spam("s03091",0.6, $&); } if (/after (a |)review(ing|) (of |all ){0,}(your |the )data/) { spam("s03084",0.6, $&); } if (/we are pleased to (notify|inform) you of your approval/) { spam("s03085",0.6, $&); } if (/please submit your details/) { spam("s03086",0.4, $&); } if (/field of your cho(ice|osing)/) { spam("s03082",0.8, $&); } if (/^ {0,}original message/) { spam("s03079",0.8, $&); } if (/increase seks time/) { spam("s03077",3.4, $&); } if (/(^| )seks([\!\\\-\/ \$]|$)/) { spam("s03078",0.8, $&); s/(^| )seks([\!\\\-\/ \$]|$)/ sex /g; } if (/quality product/) { spam("s03070",0.4, $&); } if (/champion in bed/) { spam("s03071",2.0, $&); } if (/enjoy saving/) { spam("s03072",0.4, $&); } if (/(popular|improved|increased) (high |quality ){0,}(brand|good|product)s{0,1}/) { spam("s03073",0.4, $&); } if (/(( fast| reliable| inexpensive| cheap)(er| and){0,}){2,}/) { spam("s03074",0.4, $&); } if (/contained a password protected file/) { spam("s03066",0.8, $&); } if (/(an{0,1} |achieve ){0,}((great |better |amazing |superb |fantastic |excellent |high |unparalled |unprecedented |outstanding |urgent |incredible ){1,}(career |job |pay(ing|) |op{1,}ortunit[yies]{1,} |breakthrough |results{0,1} |revelations{0,1} ){1,}(with |[and]{1,} |or ){0,}){1,}/) { spam("s03065",(int ((length($&) / 30) * 100)) / 100,$&); } elsif (/((great|bet{1,}er|superb|fantastic|excel{1,}ent|high|unparal{1,}ed|unprecedented|outstanding|incredible|urgent|career|job|pay(ing|)|op{1,}ortunit(y|ie)s{0,1}) {0,1}){2,}/) { spam("s03065",(int ((length($&) / 30) * 100)) / 100,$&); } if (/(look|ask|begg)ing for sex/) { spam("s03064",0.8, $&); } if (/take the t today/) { spam("s03063",2.0, $&); } if (/ thy /) { spam("s03057",0.2, $&); } if (/cleavage/) { spam("s03058",0.2, $&); } if (/apothegm/) { spam("s03059",0.4, $&); } if (/carborundum/) { spam("s03060",0.4, $&); } if (/ balfour /) { spam("s03061",0.4, $&); } if (/original message/) { spam("s03056",0.5, $&); } if (/looking for fun/) { spam("s03051",0.4, $&); } if (/(see |check |out |all |of |the(se|) |our ){0,}(((available|member) features |features available |(instant|private|live) (messenging|mailbox|webcam|e.{0,1}mail)s{0,1} |chat(.{0,1}rooms{0,1}|) |web.{0,1}cams{0,1} )(shows |and |your |very |own |like |includ(e|ing) |more |all |this ){0,}){2,}/) { spam("s03050",(int ((length($&) / 24) * 100)) / 100,$&); } if (/^hello you must fill out the application completely/) { spam("s03049",3.0, $&); } if (/funds (were |being |have |been |will |be |soon ){0,}deposited/) { spam("s03047",0.4, $&); } if (/diplomatic corp/) { spam("s03043",0.4, $&); } if (/(special|valuable) consignments/) { spam("s03044",0.4, $&); } if (/reputable( clients{0,1}| business| partners{0,1}| compan(y|ies)){1,}|(our |)clients{0,1} (is |who |are ){0,}reputable/) { spam("s03045",0.4, $&); } if (/((reputable |honest |trustworthy )(and |)){2,}/) { spam("s03046",0.4, $&); } if (/(max(imum|) |full |prescription ){1,}strength/) { spam("s03042",0.3, $&); } if (/^registration options/) { spam("s03038",1.6, "Begins with: " . $&); } if (/(hello |we |have |checked |looked |discovered |found |your{0,1} |details |ac{1,}ount |information |file |at |out |on |in |and |that |could |be |are ){1,}(over|)paying( by| more| than| up| \${0,1}[0-9]{1,}\%{0,}| which| works| out| at| about| too{0,1}| much| learn| find| visit| us| click| below| we| have| can| help(ed|)| millions{0,1}| and| your{0,1}| too|\!){0,}/) { spam("s03037",(int ((length($&) / 30) * 100)) / 100, $&); } if (/can(no|)t (see|read) th(e|is) (attach(ment|ed) |)e{0,1}.{0,1}mail/) { spam("s03035",0.6, $&); } if (/fill out th(is|e) (attached |)form/) { spam("s03034",0.6, $&); } if (/daily!/) { spam("s03017",0.4, $&); } if (/payments{0,1}!/) { spam("s03018",0.6, $&); } if (/based on your (present |cur{1,}ent )knowledge and (past |previous ){0,}life experiences{0,1}/) { spam("s03009",2.5,$&); } if (/(complete |community |experience |ultimate |online |gaming ){2,}/) { spam("s03000",(int ((length($&) / 24) * 100)) / 100,$&); } if (/designed to satisfy/) { spam("s03001",0.6,$&); } if (/(find|look|search|have{0,1}|gett{0,1})(ing|)( for| some| to| find| get| have){0,1} (fun|action) toni(gh|)te{0,1}/) { spam("s03002",0.8,$&); } if (/(find|make) (a |)(friend|lover)s{0,1}( or| more| (friend|lover)s{0,1}| a){0,}/) { spam("s03003",(int ((length($&) / 20) * 100)) / 100,$&); } if (/its (all |)up to you/) { spam("s03004",0.4,$&); } if (/we are contacting you because/) { spam("s03005",0.4,$&); } if (/new software( site| directory)/) { spam("s03006",(int ((length($&) / 60) * 100)) / 100,$&); } if (/meet me toni(gh|)te{0,1}/) { spam("s02999",0.4,$&); } if (/free (for |you ){0,}to join/) { spam("s02998",0.4,$&); } if (/^.{0,200}?original message from [a-z]{1,} mailto/) { spam("s02994",1.7,$&); } if (/estudia/) { spam("s02983",0.4,$&); } if (/extranjero/) { spam("s02984",0.4,$&); } if (/nuestra/) { spam("s02985",0.4,$&); } if (/cursales/) { spam("s02986",0.4,$&); } if (/recibir/) { spam("s02987",0.4,$&); } if (/loss{0,1} expertos/) { spam("s02988",0.4,$&); } if (/(personal(ly|)|doc(tor|)|pharmac(y|ist)|physican)s{0,1} (recom{1,}ene{0,1}d(ation|ed|)|direction)/) { spam("s02980",0.6,$&); } if (/career of your choice/) { spam("s02981",0.8,$&); } if (/legal loophole/) { spam("s02982",0.4,$&); } if (/thanks to a private nomination/) { spam("s02979",2.4,$&); } if (/ necesita /) { spam("s02957",0.4,$&); } if (/ encuesta/) { spam("s02958",0.4,$&); } if (/ distrito /) { spam("s02959",0.4,$&); } if (/ ciudad/) { spam("s02960",0.4,$&); } if (/ seguridad/) { spam("s02961",0.4,$&); } if (/ especificar/) { spam("s02962",0.4,$&); } if (/ escribe /) { spam("s02963",0.4,$&); } if (/(s{0,}he|who|you) (did {0,1}no {0,1}t |is |are |the |last ){1,}surviv(ed{0,1}|ing)/) { spam("s02954",0.6,$&); } if (/this letter/) { spam("s02953",0.6,$&); } if (/^your .{0,50}?( is ready ).{0,50}?( (shipment|pickup)$)/) { spam("s02952",0.4,$&); } if (/((process(ing|) |regard(ing|) |enter |go |here |click ){1,}(your |to |this ){1,}claim( your){0,}( |$|)[^\s]{0,10}([0-9 \!]{0,}|$){0,}){1,}(.{0,30}gift.{0,1}card|)/) { spam("s02945",(int ((length($&) / 28) * 100)) / 100,$&); } if (/oportunidad/) { spam("s02943",0.4,$&); } if (/su mercado/) { spam("s02944",0.4,$&); } if (/votre (cour{1,}ier|cor{1,}espond)/) { spam("s02933",0.4,$&); } if (/moderateur/) { spam("s02934",0.4,$&); } if (/approbation/) { spam("s02935",0.4,$&); } if (/la raison/) { spam("s02936",0.4,$&); } if (/nonabon{1,}e/) { spam("s02937",0.4,$&); } if (/sur (la|une) liste/) { spam("s02938",0.4,$&); } if (/(find(ing|) |meet(ing|) |view |date |look(ing|) |for |are |you |seek(ing|) |interested |in |like |live |to |would |all |kinds |of |a |town |city |area ){0,}(fun |single |lonely |hot |latino |black |horny |naughty |beautiful |ful{1,} of ){1,}(m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}( are| new| in| your| area| region| to(wn|o|nite|night|)| city| look(ing|)| search(ing|)| need(ing|)| love(ly|)| for| dates{0,1}| a| hook up| satisf(y|ing|ie|s|d|action){1,}| fun| the[my]| like| see| what| single| lonely| hot| latino| black| horny| naughty| beautiful | (m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}){0,}/) { spam("s02932",(int ((length($&) / 18) * 100)) / 100,$&); } elsif (/(find(ing|) |meet(ing|) |view(ing|) |dat(ing|e) |looking for |seek(ing|) |interested in )(fun |single |lonely |hot |latino |black |horny |naughty ){0,}(m[ea]n|wom[ea]n|guy|gal|girl|singles|latinos|chick)s{0,1}( in| your| area| region| town| city| looking| for| dates{0,1}| a){0,}/) { spam("s03375",(int ((length($&) / 12) * 100)) / 100,$&); } if (/^(hello|hi)\!{1,}.{0,} my name is [a-z]{0,}/) { spam("s02930",2.0,$&); } elsif (/^.{0,15}(hello|hi|dear|greetings|sincere).{0,} my name is [a-z]{0,}/) { spam("s02931",0.8,$&); } if (/our (record|file)s indicate/) { spam("s02928",0.8,$&); } if (/pricelist/) { spam("s02929",0.4,$&); } if (/tr(ying|ied) to (contact |call |reach |get (in touch with |through to ))you/) { spam("s02927",0.4,$&); } if (/job (of{1,}er|application|manage)/) { spam("s02918",0.4,$&); } if (/your.{0,30}dreams.{0,30}come true/) { spam("s02917",0.4,$&); } if (/private message from/) { spam("s02893",0.8,$&); } if (/get(ting|)itgood/) { spam("s02892",1.8,$&); } if (/^private message.*get(ting|)itgood/) { spam("s02894",2.8,$&); } if (/((increas|improv)(e[ds]{0,1}|ing) |your |the ){0,}(chances{0,1}|likelihood) (to|of|on|in) win(ning|)( big|)/) { spam("s02891",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(increas|improv)(e[ds]{0,1}|ing) your (chances{0,1}|likelihood)/) { spam("s03188",0.6,$&); } if (/we bring .{0,100} to you/) { spam("s03189",0.6,$&); } if (/(best|great|bigg{0,1}|massive|huge|enormous)(er|est|) bonus/) { spam("s03190",0.4,$&); } if (/(try |play )(it |)(out |)for free/) { spam("s02890",0.6,$&); } if (/next best thing/) { spam("s02889",0.2,$&); } if (/(^| )win(ning|)s{0,1}( money| online){1,}/) { spam("s02888",(int ((length($&) / 16) * 100)) / 100,$&); } if (/revolutionary( and| patented| technology| data| wireless| compression| video| streaming){0,}/) { spam("s02887",(int ((length($&) / 33) * 100)) / 100,$&); } if (/surprise her with a (big|huge) one/) { spam("s02884",2.4,$&); $s02838 = $s02838 + 1; } if (/allixon.{0,30}rfid mid{1,}leware/) { spam("s02882",3.4,$&); } if (/(ac{1,}ess to .{0,20} ac{1,}ount|ac{1,}ount ac{1,}ess) .{0,20}(will|has) be(en|) (limit|restrict|deni)ed/) { spam("s02881",0.4,$&); } if (/((all {0,1}|)(natur|herb|speci)al(ly|) (made |)|formulas{0,1} ){2,}/) { spam("s02873",(int ((length($&) / 20) * 100)) / 100,$&); } if (/super attractor/) { spam("s02874",0.8,$&); $s02838 = $s02838 + 1; } if (/(ladie|girl|chick)s( wi|)ll be jumping/) { spam("s02875",1.6,$&); $s02838 = $s02838 + 1; } if (/(hav|find)ing (a |it )([rt]ough|hard) (time |)(with|(gett|find)ing) (your(self|) |)(a |the )(good |)(girl|chick|lad|wom[ea]n)(y|ie|s){0,}/) { spam("s02876",0.8,$&); $s02838 = $s02838 + 1; } if (/(get |)the info (is |here |){0,}https{0,1}\//) { spam("s02864",0.6,$&); } if (/go here https{0,1}\//) { spam("s02865",0.6,$&); } if (/((trustees{0,1} |executors{0,1} |(last |)(will |testament )|late |deceased |client |customer |(i|we) wish to (inform|notify) |beneficiar(y|ies) |total (amount|sum) |bequeath(ed|) |codicils{0,1} |deceased |death |shareholders{0,1} )(and |of |our |your{0,1} |have |been |were |was |listed |as |in |is |of |at |to |the |this |that |these |they |them |until |a ){0,}){4,}/) { spam("s02858",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(my|our) (client|customer)s{0,1} (is|are) (seek|search|look|try)ing/) { spam("s02851",0.8,$&); } if (/go deeper/) { spam("s02834",0.4,$&); $s02838 = $s02838 + 1; } if (/size (does(nt| not|) |)matters{0,1}/) { spam("s02835",0.6,$&); $s02838 = $s02838 + 1; } if (/she (just |)is(nt| not|) feeling (ful|)filled/) { spam("s02836",0.6,$&); $s02838 = $s02838 + 1; } if (/grow to new lengths/) { spam("s02837",1.6,$&); $s02838 = $s02838 + 1; } if (/every woman wants/) { spam("s02839",0.6,$&); $s02838 = $s02838 + 1; } if (/(satisfy|give|neither will|please) your (lovely |)(woman|partner)/) { spam("s02862",0.6,$&); $s02838 = $s02838 + 1; } elsif (/(satisfy|please) your (lovely |)wife/) { spam("s02862",0.6,$&); $s02838 = $s02838 + 1; } if (/(do |would |)you (need|lack|want|like|wish) (to |have |some |you |had |more |were ){0,}confidence/) { spam("s02863",0.6,$&); $s02838 = $s02838 + 1; } if (/beg(ging|) (you |)for (some |)more/) { spam("s02841",0.4,$&); $s02838 = $s02838 + 1; } if (/increase your beast/) { spam("s02842",1.8,$&); $s02838 = $s02838 + 1; } if (/you (can|will) be (as |much |a |a{0,1}lot ){0,}big(ger|)/) { spam("s02863",0.4,$&); $s02838 = $s02838 + 1; } if (/help you (to |)get (a |)bigger/) { spam("s02853",0.6,$&); $s02838 = $s02838 + 1; } if (/(brag(ging|) |talk(ing|) |about ){0,}how big (her|your) man(hood|) (is |has |become ){1,}/) { spam("s02854",(int ((length($&) / 26) * 100)) / 100,$&); $s02838 = $s02838 + 1; } if (/better th[ae]n shes{0,1} (has |)ever had( it| before)/) { spam("s02855",0.8,$&); $s02838 = $s02838 + 1; } if (/mak(ing|e)s{0,1} (all |)(of |)her ((girl|)friends |)jealous/) { spam("s02840",0.6,$&); $s02838 = $s02838 + 1; } if (/tons of tail/) { spam("s02830",1.2,$&); } if (/help you score/) { spam("s02831",0.8,$&); } if (/natural pheromone/) { spam("s02832",1.2,$&); } if (/all the tail you(ll ever|) (could |)(want|need)/) { spam("s02833",1.2,$&); } if (/(visa.{0,10}travel|travel.{0,10}visa)/) { spam("s02815",0.4,$&); } if (/if we could( meet| up |get | together){0,} i (shall|would) be (more |most |than |very ){0,}happy/) { spam("s02816",0.4,$&); } if (/this is (the|your) (chance|op{1,}ortunity)( you( ha|)(ve|)| been| waiting| for| to(o{0,1} late|)| get| in(to|)| while| before| its{0,1}| is| still| low| available){0,}/) { spam("s02814",(int ((length($&) / 35) * 100)) / 100,$&); } if (/deactivated/) { spam("s02785",0.4,$&); } if (/of{1,}icial notification/) { spam("s02786",0.4,$&); } if (/(government|federal(ly|)) certifi(ed|cation)/) { spam("s02787",0.4,$&); } if (/(our |this |is |a |free |for |try |why |not |c{0,1}all |now |to |and ){0,}(unique |proprietary |free ){1,}(system |service |product ){1,}(today |now )/) { spam("s02779",(int ((length($&) / 29) * 100)) / 100,$&); } if (/g[eo]t (all |your ){0,}med[sicatonlz]{0,}/) { spam("s02763",0.8,$&); } if (/(^| )e.{0,1}suppl[yiers]{1,}/) { spam("s02760",0.8,$&); } if (/(lic{1,}ensed|registered) (medical |us ){0,}(physician|doctor|professional)/) { spam("s02749",0.4,$&); } if (/ spamis /) { spam("s02748",0.8,$&); } if (/((prolonged|plentiful|increased|stronger|greater|rock.{0,1}hard|huge) (hardnes|explosion|duration|erection|ejaculation)(s| and| ){0,}){1,}/) { spam("s02747",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(have |)((prolonged|longer|better|bigger|stronger|rock.{0,1}hard|power|more|great(er|est|)|stamina|enjoy(ment|)|suc{1,}ess(ful|)|performance|impress(ion|)|wom[ea]n|lover|girlfriend|improve(ment|)[sd]{0,1})s{0,1} (and |with |your |them{0,2} ){0,}){1,}in (the |)bed/) { spam("s02745",(int ((length($&) / 20) * 100)) / 100,$&); } if (/say good[^b]{0,1}bye to/) { spam("s02744",0.6,$&); } if (/(sock|finger) puppet/) { spam("s02739",0.4,$&); } if (/ hooters/) { spam("s02740",0.4,$&); } if (/ crotch/) { spam("s02741",0.4,$&); } if (/the only product/) { spam("s02735",0.6,$&); } if (/penetration/) { spam("s02736",0.2,$&); } if (/guaranteed{0,1}\!/) { spam("s02734",0.8,$&); } if (/enhance(d |your )male power/) { spam("s02729",1.8,$&); } if (/boost your manhood/) { spam("s02730",1.8,$&); } if (/masculine performance/) { spam("s02731",1.8,$&); } if (/(like|wish|want) to (exchange|place) (a |)links{0,1}/) { spam("s02726",0.8,$&); } if (/^h(ey|i|ello|ola)(baby| |my|man){0,}i(m|ts me) sara(h|)/) { spam("s02725",2.2,$&); if (/webcam|(new|my) pic(x|s|tures)|pic(x|s|tures) of me|ciao/) { spam("s02725",2.8,"Hi Sara plus " . $&); } } if (/provid(ing|e)s{0,1} ((timely |ac{1,}urate |financial |information |proven |results{0,1} |great |returns{0,1} )(with |and ){0,}){1,}/) { spam("s02724",(int (length($&) / 30 * 100)) / 100,$&); } if (/(b|fin|high)est ((of{1,}er|price|deal)s{0,1} |on |for |all |your |the |quality ){0,}med(ic(ation|ine|)|)[sz]{0,1}/) { spam("s02723",(int (length($&) / 14 * 100)) / 100,$&); } if (/need med(ic(ation|ine|)|)[sz]{0,1}( |\?|$)/) { spam("s02722",0.8,$&); } if (/((suc{1,}ess(ful|) |)(of{1,}shor(e|ing) |outsourc(e|ing) ){1,}((strateg(y|ies)|research|reports{0,1}|suc{1,}ess(ful|)|vendors{0,1}|manag(e(ment|)|ing)|initiatives{0,1})( |$)){1,}){1,}/) { spam("s02717",(int (length($&) / 36 * 100)) / 100,$&); } if (/online (profile|source)/) { spam("s02711",0.6,$&); } if (/(my pi[cxs]{1,2}|pi[cxs]{1,2} of me)/) { spam("s02712",0.4,$&); } if (/we can assist/) { spam("s02708",0.4,$&); } if (/sex[ao]holic/) { spam("s02704",0.8,$&); } if (/^hey bud{1,}y i just changed my cell phone and my new one is .{0,}please update it in your records how is everything with you\? i gotta run downstairs just wanted to send you the new number best regards josh/) { spam("s02697",5.0,$&); } if (/this (is an |)advertisement (is |was |com(es|ing) |sent |to you ){0,}(from|by)/) { spam("s02693",1.0,$&); } if (/my personal (web.{0,1}|)site/) { spam("s02686",0.8,$&); } if (/meet new people/) { spam("s02687",0.8,$&); } if (/make new friends/) { spam("s02688",0.8,$&); } if (/i( woul|)d love (it |)if you( woul|)d{0,1} c[oa]me (and|to) see me/) { spam("s02689",1.2,$&); } if (/i( ha|)ve never done (this|it) before/) { spam("s02690",0.6,$&); } if (/(you|we)( ha|)ve never met( me|)/) { spam("s02691",0.6,$&); } if (/(sier{1,}a|ser{1,}ia) leone{0,1}/) { spam("s02676",0.4,$&); } if (/ benin /) { spam("s02677",0.4,$&); } if (/ republic of /) { spam("s03132",0.4,$&); } if (/(receiv|transfer{1,}|claim)(ed{0,1}|ing|s|) (the(se|) |this |)(funds{0,1}|money)/) { spam("s02678",0.4,$&); } if (/widow (of|to) the late/) { spam("s02679",1.2,$&); } if (/seeking refuge/) { spam("s02680",0.4,$&); } if (/seeking asylum/) { spam("s02681",0.4,$&); } if (/external assistance/) { spam("s02682",0.4,$&); } if (/a large deposit/) { spam("s02683",0.4,$&); } if (/my late husband/) { spam("s02684",0.4,$&); } if (/foreign representative/) { spam("s02685",0.4,$&); } if (/natural source/) { spam("s02670",0.4,$&); } if (/healthy living/) { spam("s02671",0.4,$&); } if (/disease free/) { spam("s02672",0.4,$&); } if (/( |^)(our |recent ){1,}stud(ie|y)s/) { spam("s02673",0.4,$&); } if (/actual results/) { spam("s02674",0.4,$&); } if (/healthy life/) { spam("s02675",0.4,$&); } if (/your life (is about to|will) (change|improve)/) { spam("s02669",0.6,$&); } if (/strong desire/) { spam("s02667",0.4,$&); } if (/(any |every |market ){1,}niche/) { spam("s02666",0.8,$&); } if (/(we (tried |)(to |)|trying to )(call|phon|contact).{0,}?kind enough.{0,}?fill.{0,1}(in|out).{0,}?secure[^s]{0,1}site.{0,}?follow[^u]{0,1}up/) { spam("s02665",4.0,$&); } if (/intimate.{0,10}( love| life){1,}/) { spam("s02659",0.8,$&); } if (/((import|export)(ing|s|)( and|)[ \/]{1,}){1,}(business|co(mpan[yi]| ))e{0,1}s{0,1}/) { spam("s02657",(int (length($&) / 20 * 100)) / 100,$&); } if (/(my|our|this|the) (business|compan[yi])e{0,1}s{0,1} (is |in |to ){0,}((import|export|manufactur)(ing|s|e){0,}( and|)[ \/]{1,}){1,}/) { spam("s02657",(int (length($&) / 24 * 100)) / 100,$&); } if (/night of (love|passion)( |love|passion|making|and){0,}/) { spam("s02656",(int (length($&) / 28 * 100)) / 100,$&); } if (/we (have |)(tri|attempt)ed .{0,10}to ((call|phone).{0,}no answer|(get |)(in |)(contact|touch))/) { $tmp = $&; if (/(mortgage|home.{0,1}loan|re.{0,1}finance)/) { spam("s02656",2.0,$tmp . "..." . $&); } else { spam("s02656",0.8,$tmp); } } if (/(your |total |any in|this (one[^t]{0,1}time |)in){1,}convenience/) { spam("s02654",0.4,$&); } if (/ our secure.{0,30}site/) { spam("s02653",0.8,$&); } if (/was kind enough to .{0,20} your [^m]{0,2}mail/) { if (/mortgage/) { spam("s02652",2.0,$&); } else { spam("s02652",0.6,$&); } } if (/re(garding|) (the|your) (mortgage|loan)/) { spam("s02651",1.2,$&); } if (/(all[^i]{0,1}in[^o]{0,1}one |comprehensive |step[^b]{0,1}by[^s]{0,1}step |easy[^t]{0,1}to[^u]{0,1}use ){2,}/) { spam("s02650",(int (length($&) / 20 * 100)) / 100,$&); } if (/edit(ing|) (your |)digital (photo|image)s{0,1}/) { spam("s02649",0.8,$&); } if (/download (a |the |)demo/) { spam("s02647",0.8,$&); } if (/video[^t]{0,1}training/) { spam("s02648",0.8,$&); } if (/brand([^n]{0,1}name|ed)(.{0,30}?(cialis|viagra|levitra)|[^w]{0,1}watch(es|))/) { spam("s02646",2.2,$&); } if (/(mild |moderate |severe |male ){1,}ed(\!| |$)/) { spam("s02645",0.8,$&); } if (/muscle[^r]{0,1}relaxant/) { spam("s02643",0.8,$&); } if (/ma(n|le)s{0,1}[^m]{0,1}member/) { spam("s02644",0.8,$&); } if (/(many |of |the |all |including ){0,}((high(est|) |best |finest |superior ){0,}quality |d(oc|to|r){1,} |(hard|burdensome|difficult).{0,1}to.{0,1}find |prescri(bed|ption) (items |)|remedies |drugs |pills |tablets ){2,}/) { spam("s02642",(int (length($&) / 18 * 100)) / 100,$&); } if (/chronic.{0,1}(health|pain|disease|fatigue)/) { spam("s02641",0.8,$&); } if (/((are |)(you |)trying to find |(are |)(you |)(look(ing|) for |seek(ing|) out |search(ing|) for )|(meet(ing|) |find(ing|) |)(that |)(special |)some(one|body)( special|)\?{0,1}( |$)|(a |)relationship[s\?]{0,}( |$)|(a|)lone(some|ly|)[s\?]{0,}( |$)|(come |)(here |)(and |)(get|find)( a|) (match|date|love)(ed|)( up| here| for| to(day|night)){0,}[s\?]{0,}( |$)){2,}/) { spam("s02640",(int (length($&) / 20 * 100)) / 100,$&); } if (/brutal rape/) { spam("s02639",1.2,$&); } if (/hola([\! ]|$)/) { spam("s02638",0.6,$&); } if (/sensational[^p]{0,1}p(hoto|i[cx])(ture|)s{0,1}/) { spam("s02636",1.2,$&); } if (/sexual[^a]{0,1}ad{1,}ictions{0,1}/) { spam("s02637",1.6,$&); } if (/paid message/) { spam("s02635",0.6,$&); } if (/award.{0,1}win{1,}ing/) { spam("s02630",0.8,$&); } if (/(eliminate|remove|eradicate|get rid of) spy.{0,1}w[ai]re/) { spam("s02633",0.8,$&); } if (/spyw[ai]re/) { if (/(download |this |y{0,1}our |the |by |get |receive |award.{0,1}win{1,}ing |anti[^s^v]{0,1}(virus |)){1,}spyw[ai]re( software| solution| product){1,}/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/(download |this |y{0,1}our |the |by |get |receive |award.{0,1}win{1,}ing |anti[^s^v]{0,1}(virus |)){1,}spyw[ai]re/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/spyw[ai]re( software| solution| product){1,}/) { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } else { spam("s02631",(int (length($&) / 14 * 100)) / 100,$&); } } if (/adw[ai]re/) { spam("s03372",0.4,$&); } if (/(award.{0,1}win{1,}ing |hottest ){1,}(software|solution|product)/) { spam("s02632",1.0,$&); } if (/(^| )rated (a |)(strong |)(buy|sell)/) { spam("s02619",1.2,$&); } if (/letter of intent/) { spam("s02620",0.6,$&); } if (/past performance/) { spam("s02621",0.4,$&); } if (/future results/) { spam("s02622",0.4,$&); } if (/(is |highly |likely |on track |to |also ){0,}surpass (first |second |third |fourth |last |previous |the ){0,}quarter/) { spam("s02623",(int (length($&) / 22 * 100)) / 100,$&); } if (/targeted promotion/) { spam("s02624",1.0,$&); } if (/inten[td] to acquire/) { spam("s02625",0.2,$&); } if (/security consultant/) { spam("s02626",0.4,$&); } if (/died intestate/) { spam("s02627",0.8,$&); } if (/international banking conglomerate/) { spam("s02628",0.8,$&); } if (/(shar(e|ing)|ha(ve|ving)|bear(ing|))s{0,1} the same (sur|last |)name (with|as) y{0,1}our{0,1}/) { spam("s02629",0.8,$&); } if (/(i am a |)senior partner( (in|with) (this|the) (firm|company|employ)|)/) { spam("s02623",(int (length($&) / 20 * 100)) / 100,$&); } if (/ benin rep/) { spam("s02616",0.8,$&); } if (/we( can|( wi|)ll) help your company/) { spam("s02617",0.8,$&); } if (/your company/) { spam("s02618",0.1,$&); } if (/[0-9]{1,}\% growth|up [0-9]{1,}\%/) { spam("s02613",0.4,$&); } if (/ trad(ed|ing) at /) { spam("s02614",0.4,$&); } if (/(net|gross) (revenue|turnover|profit|margin)s{0,1}/) { spam("s02615",0.4,$&); } if (/our prices{0,1}/) { spam("s02609",0.4,$&); if (/(compare|check out) our prices{0,1}/) { spam("s02610",1.0,$&); } } if (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|submariners{0,1}[ s]{0,}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){4,}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } elsif (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|submariners{0,1}[ s]{0,}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){3}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } elsif (/((b[vu]lgar[yies]{1,} {0,1}|(har{1,}y[^w]{0,1}|)winstons{0,1} {0,1}|breguets{0,1} {0,1}|chanels{0,1} {0,1}|versaces{0,1} {0,1}|armanis{0,1} {0,1}|jaegers{0,1} {0,1}|(le[^c]{0,1}|)coultres{0,1} {0,1}|brieti{0,1}lings{0,1} {0,1}|tagheuers{0,1} {0,1}|rolex[es]{0,} {0,1}|submariners{0,1}[ s]{0,}|pradas{0,1} {0,1}|guc{1,}is{0,1} {0,1}|coach[es]{0,} {0,1}|dgs{0,1} {0,1}|fendis{0,1} {0,1}|dknys{0,1} {0,1}|louis {0,1}|vuit{1,}ons{0,1} {0,1}|cartiers{0,1} {0,1}|fran[cks]{0,} {0,1}|mullers{0,1} {0,1})(and {0,1}|)){2}/) { spam("s02605",(int (length($&) / 25 * 100)) / 100,$&); } if (/you(( a|)re|have|) receiv(ing|ed) this( e{0,1}[^m]{0,1}mail| message|newsletter|notice|notification|) (by |in |)(ac{1,}ident|er{1,}o[rn]|mistake)/) { spam("s02604",1.0,$&); } if (/we are an equal (housing |op{1,}ortunity ){1,}lender/) { spam("s02605",2.0,$&); } if (/closing (fee|cost)s{0,1}/) { spam("s02601",0.8,$&); } if (/home war{1,}anty/) { spam("s02602",1.0,$&); } if (/of{1,}er (close|end)s/) { spam("s02603",0.4,$&); } if (/we( a|)re pleased{0,1} to (an{1,}ounce|inform)/) { spam("s02600",1.0,$&); } if (/order(ing|s|) (your |)viagra|viagra order/) { spam("s02594",1.0,$&); } if (/order.{0,30}online/) { spam("s02595",0.4,$&); } if (/legal source/) { spam("s02591",0.4,$&); } if (/male impot[ea]nce/) { spam("s02592",0.8,$&); } if (/treat(ing|ment|)s{0,1} impot[ea]nce|impot[ea]nce treatment/) { spam("s02596",0.8,$&); } if (/impot[ea]nce/) { spam("s02593",0.4,$&); } if (/ ecrans /) { spam("s02590",0.4,$&); } if (/(plasma |tv ){2,}/) { spam("s02588",0.2,$&); } if (/hdtv/) { spam("s02589",0.2,$&); } if (/plus de details/) { spam("s02587",2.0,$&); } if (/(prix|of{1,}re) directe{0,1}/) { spam("s02586",2.0,$&); } if (/(better|worse|embar{1,}[ae]s{1,}ed|(un|)satisfied) ((in|with|when|by|the(ir|)|you(r|)|his|her|performance) ){1,}bed/) { spam("s02580",0.4,$&); } if (/foreplay/) { spam("s02581",0.4,$&); } if (/ stud /) { spam("s02582",0.2,$&); } if (/(start |)put(ting|) your .{0,40}(cash|equity).{0,40} to good use/) { spam("s02577",2.4,$&); } elsif (/(start |)put(ting|) your .{0,40} to good use/) { spam("s02578",0.8,$&); } if (/health plan/) { spam("s02570",0.4,$&); } if (/health insurance/) { spam("s02576",0.2,$&); } if (/(have |)you(ve|) been turned down by others/) { spam("s02571",1.4,$&); } if (/no contract/) { spam("s02572",0.4,$&); } if (/claims form/) { spam("s02573",0.4,$&); } if (/age limit/) { spam("s02574",0.2,$&); } if (/we approve all applican{0,1}t(ion|)s{0,1}/) { spam("s02575",2.0,$&); } if (/high priority message/) { spam("s02570",0.4,$&); } if (/you( wi|)ll (be|receive) (fully{0,1} |)compensat(ed|ion)/) { spam("s02569",1.0,$&); } if (/(rapid|deeper|true|richer|greater) (understanding|growth)/) { spam("s02564",0.4,$&); } if (/financial position/) { spam("s02565",0.4,$&); } if (/management perspective/) { spam("s02566",0.4,$&); } if (/(more |higher |greater )profitability/) { spam("s02567",0.4,$&); } if (/(re(spond|ply)|e{0,1}.{0,1}mail) (back |)(to this (e{0,1}.{0,1}mail |message ){0,}|)to stop further( (e{0,1}.{0,1}mail|message)s{0,1}|)/) { spam("s02563",1.0,$&); } if (/usuario (in|)(existent|valido)/) { spam("s02561",0.8,$&); } if (/usuario/) { spam("s02562",0.4,$&); } if (/(^| )tuerkei/) { spam("s02559",0.6,$&); } if (/tuerkei in die eu/) { spam("s02560",4.5,$&); } if (/we (can |will |only ){1,}of{1,}er (you |more ){1,}/) { spam("s02557",0.4,$&); } if (/(^| |would |do |you |like |wish |to |hav(e|ing) |had |dont |desire |dream(ed|t|s|) |of |ever |always ){1,}( |strengthen|your|improve[ds]{0,1}|better|big(ger|gest|)|strong(er|est|)|rock.{0,1}hard|long(er|est|)|lasting|awesome|fantastic|incredible|unbelieveable|way to){0,}e(rec|jacula)tions{0,1}/) { spam("s02556",(int (length($&) / 20 * 100)) / 100,$&); } if (/(af{1,}ord|reason)able pric(e|ing)/) { spam("s02555",0.4,$&); } if (/hottest (sell|demand)(ing|) meds/) { spam("s02549",3.0,$&); } if (/hottest (sell|demand)(ing|)/) { spam("s02550",0.8,$&); } if (/vergessen/) { spam("s02539",0.4,$&); } if (/fruehen/) { spam("s02540",0.4,$&); } if (/abendstunden/) { spam("s02541",0.4,$&); } if (/stadt/) { spam("s02542",0.4,$&); } if (/dresden/) { spam("s02543",0.4,$&); } if (/schuldigen/) { spam("s02544",0.4,$&); } if (/fliegen/) { spam("s02545",0.4,$&); } if (/noch keine/) { spam("s02546",0.4,$&); } if (/ischen/) { spam("s02547",0.4,$&); } if (/youre invited thanks to a private nomination/) { spam("s02537",3.0,$&); } if (/blutige/) { spam("s02527",0.4,$&); } if (/justiz/) { spam("s02528",0.4,$&); } if (/polizei/) { spam("s02529",0.4,$&); } if (/ethnisch/) { spam("s02530",0.4,$&); } if (/geschot/) { spam("s02531",0.4,$&); } if (/mafiaclans/) { spam("s02532",0.4,$&); } if (/durchdringen/) { spam("s02533",0.4,$&); } if (/gerichte/) { spam("s02534",0.4,$&); } if (/mitschuld/) { spam("s02535",0.4,$&); } if (/weiter/) { spam("s02536",0.4,$&); } if (/lese selbst http/) { spam("s02525",4.0,$&); } if (/weiter auf http/) { spam("s02538",4.0,$&); } if (/lese selbst/) { spam("s02526",0.8,$&); } if (/selbst/) { spam("s02526",0.8,$&); } if (/credit.{0,1}(history|score|rating|report|record)/) { spam("s02524",0.8,$&); } if (/credit.{0,40}not a factor/) { spam("s02525",0.8,$&); } if (/franquicia/) { spam("s02513",0.4,$&); } if (/disponible/) { spam("s02514",0.4,$&); } if (/negocio/) { spam("s02515",0.4,$&); } if (/potencial/) { spam("s02516",0.4,$&); } if (/gerencial/) { spam("s02517",0.4,$&); } if (/precio preferencial/) { spam("s02518",1.4,$&); } if (/millones de personas/) { spam("s02519",1.4,$&); } if (/eficiente/) { spam("s02520",0.4,$&); } if (/rapido/) { spam("s02521",0.4,$&); } if (/millonario/) { spam("s02522",1.2,$&); } if (/millones/) { spam("s02523",0.4,$&); } if (/(search|xxx).{0,1}personals/) { spam("s02510",1.4,$&); } if (/personals (web.{0,1}|)site/) { spam("s02512",1.2,$&); } if (/((view photos|watch videos).{0,20}?){2,}/) { spam("s02511",1.0,$&); } if (/alternative.{0,1}(cure|remed(y|ie)|medic(al|ine|))s{0,1}/) { spam("s02508",0.4,$&); } if (/healing power/) { spam("s02509",0.4,$&); } if (/shanghai/) { spam("s02507",0.4,$&); } if (/(domestic|international) (customer|partner|af{1,}iliate)s{0,1}/) { spam("s02505",0.4,$&); } if (/quality control/) { spam("s02506",0.2,$&); } if (/ oem /) { spam("s02504",0.4,$&); } if (/(this|the|your) (attached |)(file |document |attachment ){1,}is (bad|not{0,1} good)/) { spam("s02503",0.8,$&); } if (/sexy{0,1}.{0,1}body{0,1}/) { spam("s02501",0.8,$&); } if (/sexy body in the pic/) { spam("s02502",2.8,$&); } if (/oem version/) { spam("s02500",0.8,$&); } if (/archivo/) { spam("s02493",0.8,$&); } if (/muerto/) { spam("s02494",0.4,$&); } if (/reflejo/) { spam("s02495",0.6,$&); } if (/suprimirlo/) { spam("s02496",0.8,$&); } if (/nuestro/) { spam("s02497",0.6,$&); } if (/listado/) { spam("s02498",0.6,$&); } if (/(^| )empresa( |$)/) { spam("s02499",0.8,$&); } if (/(^| )trenton( |$)/) { if (/(trenton nj|nj trenton)/) { spam("s02492",0.4,$&); } else { spam("s02492",0.4,"trenton"); } } if (/thank you for (writ|e{0,1}.{0,1}mail|send)ing/) { spam("s02489",0.2,$&); } if (/(this is|we do|replied to|mailed|(sent |)(an{0,1} |)e{0,1}.{0,1}mail to) (not an{0,1} |an [ui]n)(monitor(ed|)|active|valid) (this |)(e{0,1}.{0,1}mail |)(ad{1,}ress|alias)/) { spam("s02490",3.2,$&); } if (/(this|your) e{0,1}.{0,1}mail [hw]as (been |)altered by mimedefang/) { spam("s02491",2.2,$&); } if (/dear (ebay |)(customer|client)/) { spam("s02486",0.8,$&); } if (/(regular(ly|) |scheduled ){1,}(ac{1,}ount maintenance (proce(s|dure)s{0,1} |)|and |verification (proce(s|dure)s{0,1} )){1,}(we( have|ve|) (detected|discovered)|)/) { spam("s02487",(int (length($&) / 40 * 100)) / 100,$&); } if (/(please |update |and |verify ){1,}your ((ac{1,}ount |billing |)information|ebay( ac{1,}ount| billing| information){1,})/) { spam("s02488",0.6,$&); } if (/er{1,}ors{0,1} [io]n your (billing |ac{1,}ount |information ){1,}/) { spam("s02485",0.8,$&); } if (/your (personal |financial ){1,}needs/) { spam("s02484",0.8,$&); } if (/seminar/) { spam("s02478",0.2,$&); } if (/better communicator/) { spam("s02479",0.4,$&); } if (/(day|week) workshop/) { spam("s02480",0.4,$&); } if (/master the art/) { spam("s02481",0.8,$&); } if (/(enroll|reply) (today|now|right away|immediately|instantly)/) { spam("s02482",0.8,$&); } if (/will change the way you/) { spam("s02483",0.4,$&); } if (/cliquez{0,1}( sur le lien| ici)/) { spam("s02472",1.8,$&); } if (/les derniers modeles/) { spam("s02473",0.8,$&); } if (/ de remise/) { spam("s02474",0.8,$&); } if (/confirm(ation|er).{0,10}commandes{0,1}/) { spam("s02475",0.8,$&); } if (/pour{1,}ont profiter/) { spam("s02476",0.8,$&); } if (/([cl]es{0,1}|aux) prix/) { spam("s02477",0.4,$&); } if (/((lead to|cause|result in) an{0,1} |dramatic(ally|) |increase |improvement |(in(to|) |if |to |)your{0,1} ((want|wish|would like) to |)|potential |online |(in |)(sales|business|traf{1,}ic|(web.{0,1}|)site) |(by |)invest(ed|ing|) |time and money ){3,}/) { spam("s02471",(int (length($&) / 20 * 100)) / 100,$&); } if (/too many girls (to compete with|competing)/) { spam("s02470",0.8,$&); } if (/al.{0,1}qaeda.{0,}cocacola factor(y|ie)s{0,1}|cocacola factor(y|ie)s{0,1}.{0,}al.{0,1}qaeda/) { spam("s02465",4.5,$&); } if (/(we( a|)re |)the only company( in the world|)/) { if (length($&) > 16) { spam("s02463",0.6,$&); } } if (/developed this product/) { spam("s02464",0.4,$&); } if (/i am (still |)a young girl/) { spam("s02457",1.2,$&); } if (/how to please (a |your |the )m[ae]n/) { spam("s02458",1.0,$&); } if (/(take|have) a look at (my|this) (web|).{0,1}site/) { spam("s02459",0.6,$&); } if (/para no recibir/) { spam("s02451",2.0,$&); } if (/mas anuncio/) { spam("s02452",0.8,$&); } if (/escribanos/) { spam("s02453",0.8,$&); } if (/esta cuenta/) { spam("s02454",0.8,$&); } if (/internacional/) { spam("s02455",0.4,$&); } if (/homes{0,1}.{0,1}equity/) { spam("s02450",0.6,$&); } if (/(quick|convenient).{0,1}and.{0,1}(convenient|quick)/) { spam("s02446",0.4,$&); } if (/med(ical|s|).{0,1}suppl(y|ie)s/) { spam("s02447",0.8,$&); } if (/escudo heraldico/) { spam("s02440",3.0,$&); } if (/heraldica/) { spam("s02441",0.4,$&); } if (/genealogia/) { spam("s02442",0.4,$&); } if (/apellido/) { spam("s02443",0.4,$&); } if (/arboles genealogicos/) { spam("s02444",3.0,$&); } if (/especificos/) { spam("s02445",0.4,$&); } if (/ultimate (sex |love |)guide/) { spam("s02437",0.4,$&); } if (/lesbian/) { spam("s02438",0.2,$&); } if (/(mind blowing|blow your mind)/) { spam("s02439",0.3,$&); } if (/(powerful |important |amazing |project |management |communication ){1,}seminar/) { spam("s02432",0.6,$&); } if (/busy executives{0,1}/) { spam("s02433",0.6,$&); } if (/learn how to/) { spam("s02434",0.4,$&); } if (/gain control/) { spam("s02435",0.4,$&); } if (/improve (your |the |)ef{1,}ectiveness/) { spam("s02436",0.6,$&); } if (/(^| )(pill|tablet)[sz]{0,1}([\! ]|$)/) { spam("s02428",0.4,$&); } if (/blood level/) { spam("s02429",0.4,$&); } if (/ my life/) { spam("s02430",0.4,$&); } if (/(regular|normal|usual) dos(e|ing)s{0,1}/) { spam("s02431",0.4,$&); } if (/highly speculative/) { spam("s02426",0.4,$&); } if (/aggressive invest(or|ment)s{0,1}/) { spam("s02427",0.4,$&); } if (/ e.{0,1}shop(ping)s{0,1}/) { spam("s02422",0.6,$&); } if (/ p {0,1}i {0,1}l {0,1}l/) { if (length($&) > 5) { spam("s02414",2.8,$&); s/ p {0,1}i {0,1}l {0,1}l/ pill/g; } } if (/exclusive (evening|night|models)/) { spam("s02411",0.8,$&); } if (/romantic (evening|night)/) { spam("s02413",0.8,$&); } if (/ arts{0,1} of (love|sex|seduc(e|tion|ing))/) { spam("s02412",1.2,$&); } if (/(unique |visual |image ){3,}/) { spam("s02410",0.4,$&); } if (/your future suc{1,}ess/) { spam("s02409",0.8,$&); } if (/online.{0,1}rep[li]{1,}ca.{0,1}store/) { spam("s02408",4.0,$&); } if (/pre.{0,1}selected/) { spam("s02407",0.4,$&); } if (/(explosive |inten[sc]e |incredible |amazing |wild |more |better |best |long(er|est) |most |and |the ){0,}orgasms{0,1}( of| your{0,1}| her| life| she| ever| will| experienced{0,1}){0,}/) { spam("s02406",(int (length($&) / 8 * 100)) / 100,$&); } if (/v[a-df-z]{0,1} ([a-z][a-z]{0,1} ){3,}/) { spam("s02405",0.8,$&); } if (/(finally |)(af{1,}ord |to |take ){1,}(that|your) dreams{0,1}/) { spam("s02401",0.8,$&); } if (/(watch |wait |for |the |all |that ){0,}money (to |comes{0,1} |finally |starts{0,1} ){0,}roll(s|ing|) in/) { spam("s02402",0.8,$&); } if (/process your claim/) { spam("s02400",0.8,$&); } if (/take (yo|)u of{1,} (this |our |the |future ){0,}mailing/) { spam("s02399",1.0,$&); } if (/(((un|)happy|(dis|)satisfied) with the |(increas|enlarg)(es{0,1}|ing) the |)(size|width|girth) of (your|his) (unit|package|johnson)( check| this| out| our){0,}/) { spam("s02396",(int (length($&) / 14 * 100)) / 100,$&); } elsif (/(interested |would |you |like |to |want |looking |for |a |ways{0,1} ){0,}(increas|enlarg|thick)(e[srn]{0,1}|ing).{0,50}johnson( check| this| out| our| us| at| http){0,}/) { spam("s02398",(int (length($&) / 14 * 100)) / 100,$&); } if (/ echemist/) { spam("s02394",1.6,$&); } if (/quality remed(y|ie)s{0,1}/) { spam("s02395",1.0,$&); } if (/acesodyne/) { spam("s02389",1.6,$&); } if (/analgesic/) { spam("s02390",0.8,$&); } if (/aug{0,1}ment(ar|).{0,10}penis/) { spam("s02388",3.6,$&); } if (/operation system/) { spam("s02387",1.2,$&); } if (/quality [li]inks{0,1}/) { spam("s02386",0.8,$&); } if (/enllarge/) { spam("s02385",1.8,$&); } if (/ vlsit /) { spam("s02383",0.8,$&); } if (/ dlsappo/) { spam("s02384",0.8,$&); } if (/(consumer |survey |group |news ){3,}/) { spam("s02382",0.8,$&); } if (/earn cash/) { spam("s02378",0.4,$&); } if (/incredible (sweepstake|prize)s{0,1}/) { spam("s02380",0.6,$&); } if (/(paid (consumer |customer |feedback |survey ){0,}programs{0,1}( and | |)){1,}/) { spam("s02381",(int ((0.8 * length($&) / 16) * 100)) / 100,$&); } if (/solicit(ing|) (for |)your (sympathy|help|aid|assistance|co.{0,1}o{0,1}peration)/) { spam("s02377",0.6,$&); } if (/furnish (me|you|us) with (y{0,1}our|the(se|)) (following |)particulars/) { spam("s02826",1.2,$&); } if (/you will (be entitled |receive )(up |to ){0,1}$fuzzy_numbers\%{0,1} of every (payment |amount )/) { spam("s02827",0.8,$&); } if (/ravag(e|ing)[sd]{0,} (my|our|this) country/) { spam("s02376",1.8,$&); } if (/private bank(ing|) (agency|division)/) { spam("s02849",0.8,$&); } if (/considerable value/) { spam("s02850",0.2,$&); } if (/i( am|m| was).{0,30}(government|bank) of{1,}icial/) { spam("s02375",0.8,$&); } if (/banque [a-z]{1,}a[lise]{1,}/) { spam("s02374",0.8,$&); } if (/(high|strict)ly confidential|confidential (telephone|contact|ad{1,}ress)/) { spam("s02372",0.4,$&); } if (/strict(est|) confid[ea]nce/) { spam("s02373",0.4,$&); } if (/seek(ing|s|) (for |)(your |)permis{1,}ion/) { spam("s02371",0.6,$&); } if (/commercial (.{0,2}mail|ad|message)/) { spam("s02367",0.4,$&); } if (/includ(es|ing) an unsubscribe method/) { spam("s02368",0.4,$&); } if (/as mandated by law/) { spam("s02369",0.4,$&); } if (/includ(es|ing) the senders info/) { spam("s02370",0.4,$&); } if (/get exposure/) { spam("s02365",0.4,$&); } if (/ rub it on/) { spam("s02362",0.4,$&); } if (/($fuzzy_numbers) {0,1}(\%|per.{0,1}cent) of your (house|home)s{0,1} (value|price)/) { spam("s02359",0.8,$&); } if (/bor{1,}ow ($fuzzy_numbers {0,1}){1,}(%|per.{0,1}cent)/) { spam("s02360",0.8,$&); } if (/(i|he|she) (ha(ve|s)) ($fuzzy_numbers ){1,}($fuzzy_timeframe ){1,}to live/) { spam("s02350",1.0,$&); } if (/(this|my) (letter|e{0,1}.{0,1}mail|message) (may|must) come (to you |as a (big |great |enormous|tremendous |)(surprise|shock)){2}/) { spam("s02351",0.8,$&); } if (/merchant/) { spam("s02352",0.2,$&); } if (/dubai/) { spam("s02353",0.2,$&); } if (/the uae/) { spam("s02354",0.4,$&); } if (/my ((propert(ie|y)|asset|mone(y|ie)|wealth|immediate|extended|famil(y|ie))s{0,1} |and |to |my ){3,}/) { spam("s02355",(int ((0.4 * length($&) / 15) * 100)) / 100,$&); } if (/your computer had been compromised/) { spam("s02347",0.8,$&); } if (/hid{1,}en proxy server/) { spam("s02348",0.8,$&); } if (/discount.{0,1}store|store.{0,1}discount/) { spam("s02341",0.8,$&); } if (/discount.{0,1}(web.{0,1}|)site/) { spam("s02342",0.8,$&); } if (/believe it or not/) { spam("s02343",0.2,$&); } if (/commission.{0,1}statement/) { spam("s02335",0.8,$&); } if (/(please.{0,1}|)(your.{0,1}|)s.{0,1}i.{0,1}g.{0,1}n.{0,1}i.{0,1}f.{0,1}i.{0,1}c.{0,1}a.{0,1}n.{0,1}t.{0,1}other/) { spam("s02333",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/i{0,1}.{0,1}[np].{0,1}[rt].{0,1}i.{0,1}[mv].{0,1}a.{0,1}t.{0,1}e (night|moment|part|thought|desire)s{0,1}/) { spam("s02334",0.4,$&); } if (/pher[oeai]mones{0,1}/) { spam("s02331",0.8,$&); } if (/power of smell/) { spam("s02332",0.6,$&); } if (/((draw|attract)(n|ed|) |(the |)(women|ladies|girls|chicks) |to you( |$)|are |will be |scent ){3,}/) { spam("s02330",1.2,$&); } if (/vidz/) { spam("s02328",0.6,$&); } if (/c.{0,1}u.{0,1}t.{0,1}e.{0,1}vidz/) { spam("s02329",3.4,$&); } if (/((original |trial |(in|)complete |academic |product |copy )(not |a |or ){0,1}){3,}/) { spam("s02326",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/(best |finest |top |world(.{0,1}clas|)s |highest |quality |computer |pc |(program|component|dis[kc])s{0,1} ){3,}/) { spam("s02325",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/(^| )[kc]um(m{0,1}ing)s{0,1}( |$|\!)/) { spam("s02325",0.4,$&); } if (/she( wi|)ll love you/) { spam("s02324",0.8,$&); } if (/slide (it |on |put |it ){0,}in/) { spam("s02323",0.8,$&); } if (/(watch|see) her squirm/) { spam("s02322",2.4,$&); } if (/(internal |server ){1,}er{1,}or/) { spam("s02321",0.4,$&); } if (/((big |)sav(e|ing)s{0,1} (on |)|all |your |health ){1,}((med(ication|)|pill|prescription)[sz]{0,1}.{0,1}){1,}/) { spam("s02320",(int ((0.8 * length($&) / 12) * 100)) / 100,$&); } if (/(make |)love (to |her ){0,}all night( long|)/) { spam("s02319",0.6,$&); } if (/(please|give) (your |the |)(wom[ae]n|lad(y|ie)|girl|chick)s{0,1}( what (they(re|) |their |shes{0,1} |is |are ){1,}(looking for|after|want)|)/) { spam("s02317",0.4,$&); } if (/(viagra |cialis |levitra |and ){0,}(soft|love).{0,1}tabs{0,1}/) { spam("s02318",(int ((0.8 * length($&) / 10) * 100)) / 100,$&); } if (/your prescription/) { spam("s02314",0.4,$&); } if (/(fill|locate|buy|get) your (prescription|dose)/) { spam("s02315",0.6,$&); } if (/((prescription|tablet|pill)s{0,1}.{0,30}){2,}/) { spam("s02316",0.4,$&); } if (/you name it (we|they) have (it|them{0,1})/) { spam("s02313",1.0,$&); } if (/you could possibly (need|want)/) { spam("s02312",0.6,$&); } if (/no(one|body|thing|where) (can|will) beat (the(se|)|this|our) prices{0,1}/) { spam("s02311",1.2,$&); } if (/we have the (drug|med(ication|))s you(( a|)re looking for|need|want)/) { spam("s02310",1.8,$&); } if (/l[ou]ve{0,1}.{0,1}potion/) { spam("s02309",0.8,$&); } if (/f.{0,1}d.{0,1}a.{0,1}.{0,1}a.{0,1}p.{0,1}p.{0,1}r.{0,1}o.{0,1}v.{0,1}e.{0,1}d/) { spam("s02307",0.8,"FDA approved"); if (length($&) > 12) { spam("s02308",1.2,$&); } } if (/i (need|want) a (real |)man/) { spam("s02306",0.8,$&); } if (/(lo(w|vv|v)|high)(er|est|).{0,1}(price|cost)s{0,1} (for |of |quality |high |great |super|fantastic ){0,}software/) { spam("s02301",(int ((0.8 * length($&) / 12) * 100)) / 100,$&); } if (/eat(ing|) into your wallet/) { spam("s02302",1.0,$&); } if (/(we (have |of{1,}er )|our )(great[^p]{0,1}|lo(w|vv|v)[^p]{0,1}){1,}prices{0,1}/) { spam("s02303",0.8,$&); } if (/(we(ve|) |have |can |supply |g[oe]t |you |with |our ){0,}(quality |$fuzzy_numbers ){1,}softwares{0,1}( titles{0,1}| at| a| great(est|)| low(est|)| prices{0,1}){0,}/) { spam("s02304",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(remove|eliminate) (wrinkles|fine lines)/) { spam("s02299",0.6,$&); } if (/(reduce|eliminate) stress/) { spam("s02300",0.2,$&); } if (/you((ha|)ve|) (ever |always |)want(s|ed|)/) { $tmp = $&; if ($tmp !~ /you want/) { spam("s02297",0.4,$tmp); } } if (/ c[h]ao /) { spam("s02294",0.4,$&); } if (/ xin /) { spam("s02295",0.4,$&); } if (/ quang /) { spam("s02296",0.6,$&); } if (/(hello|dear) (microsoft |)windows( xp| professional){0,} user/) { spam("s02293",2.6,$&); } if (/follow th(e|is) (url|[li]ink) (by |)click(ing|)/) { spam("s02292",0.6,$&); } if (/(see|look) for yourself/) { spam("s02291",0.4,$&); } if (/para mayor informaci/) { spam("s02289",0.8,$&); } if (/(^| )sin costo/) { spam("s02288",0.8,$&); } if (/mejores/) { spam("s02287",0.4,$&); } if (/(^| )cursos( |$)/) { spam("s02286",0.4,$&); } if (/(seek|look|want|wish)(ing|) to cheat/) { spam("s02285",0.8,$&); } if (/pill[sz]{0,1}.{0,1}on.{0,1}line/) { spam("s02282",1.0,$&); } if (/ofrecidos/) { spam("s02280",0.4,$&); } if (/efectivas/) { spam("s02281",0.4,$&); } if (/confirm your (information|details)/) { spam("s02279",0.6,$&); } if (/(my.{0,30}){0,1}husband.{0,30}(work(ing|)s{0,1} (all |)(ni(gh|)t(e|)|day)s{0,1}|night.{0,1}shift|out of [town]{4,}|cheat(s|ing) on me)/) { spam("s02278",1.2,$&); } if (/(soft|love) tabs/) { spam("s02277",0.8,$&); } if (/(like to |find (a |)|cheap |location |now |near your{0,1} ){3,}/) { spam("s02275",(int ((0.5 * length($&) / 15) * 100)) / 100,$&); } if (/rub of{1,} http\/\/[^ ]{1,}/) { spam("s02276",2.2,$&); } if (/charset=shift jis/) { spam("s02274",0.8,"Japanese charset"); } if (/cordial assistance/) { spam("s02271",3.0,$&); } if (/(re |uniting |my ){0,}scattered family/) { spam("s02272",0.8,$&); } if (/inheritance/) { spam("s02273",0.2,$&); } if (/(work ((hour|schedule)s |a |)flex(ibility|ible|)|flex(ibility|ible|)(work |(hour|schedule)s ){1,})/) { spam("s02270",0.6,$&); } if (/idiot (of a |)husband/) { spam("s02269",0.3,$&); } if (/very lonely/) { spam("s02268",0.2,$&); } if (/works{0,1} nights{0,1}|night.{0,1}shift/) { spam("s02267",0.4,$&); } if (/local (wom[ae]n|girl|chick)s{0,1}/) { spam("s02266",1.2,$&); } if (/your business lacks{0,1}/) { spam("s02264",0.8,$&); } if (/(unique |visual |corporate |business ){1,}(identity|image|logo)/) { spam("s02265",0.6,$&); } if (/custom (identity|image|logo|design)/) { spam("s02859",0.6,$&); } if (/we( will|ll|) supply (you |)(with |)(only |)the (best|highest|finest|top)/) { spam("s02263",0.6,$&); } if (/new profession/) { spam("s02259",0.4,$&); } if (/(legal investigate|judgment) industry/) { spam("s02260",0.8,$&); } if (/money judgment/) { spam("s02261",0.8,$&); } if (/((($fuzzy_numbers)[^f]{0,1}figure|huge|massive|enormous) |high(.{0,1}paying|) |\${1,} ){1,}(income|salar(y|ie)s{0,1})/) { spam("s02258",(int ((length($&) / 20) * 100)) / 100,$&); } if (/geschlossen/) { spam("s02255",0.4,$&); } if (/abwesenheit/) { spam("s02256",0.4,$&); } if (/geschaft/) { spam("s02257",0.4,$&); } if (/new ((begin{1,}ing |lease |life )(on |)){1,}/) { spam("s03170",0.4,$&); } if (/assist(ing|ed) the courts{0,1} /) { spam("s03171",0.4,$&); } if (/free.{0,1}money/) { spam("s02253",0.4,$&); } if (/anti.{0,1}depressant/) { spam("s02252",0.4,$&); } if (/ discreet(ly|)[ \?\!](encounter|)/) { spam("s02251",(int ((length($&) / 12) * 100)) / 100,$&); } if (/wholesale pric(es{0,1}|ing)/) { spam("s02249",0.6,$&); } if (/warehouse pric(es{0,1}|ing)/) { spam("s02250",0.8,$&); } if (/budget pric(es{0,1}|ing)/) { spam("s03310",0.6,$&); } if (/ox[yi]cont{0,1}in/) { $tmp = $&; if (!/oxycontin/) { spam("s02244",2.0,$tmp); } else { spam("s02244",1.0,$tmp); } } if (/r{0,1}ox[yi]c[oi]d[oi]ne/) { $tmp = $&; if (!/oxycodone/) { spam("s02245",2.0,$tmp); } else { spam("s02245",1.0,$tmp); } } if (/perc[oi](d[aoi]n|lone)/) { spam("s02246",1.0,$&); } if (/percocet/) { spam("s02247",1.0,$&); } if (/ox[yi]fast/) { spam("s02248",1.0,$&); } if (/lotensin/) { spam("s03496",2.5,$&); } if (/trazodone/) { spam("s03496",3.0,$&); } if (/nexium/) { spam("s03497",2.5,$&); } if (/zoloft/) { spam("s03498",2.5,$&); } if (/(credit|) card balances{0,1}/) { spam("s02242",0.8,$&); } if (/sendtronix/) { spam("s02241",4.0,$&); } if (/immediate (need|result)/) { spam("s02236",0.4,$&); } if (/experienced individuals{0,1}/) { spam("s02237",0.4,$&); } if (/going fast/) { spam("s02238",0.2,$&); } if (/to discontinue/) { spam("s02239",0.2,$&); } if (/support dep(t|artment)/) { spam("s02240",0.2,$&); } if (/(delivery{0,1}|ship{1,2})(ing|ed|ment) to your door/) { spam("s02234",0.6,$&); } if (/(super |low(est|) |best |prices{0,1} |and |order |now |costs{0,} |benefit |take |advantage |of |our |avail(able|) |from |the(se|) |amazing |this ){0,}(convenient |(same|next|one|two) day |over[^n]{0,1}night ){1,}(delivery{0,1}|ship{1,2})(ing|ed|ment)/) { spam("s02761",(int ((length($&) / 27) * 100)) / 100,$&); } if (/learn .{0,30}secrets used by/) { spam("s02233",0.8,$&); } if (/(huge |big |enormous |high |great |get |make a ){1,}profits{0,1}(\!{0,})/) { spam("s02232",0.8 * (length($2)+1),$&); } if (/(proven |(for |)(your |)(web|).{0,1}site (with |)(our |)|(can |)(get |)(more |extra |)(traf{1,}ic |visitors )(with |)(our |)|search |engines{0,1} |placement |technology |listings{0,1} ){3,}/) { spam("s02231",(int ((0.8 * length($&) / 18) * 100)) / 100,$&); } if (/let us help/) { spam("s02230",0.4,$&); } if (/we can help/) { spam("s02231",0.4,$&); } if (/ proven /) { spam("s02229",0.2,$&); } if (/proven to work/) { spam("s02861",0.4,$&); } if (/servicio/) { spam("s02227",0.4,$&); } if (/telefonico/) { spam("s02228",0.4,$&); } if (/(business {0,}|op{1,}ortunit(y|ie)s{0,1} |in |the |of ){0,}(judgment.{0,1}recovery {0,1})(business {0,}|op{1,}ortunit(y|ie)s{0,1} |in |the |of ){0,}/) { spam("s02226",(int ((0.8 * length($&) / 18) * 100)) / 100,$&); } if (/exchange.{0,30}p(icture|hoto)s/) { spam("s02225",0.4,$&); } if (/(\%custom sentences ){1,}/) { spam("s02224",(int ((2.4 * length($&) / 18) * 100)) / 100,$&); } if (/vi(sit|ew) (my|her) profile/) { spam("s02223",0.4,$&); } if (/(special(ists{0,1}|ly) |trained |highly |advisors{0,1} ){1,}(are |)((t|)here |available ){0,}to help/) { spam("s02222",0.8,$&); } if (/historic(ally|)( l(evel|ow)s{0,1}){1,}/) { spam("s02220",0.8,$&); } if (/headline making/) { spam("s02221",0.8,$&); } if (/pre.{0,1}(approv|fer{1,})ed( mort{0,1}g{0,1}age| mrtg| loan| home(loan|)| application| rate){0,}/) { spam("s02219",(int ((0.8 * length($&) / 12) * 100)) / 100,$&); } if (/((you |for |the |our |on |with |your |is |ready |available |we have |a |prepared |lower |and ){0,}(qualif(y|ie|ing)s |pre.{0,1}(approv|fer{1,})ed |rate |home |loan |mortgage |(re|)financ(e|ing) |realty |fore{0,1}clos(e|ing|ure)s{0,1} )(plan |)){2,}/) { spam("s02668",(int ((length($&) / 20) * 100)) / 100,$&); } if (/can.{0,1}spam.{0,1}(act|bill|law)/) { spam("s02218",0.6,$&); } if (/shopping spree/) { spam("s02217",0.4,$&); } if (/i was surprised too! who could suspect something like that\? shityillil/) { spam("s02212",5.0,$&); } if (/(download |for |free ){0,}un.{0,1}limited.{0,1}((music |mp.{0,1}3 |songs{0,1} |movies |dvds{0,1} |games{0,1} |software |tv shows |lyrics |audio |books{0,1} )(and |)(downloads{0,1} |)){1,}/) { spam("s02209",(int ((length($&) / 20) * 100)) / 100,$&); } if (/down.{0,1}load.{0,1}((music |mp.{0,1}3 |songs{0,1} |movies |dvds{0,1} |games{0,1} |software |tv shows |lyrics |audio |books{0,1} )(directly |and |off |from |to |save |the[my]{0,1} |play |internet |world |wide |web |[oi]n(to|) |your |pc |computer |while |are |still |theatres{0,1}[ \?]){0,}){1,}/) { spam("s02210",(int ((0.4 * length($&) / 14) * 100)) / 100,$&); } if (/target.{0,8}mail.{0,1}list/) { spam("s02404",1.6,$&); } elsif (/target.{0,8}mail/) { spam("s02206",0.8,$&); } if (/target.{0,8}(client|customer|audience)s{0,1}/) { spam("s02403",0.8,$&); } if (/marketing tools{0,1}/) { spam("s02207",0.6,$&); } if (/marketing solutions{0,1}/) { spam("s02208",0.6,$&); } if (/we have (over |more ){0,}(than |a ){0,}(millions{0,1} |thousands{0,1} |tens{0,1} |of ){1,}.{0,30}mail ad{1,}resses/) { spam("s02205",2.0,$&); } if (/of{1,}ice of foreign operations/) { spam("s02201",2.4,$&); } if (/sum of money in united states dollars/) { spam("s02202",1.2,$&); } if (/th(is|ese) funds{0,1} (was|were|ha(ve|s) been) secured/) { spam("s02203",0.8,$&); } if (/international sorting code/) { spam("s02204",0.8,$&); } if (/health product/) { spam("s02200",0.4,$&); } if (/have you ever (stopped to |)wonder(ed|)/) { spam("s02199",0.4,$&); } if (/first.{0,1}time.{0,1}(home.{0,1}|)(buy|own)er/) { spam("s02198",0.6,$&); } if (/quality you (can |have come to |would |)(rely|depend|expect)( on|)/) { spam("s02197",0.8,$&); } if (/(how many |(want |need) more )hits/) { spam("s02194",0.8,$&); } if (/to the next level/) { spam("s02195",0.4,$&); } if (/((anti.{0,1}(dote|microbial) {0,1}|pain {0,1}|seizure {0,1}|peptides{0,1} {0,1}|heart {0,1}|anxiety {0,1}|asthma {0,1}|immune {0,1}|immunit(y|ie)s{0,1} {0,1}(system {0,1}|)|allerg(y|ie)s{0,1} {0,1}|virus(es|) {0,1}|diseases{0,1} {0,1}|(in|)flu(enza|) {0,1}|sars {0,1}|cancer {0,1}|hiv {0,1}|blood {0,1}pressure {0,1}|((wo|)mens|sexual) {0,1}health {0,1}|meds {0,1}|bacteria[sl]{0,1} {0,1})(keep {0,1}|for {0,1}|an{0,1}d{0,1} {0,1}|in {0,1}|the {0,1}|(high|low)(est|) {0,1}|relief {0,1}|price {0,1}|we {0,1}|will {0,1}|can {0,1}|have {0,1}|supply {0,1}|makes{0,1} {0,1}|kills{0,1} {0,1}|your {0,1}|body {0,1}|healthy{0,1} {0,1}|dead(ly|) {0,1}|strong {0,1}|unique(ly|) {0,1}|that {0,1}|such {0,1}as {0,1}|like {0,1}|etc {0,1}|active {0,1}|is {0,1}|available {0,1}|online {0,1}|sleeping {0,1}|disorders{0,1} {0,1}|anti {0,1}|smoking {0,1}|depression {0,1}|(attack|problem|complication)s{0,1} {0,1}|over {0,1}|more {0,1}|than {0,1}|($fuzzy_numbers) {0,1}|med(ication|)(s|z|) {0,1}){0,}){3,}/) { spam("s02193",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/l(ov|ik)e.{0,1}(a[^p]{0,1}|)porn(.{0,1}star|)/) { spam("s02190",1.2,$&); } if (/(quality |elite |vid(eo|)[sz]{0,1} ){2,}/) { spam("s02337",0.8,$&); } if (/(down|)load(s|able|).{0,1}(of.{0,1}|)porn|porn download/) { spam("s02336",1.2,$&); } if (/porn.{0,1}(movie|video|dvd|film|flic{0,1}k)/) { spam("s02191",1.2,$&); } if (/we owe you/) { spam("s02183",0.8,$&); } if (/dear (applicant|partner)/) { spam("s02184",0.8,$&); } if (/you are eligible( to| receive | for| a| special| low| introductary){0,}(.{0,20}(rate|[0-9\%\$]{1,})){0,}/) { spam("s02185",(int ((0.4 * length($&) / 16) * 100)) / 100,$&); } if (/please verify your/) { spam("s02186",0.4,$&); } if (/we will remove you|you will be removed/) { spam("s02182",0.8,$&); } if (/check out (our|the) (latest |entire |complete |selection |list of |inventory |prices{0,1} ){1,}/) { spam("s02179",0.6,$&); } if (/shoppers!/) { spam("s02180",0.6,$&); } if (/shopping!/) { spam("s02181",0.4,$&); } if (/sav(e|ings{0,1})( big|)!/) { spam("s03328",0.4,$&); } if (/(cheap|low)(er|est)!/) { spam("s03329",0.4,$&); } if (/money network/) { spam("s02177",2.5,$&); } if (/mensaje/) { spam("s02167",0.4,$&); } if (/siguiente/) { spam("s02168",0.4,$&); } if (/adjuntos/) { spam("s02170",0.4,$&); } if (/restringidos/) { spam("s02171",0.4,$&); } if (/eliminados/) { spam("s02172",0.4,$&); } if (/l {0,1}o {0,1}a {0,1}n {0,1}h {0,1}a {0,1}s {0,1}b {0,1}e {0,1}e {0,1}n {0,1}a {0,1}p {0,1}p {0,1}r {0,1}o {0,1}v {0,1}e {0,1}d/) { if (length($&) != 22) { spam("s02166",4.5,$&); } } if (/l {0,1}o {0,1}a {0,1}n {0,1}a {0,1}p {0,1}p {0,1}r {0,1}o {0,1}v {0,1}a {0,1}l/) { if (length($&) != 13) { spam("s02178",4.5,$&); } } if (/ h {0,1}o {0,1}t {0,1}t {0,1}i {0,1}e {0,1}s[! ]/) { if (length($&) != 9) { spam("s02173",4.5,$&); } } if (/(fabulous|wonderful|great) (gift|prize)s{0,1}/) { spam("s02165",0.4,$&); } if (/new .{0,2}mail ad{1,}ress is/) { spam("s02164",0.6,$&); } if (/welcome to .{0,30} spam filter/) { spam("s02163",2.0,$&); } if (/^.{0,50}\? (check out |visit (us |now ){0,}|go.{0,1}to |)http\/\/[^ ]{0,80}$/) { spam("s02161",1.0,$&); } if (/check (us |out |here |our |them |it |these |live |online |now |today ){2,}/) { spam("s02824",(int ((length($&) / 30) * 100)) / 100,$&); } if (/unfamiliar source/) { spam("s02157",0.6,$&); } if (/increase in unsolicited/) { spam("s02158",0.6,$&); } if (/your (e.{0,1}mail |)ad{1,}ress ([wh]as |been |probably |){0,}forged/) { spam("s02159",0.6,$&); } if (/to navigate/) { spam("s02156",0.6,$&); } if (/((rates{0,1}|home|loans{0,1}|drop|mort{0,1}g{0,1}age|mrtg).{0,6}){3,}/) { spam("s02154",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/newsletter/) { spam("s02153",0.4,$&); } if (/invest(or|ment)s{0,1} newsletter/) { spam("s02719",1.0,$&); } if (/(loan |application |credit )(was |has been |)(pre|).{0,1}ac{1,}epted/) { spam("s02187",1.4,$&); } if (/you(r( loan| application| for| a){0,}|)(( a| we|)re|( [hw]a|)(ve|s)( recently| lately| now|)( been|)) (processed and |)(pre|).{0,1}app.{0,1}r.{0,1}o.{0,1}v.{0,1}e.{0,1}d/) { spam("s02151",2.2,$&); } if (/mrtg.{0,10}(process|app|rate|payment)/) { spam("s02152",2.0,$&); } if (/^.{1,50}\? http\/\/.{1,50}\/$/) { spam("s02150",2.0,$&); } if (/mature wom[ae]n/) { spam("s02144",0.8,$&); } if (/mature lover/) { spam("s02145",2.8,$&); } if (/fuck/) { spam("s02146",0.8,$&); } if (/unique (web|).{0,1}site/) { spam("s02147",0.6,$&); } if (/($fuzzy_numbers) of dollars/) { spam("s03285",0.6,$&); } if (/(rolex|rep[li]{1,}ca|submariner( s{1,}|)|cheap|high.{0,1}quality|watche{0,1}s{0,1}).{0,1}(watch(es|)|rep[li]{1,}ca)/) { spam("s02141",0.8,$&); } if (/(rolex|rep[li]{1,}ca).{0,1}watche{0,1}s{0,1}.{0,1}online/) { spam("s02142",2.8,$&); } if (/(cheap|luxury) (rolex|rep[li]{1,}ca)(.{0,1}watche{0,1}s{0,1}|)/) { spam("s02149",1.6,$&); } if (/(win|want) a (rolex|rep[li]{1,}ca).{0,1}watch/) { spam("s02143",2.0,$&); } if (/throw.{0,1}away.{0,1}prices{0,1}/) { spam("s02140",0.8,$&); } if (/((top|famous|world|renowned|most|recogni[sz]ed)[^a-z]{0,1}(and |)){1,}brands{0,1}/) { spam("s02137",(int ((length($&) / 18) * 100)) / 100,$&); } if (/yours to keep/) { spam("s02138",0.4,$&); } if (/erec{1,}ione/) { spam("s02136",2.5,$&); } if (/intellektuel/) { spam("s02132",0.4,$&); } if (/ef{1,}ektiv/) { spam("s02133",0.4,$&); } if (/vejleder/) { spam("s02134",0.4,$&); } if (/spirituel/) { spam("s02135",0.4,$&); } if (/(online |)rx (med|refill|p(re.{0,1}|er)scription)/) { spam("s02131",1.2,$&); } if (/((pre {0,1}|)(approv(ed|al) |)(for |)(rates{0,1} |prices{0,1} |deals{0,1} |of{1,}ers{0,1} |start(s|ing|) )(at |)|as l(ow|ittle) as ){1,}\${0,}[0-9]{1,}\%{0,}/) { spam("s02129",(int ((0.8 * length($&) / 10) * 100)) / 100, $&); } if (/(mort{0,1}g{0,1}age|refi(nanc(e|ing)| ))/ && /pre.{0,1}approv(ed|al)/) { spam("s02128",2.4,"pre-approved mortgage/refinancing"); } if (/(mort{0,1}g{0,1}age |loan |application ){1,}process/) { spam("s02130",0.8,$&); } if (/you are ready to conclude this (business|matter)/) { spam("s02126",0.4,$&); } if (/beneficiary/) { spam("s02125",0.2,$&); } if (/guarante(ed|s|) (first|top) (position|ranking)/) { spam("s02124",0.8,$&); } if (/obtained your contact/) { spam("s02120",0.4,$&); } if (/international resource/) { spam("s02121",0.4,$&); } if (/i am contacting you/) { spam("s02122",0.4,$&); } if (/impending predicament/) { spam("s02123",0.6,$&); } if (/victoria island/) { spam("s02118",0.4,$&); } if (/(^| )lagos( |$)/) { spam("s02119",0.4,$&); } if (/(the following|many) brands (are |)available/) { spam("s02116",0.8,$&); } if (/(wide|home|house|price|superb{0,1}|fantastic|amazing|(top|first).{0,1}rate|w(h|al{1,})op{1,}ing){1,}.{0,1}((se|co)l{1,}e|dedu)ction/) { spam("s02117",0.4,$&); } if (/genuine rep[li]{1,}ca/) { spam("s02115",0.8,$&); } if (/(own |ones |your ){2,}company/) { spam("s02114",0.6,$&); } if (/(pursu|chas)(e|ing) your (goal|dream)s/) { spam("s02113",0.6,$&); } if (/exciting profession/) { spam("s02111",0.4,$&); } if (/(work(ing|) (part|full).{0,1}time|(part|full).{0,1}time work)/) { spam("s02112",0.4,$&); } if (/clinical benefit/) { spam("s02109",0.4,$&); } if (/combination therapy/) { spam("s02110",0.4,$&); } if (/((fac(e|ial)|perfect|potent|herbal).{0,1}){1,}(cream|(sc|)rub|lotion|oil)s{0,1}/) { spam("s02106",0.4,$&); } if (/anti.{0,1}aging/) { spam("s02107",0.8,$&); } if (/discount.{0,1}(drug|med(ical|icine|))[sz]{0,1}/) { spam("s02105",0.8,$&); } if (/generic.{0,1}(drug|med(ical|icine|))[sz]{0,1}/) { spam("s02105",0.8,$&); } if (/free (online |)newsletter/) { spam("s02104",0.4,$&); } if (/uncensored/) { spam("s02102",0.2,$&); } if (/forbid{1,}en.{0,40}sex/) { spam("s02103",0.6,$&); } if (/incest(uous|).{0,1}(photo|vid(eo|)|pi[cx])s{0,1}/) { spam("s02100",1.2,$&); } if (/broadcast[^m]{0,2}mail/) { spam("s02098",1.2,$&); } if (/mail your ad(verti[sz]ement|) to/) { spam("s02099",0.8,$&); } if (/premium.{0,1}(product|service|status|brand)s{0,1}/) { spam("s02093",0.6,$&); } if (/substantial profits{0,1}/) { spam("s02093",0.6,$&); } if (/processing.{0,30}judgments{0,1}/) { spam("s02094",0.8,$&); } if (/processing (money |cash |)judgments{0,1}/) { spam("s02189",1.6,$&); } if (/open.{0,1}(the|your).{0,1}(door|life|heart).{0,1}to.{0,1}suc{1,}ess/) { spam("s02092",1.2,$&); } if (/settle your.{0,20}(tax|debt|bill)e.{0,1}s.{0,1}/) { spam("s02089",0.6,$&); } if (/( |^)act fast/) { spam("s02090",0.4,$&); } if (/th(is|ese) (of{1,}er|price|rate)s{0,1} (ca|wo)nt last/) { spam("s02091",0.8,$&); } if (/guten tag/) { spam("s02087",0.4,$&); } if (/automatisch/) { spam("s02088",0.6,$&); } if (/(important |exciting |and ){0,}medical (breakthrough|advance|discovery|improvement)/) { spam("s02084",(int ((0.4 * length($&) / 9) * 100)) / 100,$&); } if (/nominated ac{1,}ount/) { spam("s02079",0.8,$&); } if (/top of{1,}icials{0,1}/) { spam("s02080",0.4,$&); } if (/federal government contract/) { spam("s02086",0.8,$&); } if (/contract review panel/) { spam("s02081",0.8,$&); } if (/importation of goods/) { spam("s02082",0.4,$&); } if (/we solicit your assistance/) { spam("s02083",0.8,$&); } if (/(no pre.{0,1}scriptions{0,1} (is |are |)|pre.{0,1}scriptions{0,1} ((is |are |)not|isnt|arent) )(required|needed|necessary)/ || /(we |do(nt|) |you |not ){0,}(with(out|) |requir(es{0,1}|ing) |need(ing|) ){1,}(a |any |no |for ){0,}pre.{0,1}scriptions{0,1}/) { spam("s02078",0.8,$&); } if (/un.{0,1}secured.{0,1}(debt|loan)s{0,1}/) { spam("s02068",0.8,$&); } if (/late notices{0,1}/) { spam("s02069",0.2,$&); } if (/collection (notice|call)s{0,1}/) { spam("s02070",0.2,$&); } if (/we(ve| have|) pioneered/) { spam("s02071",0.2,$&); } if (/advanced systems{0,1}/) { spam("s02072",0.2,$&); } if (/proven strateg(ie|y)s{0,1}/) { spam("s02073",0.4,$&); } if (/debt collectors{0,1}/) { spam("s02074",0.4,$&); } if (/millions of dollars{0,1}/) { spam("s02075",0.2,$&); } if (/(termination|elimination|consolidation|marketing) programs{0,1}/) { spam("s02076",0.8,$&); } if (/that special some(body|one|thing)/) { spam("s02067",0.4,$&); } if (/constantly updat(ed|ing)/) { spam("s02066",0.2,$&); } if (/quality results/) { spam("s02065",0.4,$&); } if (/web.{0,1}sites{0,1}.{0,1}reviews{0,1}|reviews{0,1}.{0,1}web.{0,1}sites{0,1}/) { spam("s02063",0.8,$&); } if (/(better|improved|enhanced) (placement|listing)/) { spam("s02064",0.8,$&); } if (/pain relie(ver|f)/) { spam("s02062",0.4,$&); } if (/v.{0,1}i.{0,1}c.{0,1}o.{0,1}d.{0,1}i.{0,1}n/s) { my $msg = $&; if (length($msg) > 7) { spam("s02060",3.00,$msg); } } if (/v.{0,1}i.{0,1}o.{0,1}x.{0,1}x/s) { my $msg = $&; if (length($msg) > 5) { spam("s02061",3.00,$msg); } } if (/^ {0,1}advertisement/) { spam("s02059",1.0,$&); } if (/new and used/) { spam("s02057",0.4,$&); } if (/repossessed/) { spam("s02058",0.4,$&); } if (/buy (now|direct|today)/) { spam("s02056",0.4,$&); } if (/n(um(ber|)|o)( (one|1)|i) (way|source|name|brand)/) { spam("s02055",0.4,$&); } if (/( and| cheap| fast| reliable){1,}\!/) { spam("s02054",(int ((0.4 * length($&) / 5) * 100)) / 100,$&); } if (/high ranking/) { spam("s02053",0.4,$&); } if (/(hundred |thousand |several |[0-9\,]{1,} ){0,}(visit(or|)|hit|page[^v]{0,1}view)s (per |each |a |)(da[yi]|week|month|year)(ly|)/) { spam("s02054",0.4,$&); } if (/(hi|hello|dear) web[^m]{0,1}master/) { spam("s02052",0.8,$&); } if (/urgent virus (update|a[il]ert|warning)/) { spam("s02051",1.2,$&); } if (/epic.{0,1}cams/) { spam("s02048",0.8,$&); } if (/cam.{0,1}girls{0,1}/) { spam("s02049",0.8,$&); } if (/(many |)beautiful girls( to choose from|)/) { spam("s02050",0.4,$&); } if (/making you fat/) { spam("s02043",0.6,$&); } if (/hormonal release/) { spam("s02044",0.6,$&); } if (/body .{0,20}store fat/) { spam("s02045",0.6,$&); } if (/cortizyte/) { spam("s02046",2.8,$&); } if (/fat storing hormone/) { spam("s02047",0.8,$&); } if (/i( a|)m.{0,50}the wife of/) { spam("s02036",0.4,$&); } if (/(chief |)security of{1,}icer/) { spam("s02037",0.4,$&); } if (/aide de.{0,1}camp/) { spam("s02038",0.4,$&); } if (/( war| politic(s|al)| situation| problems{0,1}){1,} in (my|our|this) country/) { spam("s02039",0.4,$&); } if (/liberia/) { spam("s02040",0.4,$&); } if (/trust.{0,1}worthy individual/) { spam("s02041",0.2,$&); } if (/(my|our) li(f|ves) (is|are) (highly |)in (extreme |(the |)(utmost|highest|(most |)extreme) |)danger/) { spam("s02042",0.4,$&); } if (/repair your credit/) { spam("s02034",1.2,$&); } if (/(special |rates{0,1} |will |allow |you |to |can |we |help |deals{0,1} |offers{0,1} |y{0,1}our ){0,}(reduce|lower|drop) (your |)(monthly |cur{1,}ent ){0,1}(credit.{0,1}card|mortgage|mrtg|\/| |house|home|rent(al|)){0,}(bill|payment|expense|instal{1,}ment|debt|fee)s{0,1}( by| ($fuzzy_numbers)|\%| or| more| than){0,}/) { spam("s02035",(int ((0.4 * length($&) / 9) * 100)) / 100,$&); } if (/((orgasm|impoten(t|ce)|pleasure|confidence|boost|increase|enhance|extra|bigger|man.{0,1}hood|erection|penis|sex|porn(star|)).{0,17}){5,}/) { spam("s02033",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } elsif (/((orgasm|impoten(t|ce)|pleasure|confidence|boost|increase|enhance|extra|bigger|man.{0,1}hood|erection|penis|sex|porn(star|)).{0,17}){4,}/) { spam("s02033",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } elsif (/((orgasm|impoten(t|ce)|pleasure|confidence|boost|increase|enhance|extra|bigger|man.{0,1}hood|erection|penis|sex|porn(star|)).{0,17}){3,}/) { spam("s02033",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/(unique|valuable|one.{0,1}time) (and |)(unique|valuable|one.{0,1}time)/) { spam("s02032",0.4,$&); } if (/(^| )u (will |)l(ik|ov)e/) { spam("s02031",0.4,$&); } if (/(your |this |new ){0,}rates{0,1} (ha(s|ve) been|was|were|are) (confirm|approv)ed/) { spam("s02030",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/(web.{0,1}site |positioning |services{0,1} ){2,}/) { spam("s02029",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/(no |your |without ){0,}p(ast|rior) (experience|training)( (or|and) (experience|training)|)( required|)/) { spam("s02028",(int ((0.4 * length($&) / 15) * 100)) / 100,$&); } if (/education(al|) programs{0,1}/) { spam("s02025",0.2,$&); } if (/((private(ly|) |)(owned |run |)(non|)|world.{0,1}wide ){0,}.{0,1}ac{1,}redited\b.{0,20}uni(s|v)(ersit(y|ies)|)/) { spam("s02024",(int ((0.8 * length($&) / 15) * 100)) / 100,$&); } if (/(tru|real)ly.{0,1}af{1,}ord(able|)/) { spam("s02023",0.8,$&); } if (/(girl|chick|hott[yie]{1,}|wom[ae]n|co.{0,1}ed)s{0,1}.{0,20}next.{0,1}door/) { spam("s02022",0.8,$&); } if (/(special |unique |custom |corporate |(high |)quality |company |business |visual |powerful |eye.{0,1}ca(ptur|tch)ing |(cutt|lead)ing.{0,1}edge ){3,}(identity|design|logo)s{0,1}/) { spam("s02019",(int ((0.6 * length($&) / 8) * 100)) / 100,$&); } elsif (/(special |unique |custom |corporate |(high |)quality |company |business |visual |powerful |eye.{0,1}ca(ptur|tch)ing |(cutt|lead)ing.{0,1}edge ){2}(identity|design|logo)s{0,1}/) { spam("s02020",(int ((0.6 * length($&) / 8) * 100)) / 100,$&); } if (/wholesale drugs/) { spam("s02014",0.8,$&); } if (/buy in bulk/) { spam("s02015",0.4,$&); } if (/we (stock|sell) all popular/) { spam("s02016",0.4,$&); } if (/(i(m| am) (a |)|)(very |)((se{1,}x{1,}y{1,} |m {0,1}a {0,1}t {0,1}u {0,1}r {0,1}e |hot |h {0,1}o {0,1}r {0,1}n {0,1}e{0,1} {0,1}y |l {0,1}o {0,1}n {0,1}e {0,1}l {0,1}y |lovely |pretty |nice |untouched |first.{0,1}time[rs]{0,} |young |energetic )(and |very ){0,}){1,}(house.{0,1}wi[fv]e|lad(y|ie)|teen|girl|chick|virgin)s{0,1}/) { spam("s02012",(int ((0.8 * length($&) / 8) * 100)) / 100,$&); } elsif (/(sexy |mature |hot |horne{0,1}y |lonely |untouched |first.{0,1}time[rs]{0,} ){1,}.{0,20}(house.{0,1}wi[fv]e|lad(y|ie))s{0,1}|teen/) { spam("s02284",1.6,$&); } if (/th(is|ese) (deal|rate|price)s{0,1} (wont|will not) last/) { spam("s02010",0.8,$&); } if (/(a |)virus(es|) (was |ha(s|ve) been |were |)(remov|repair|delet)ed/) { spam("s02009",0.4,$&); } if (/(does |)your (business|company) needs{0,1}/) { spam("s02003",0.6,$&); } if (/business website/) { spam("s02004",0.4,$&); } if (/we provide web(.{0,1}designs{0,1} |.{0,1}based |.{0,1}site |.{0,1}from scratch |.{0,1}business |.{0,1}solutions{0,1} |.{0,1}corporate ){0,}/) { spam("s02005",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/(our |ac{1,}ount |(web|).{0,1}design ){1,}speciali(sts{0,1}|t(y|ies))/) { spam("s02006",0.4,$&); } if (/redesign your (web|).{0,1}site/) { spam("s02007",0.6,$&); } if (/(fast|quick)(est|er|) turn.{0,1}around/) { spam("s02008",0.6,$&); } if (/(powerful|eye.{0,1}ca(ptur|tch)ing) (corporate |company |business |)(graphic|logo)s{0,1}/) { spam("s02003",0.6,$&); } if (/quality (corporate |company |business |)(graphic|logo)s{0,1}/) { spam("s02017",0.4,$&); } if (/permanent growth/) { spam("s02002",0.8,$&); } if (/(google |yahoo |search |msn |aol |excite |lycos |hotbot |overture |inktomi |ask jeeves |webcrawler ){4,}/) { spam("s02000",(int ((0.4 * length($&) / 15) * 100)) / 100,$&); } if (/we are interested in/) { spam("s01993",0.2,$&); } if (/we pride oursel(ves|f)/) { spam("s01994",0.2,$&); } if (/we look forward to/) { spam("s01995",0.2,$&); } if (/we would like you to/) { spam("s01996",0.2,$&); } if (/we value your/) { spam("s01997",0.2,$&); } if (/automatically entered|entered (to win |)automatically/) { spam("s01992",0.4,$&); } if (/gift certificate/) { spam("s01991",0.4,$&); } if (/paradise.{0,1}lott(o|ery)/) { spam("s01988",1.2,$&); } if (/lucky (win{1,}er|number)s{0,1}/) { spam("s01989",0.4,$&); } if (/lucky .{0,1}mail ad{1,}ress/) { spam("s01990",0.4,$&); } if (/(automat(ed|ic) |computer ){1,}ballot/) { spam("s01987",(int ((0.4 * length($&) / 10) * 100)) / 100,$&); } if (/web.{0,1}cam/) { spam("s01983",0.4,$&); } if (/sexy{0,1}(.{0,1}web|).{0,1}cam/) { spam("s03420",1.4,$&); } if (/(hooked|set) up (to |)a web.{0,1}cam/) { spam("s01984",(int ((0.4 * length($&) / 6) * 100)) / 100,$&); } if (/check me out/) { spam("s01985",0.6,$&); } if (/check (me|it) out!{0,1} you w(ont|ill not) regret it/) { spam("s01986",1.0,$&); } if (/invite[sd]{0,1} you (for|to) (ac{1,}ept |)(a|my|our) (live |web.{0,1}cam |chat ){2,}/) { spam("s01981",1.2,$&); } if (/(girls[ \!]{0,}){2,}/) { spam("s01980",(int ((0.4 * length($&) / 12.0) * 100)) / 100,$&); } if (/sick fli(ck|x)/) { spam("s01977",1.2,$&); } if (/fetish/) { spam("s01978",0.2,$&); } if (/you (are |therefore |have |been |pre ){1,}(pre|)approved/) { spam("s01975",0.6,$&); } if (/(interested in|(want|wish|like) (to|you could)) lower(ing|) your (home.{0,1}(int(erest|)|loan)|mort{0,1}g{0,1}age) rates{0,1}\?{0,1}/) { spam("s01973",2.0,$&); } if (/we (also |)of{1,}er cheap/) { spam("s01971",0.6,$&); } if (/cheap (graphics{0,1} (and |)|publishing (and |)|software (for |)){1,}/) { spam("s01972",(int ((0.3 * length($&) / 8) * 100)) / 100,$&); } if (/((quick(books|en).|studio mx.|adobe.|corel.|systemworks.|autocad.|autoroute.|macromedia.|adobe.|photoshop.|illustrator.|(windows.|of{1,}ice.|^)xp.|xp.pro(f|)(essional|)|macromedia.|dreamwe{0,1}aver.|autodesk.|borland.|corel.|crystal.reports.|intuit.).{0,30}?){4,}/) { spam("s01970",2.0,"Looks like software sales: " . $&); } if (/(microsoft.{0,1}|quickbooks.{0,1}|adobe.{0,1}|macromedia.{0,1}|photoshop.{0,1}|illustrator.{0,1}|windows.{0,1}|of{1,}ice.{0,1}|xp.{0,1}(pro(f|)(essional|).{0,1}|)|macromedia.{0,1}|dreamwe{0,1}aver.{0,1}|auto(desk|cad).{0,1}|borland.{0,1}|crystal.{0,1}reports.{0,1}|intuit.{0,1}){4,}/) { spam("s02338",(int ((0.2 * length($&) / 10) * 100)) / 100,$&); } if (/(half |low(er|est|) |)prices{0,1} (on |)win(dows|) xp (pro|)(f|)(essional|)/) { spam("s02021",3.0,$&); } if (/(\$[0-9]{1,} [^\$]{0,100}?){3,}/) { spam("s01969",0.4,"Lots of prices"); } if (/((windows|of{1,}ice) xp pro(f|)(essional|) (for |only |just ){0,}[\$0-9\%]{1,}|[\$0-9\%]{1,} (on |for |just |only ){0,}(windows|of{1,}ice) xp pro(f|)(essional|))/) { spam("s01968",2.0,$&); } if (/(windows|of{1,}ice) xp/ && /adobe (photoshop|illustrator)/ && (/macromedia (dreamwe{0,1}aver|flash)/ || /quickbooks/ || /winfax/)) { spam("s01967",2.0,"Looks like software sales: windows, adobe, macromedia/quickbooks"); } if (/ in the(ir|) raw(est|)[ \!]/) { spam("s01966",0.2,$&); } if (/(fresh |new |latest |hot(test|) |celeb(rity|) |naked |nude |(s(ch|k)ool|)girl(ie|y|s){0,} ){1,}pix( of|)( celeb(s|z|raties)|)/) { spam("s01963",(int ((1.0 * length($&) / 8) * 100)) / 100,$&); } if (/ pix\!/) { spam("s01964",0.6,$&); } if (/celeb[sz]/) { spam("s01965",0.8,$&); } if (/((l(ess|ower)|cheaper) than|below) (your cur{1,}ent|retail)( (price|plan)s{0,1}|)/) { spam("s01961",0.8,$&); } if (/(achieve|get|see|watch) (an{0,1} |the(se|) |)(extraordinar(y|ily) |unbelieveabl[ey] |amazing(ly|) |fast ){1,}(result|improvement)s{0,1}/) { spam("s01960",0.8,$&); } if (/wealth building strateg(y|ie)s{0,1}/) { spam("s01961",0.6,$&); } if (/( |^)re.{0,1}fi /) { spam("s01955",1.0,$&); } if (/ (re|)fi(nanc(e|ial)|) options{0,1}/) { spam("s02011",0.8,$&); } if (/(purchas|buy)(e|ing|) (a|your) (new |own ){0,}.{0,50}ho(us|m)e/) { spam("s01956",1.0,$&); } if (/ shagg(ing|ed) /) { spam("s01954",0.4,$&); } if (/(love|sex|shag(ging|)) like a (super|rock).{0,1}star/) { spam("s01953",1.2,$&); } if (/for all your .{0,30} needs /) { spam("s01951",0.6,$&); } if (/uncompromising (service|quality|result)s{0,1}/) { spam("s01948",0.6,$&); } if (/unparal{1,2}el{1,2}ed (service|quality|result)s{0,1}/) { spam("s01949",0.6,$&); } if (/unforgettable (service|quality|result)s{0,1}/) { spam("s01950",0.4,$&); } if (/our portfolio/) { spam("s01951",0.4,$&); } if (/(you(r (company|business)|) need |)(a |our |)(skilled |professional |trustworthy |quality |full.{0,1}service ){0,}((design|marketing|advertising)( and | or |)){2,} (services{0,1} |team |skill(s|ed|) |professional ){1,}/) { spam("s01947",(int ((0.6 * length($&) / 14) * 100)) / 100, $&); } elsif (/(you(r (company|business)|) need |)(a |our |)(skilled |professional |trustworthy |quality |full.{0,1}service ){0,}(design|marketing|advertising) (services{0,1} |teams{0,1} |skill(s|ed|) |professional ){1,}/) { spam("s01947",(int ((0.6 * length($&) / 14) * 100)) / 100, $&); } elsif (/(a |our )(skilled |professional |trustworthy |quality |full.{0,1}service ){1,}((design(er| team)s{0,1}|marketing|advertising|agency)( and | |)){1,}/) { spam("s01947",(int ((0.6 * length($&) / 14) * 100)) / 100, $&); } if (/(corporate|company|business) (image|identity|logo)/) { spam("s01946",0.6,$&); } if (/we( a|)re here to help/) { spam("s01945",0.4,$&); } if (/(help you |)(attract|win) more customers/) { spam("s01944",(int ((0.4 * length($&) / 11) * 100)) / 100, $&); } if (/(you |)(design |need |want |like|desire |)(a |)(unique |top quality )(corportate |company |business |)logo( for your (business|company|corporation)|)/) { spam("s01943",(int ((0.6 * length($&) / 11) * 100)) / 100, $&); } if (/your bills/) { spam("s01937",0.8,$&); } if (/one (month|year)ly payment/) { spam("s01938",0.8,$&); } if (/cut (all |)(of |)(them|(your|those) (monthly |yearly |weekly |)(bill|payment)s{0,1}) by ([0-9]{1,} {0,1}\%|.{0,30}per.{0,1}cent)/) { spam("s01939",1.2,$&); } if (/i [dw]ont bite/) { spam("s01933",0.8,$&); } if (/with ((the word |)help|(the|a) command) (in|as) the subject/) { spam("s01932",1.2,$&); } if (/available commands (are|include)/) { spam("s01935",1.2,$&); } if (/commands{0,1} (to |)(the |this |).{0,50}?(should |must )(always |)(be sent|include)/) { spam("s01936",1.2,$&); } if (/(are|is) you( keeping you|)(r (kids|children|family)|) (safe|protected)( while they(re| are)|)( online|)/) { spam("s01931",(int ((0.4 * length($&) / 12) * 100)) / 100, $&); } if (/(our|this) revolutionary( new|)/) { spam("s01930",0.4, $&); } if (/protect (you(rself|) and |)your family/) { spam("s01929",0.4, $&); } if (/filtering software/) { spam("s01928",0.4, $&); } if (/and lots more/) { spam("s01927",0.4, $&); } if (/recipients{0,1} (name |)(was |is |)(not |un)(recogni[zs]ed|known)|un(recogni[zs]ed|known) recipient/) { spam("s01926",0.4, $&); } if (/wurde mein/) { spam("s01916",0.4, $&); } if (/von eine/) { spam("s01917",0.4, $&); } if (/schliesslich/) { spam("s01918",0.4, $&); } if (/schlagen/) { spam("s01919",0.4, $&); } if (/auf eine/) { spam("s01920",0.4, $&); } if (/kuerzlich/) { spam("s01921",0.4, $&); } if (/unmoeglich/) { spam("s01922",0.4, $&); } if (/uebersehen/) { spam("s01923",0.4, $&); } if (/anschliess/) { spam("s01924",0.4, $&); } if (/entschuldigen/) { spam("s01925",0.4, $&); } if (/bitte nicht/) { spam("s01912",0.8, $&); } if (/antwort funktion/) { spam("s01913",0.8, $&); } if (/diese mail antworten/) { spam("s01914",0.8, $&); } if (/persoenliche/) { spam("s01915",0.4, $&); } if (/((ein|automatisch|generiert|antwort)e{0,1} {0,1}){3,}/) { spam("s01911",2.0, $&); } if (/expose your (web.{0,1}|)site/) { spam("s01908",0.8, $&); } if (/(all|every) (the |)pages.{0,1} o[fn] your (web.{0,1}|)site/) { spam("s01909",0.8, $&); } if (/zero.{0,1}(cost|(down|)payment|price)/) { spam("s01906",0.6, $&); } if (/((pop|reg)ular|cheap) (med(ication|s)|drug|rx)s{0,1}( click|)( here|) http\/\//) { spam("s01905",1.8,$&); } if (/protects{0,1} your family/) { spam("s01902",0.6, $&); } if (/inappropriate (internet |)content/) { spam("s01903",0.4, $&); } if (/((porno(graphy|)|children|alcohol|tobac{1,}o|parent|protect|inappropriate (internet |)content|gambling|drugs|(web.{0,1}|content.{0,1}|)filtering software|family).{0,40}?){4}/) { spam("s01904",0.8, $&); } if (/sweet b(lond|runet(te|))/) { spam("s01900",0.4, $&); } if (/split (me|her)( wide| open){1,}/) { spam("s01901",0.8, $&); } if (/(you |we |our |can |g(et|ive) |rates{0,1} |prices{0,1} |deals{0,1} |of{1,}ers{0,1} |start(s|ing|) |that |are |for |also ){1,}as l(ow|ittle) as {0,}\${0,}[0-1]{0,}/) { spam("s01896",(int ((0.7 * length($&) / 14) * 100)) / 100, $&); } if (/taking the liberty of/) { spam("s01897",0.3, $&); } if (/(we( a|)re|i( a|)m) (glad|happy|pleased) to confirm/) { spam("s01898",0.3, $&); } if (/amalgamated bank of/) { spam("s01894",0.6, $&); } if (/intensive investigation/) { spam("s01895",0.4, $&); } if (/size (does |)matters{0,1}/) { spam("s01888",0.2, $&); } if (/women agree/) { spam("s01889",0.2, $&); } if (/cock (growth|enlarg|big)|(grow|enlarged{0,1}|bigger) (your |)cock/) { spam("s01890",1.0, $&); } if (/(almost |every |){0,}(you|guy) (could |can |wish[es]{0,} |wants{0,1} ){1,}(to |it |he |his |your |cock |penis |mahood ){0,}(become |get |be |were |was )bigger/) { spam("s01891",(int ((length($&) / 75) * 100)) / 100, $&); } if (/of{1,} th(e|is) list/) { spam("s01892",0.3, $&); } if (/no thanks/) { spam("s01886",0.2, $&); } if (/anal sex/) { spam("s01885",1.4, $&); } if (/(great|fantastic|best).{0,1}software/) { spam("s01877",0.4, $&); } if (/(great|fantastic|best|lo(w|vv|v)|high)(est|)[^p]{0,1}(possible[^p]{0,1}|)pric(e|ing)s{0,1}/) { spam("s01878",0.4, $&); } if (/save big/) { spam("s01879",0.4, $&); } if (/you need!/) { spam("s01880",0.4, $&); } if (/allegra/) { spam("s01875",0.8, $&); } if (/genealog(y|ist|ical)/) { spam("s01876",0.6, $&); } if (/mail filtering system/) { spam("s01873",0.6, $&); } if (/blocking this .{0,2}m(essage|ail)/) { spam("s01874",0.2, $&); } if (/(we( a|)re |i( a|)m) here to help you/) { spam("s01870",0.8, $&); } if (/(just |)love (to |)hav(e|ing) .{0,12}?sex/) { spam("s01861",1.8, $&); } if (/mensaje no entregado/) { spam("s01854",0.8, $&); } if (/violacion de contenido/) { spam("s01855",3.0, $&); } if (/someone is looking to fall in love with you/) { spam("s01852",2.4, $&); } if (/(purchase|buy|get|sell|receive) (flowers |)(for |)(your |)mother(.{0,3}day|)(.{0,2}flowers|)/) { spam("s01851",1.0, $&); } if (/(to read the attach.{0,50}?the following password|attach.{0,50}?is password protected)/) { spam("s01850",0.8, $&); } if (/(child|kid{1,}ie) porn/) { spam("s01840",0.4, $&); } if (/brand new software/) { spam("s01841",0.4, $&); } if (/protect your privacy/) { spam("s01842",0.4, $&); } if (/permanently (remove|erase|wipe away) any/) { spam("s01843",0.4, $&); } if (/(speeds{0,1} up|improve|restore|boost)[sd]{0,1} (your |)(systems{0,1} |exercise |)performance/) { spam("s01844",0.4, $&); } if (/(remove|delete)s{0,1} (useless|un{1,}ecessary|un{1,}eeded) files/) { spam("s01845",0.4, $&); } if (/(regain|restore|increase)[sd]{0,1} disk space/) { spam("s01846",0.4, $&); } if (/spy.{0,1}ware detection/) { spam("s01847",0.4, $&); } if (/(hot(test|) |)porn.{0,3}(web.{0,3}|)sites{0,1}/) { spam("s01838",0.8, $&); } if (/groundbreaking/) { spam("s01822",0.2, $&); } if (/exceptional/) { spam("s01823",0.2, $&); } if (/check (out |this |our ){0,}(groundbreaking|exceptional|amazing|fantastic|awesome) (new |)(product|company|organi[sz]ation)/) { spam("s02795",1.0, $&); } elsif (/(groundbreaking|exceptional|amazing|fantastic|awesome|great new|revolutionary) (new |)(product|company|organi[sz]ation|stock|issue)/) { spam("s01824",0.6, $&); } if (/exceptional/) { spam("s01823",0.2, $&); } if (/this is an automat(ic|ed) (callback|response|reply|message|e{0,1}.{0,1}mail)/) { spam("s01817",0.4,$&); } if (/(all |)prices are in ((us|dollars|\$)\s{0,1}){1,}/) { spam("s01812",0.8,$&); } if (/online.{0,1}(training|course|learning|education|survey)/) { spam("s01809",0.6,$&); } if (/web.{0,1}(training|course|learning|education|survey)/) { spam("s01810",0.6,$&); } if (/distance.{0,1}(learning|education)/) { spam("s01811",1.0,$&); } if (/nachricht/) { spam("s01806",0.4,$&); } if (/dass folgende/) { spam("s01807",0.4,$&); } if (/abgesandt/) { spam("s01808",0.4,$&); } if (/your (spouse|collea{0,1}gu{0,1}e)/) { spam("s01805",0.4,$&); } if (/((do you |)(want|need) |(would you |)like |(are you |)looking for |)(to try |)(pr(escrib|ovid)(e|ing)[sd]{0,1} |)(the(se|) |)(((pop|reg)ular|cheap(est|)|low(est|) cost|(most |)af{1,}ordable|and|new|canadian|imported) {0,1}){1,}((med(ication|)|drug|rx)s{0,1}){1,}/) { spam("s01801",(int ((0.6 * length($&) / 12) * 100)) / 100,$&); } if (/vic[oi]d[io]n/) { $tmp = $&; if (!/vicodin/) { spam("s01802",2.0,$tmp); } else { spam("s01802",1.0,$tmp); } } if (/hydr[oa]cod[oi]ne/) { spam("s01803",1.2,$&); } if (/pain.{0,1}killers{0,1}/) { spam("s01804",0.4,$&); } if (/(positive.{0,1}|forward.{0,1}|looking.{0,1}){1,}statements{0,1}/) { spam("s01800",0.4,$&); } if (/(((us |)stocks{0,1} |shares{0,1} |bullish |markets{0,1} |watch |news{0,1} |(ground|)breaking |flash |explosive |(short.{0,1}|)term |trad(es{0,1}|ing) |profits{0,1} |technology |issue[sd]{0,1} |ticker |releases{0,1} |indicates{0,1} |appointed |board |contractual |advis(ing|ors{0,1}) |revenues{0,1} |growth |prices{0,1} ).{0,15}){5,}/) { spam("s01795",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/aviso/) { spam("s01795",0.6,$&); } if (/sistema de antivirus/) { spam("s01796",2.0,$&); } if (/contendo/) { spam("s01797",0.4,$&); } if (/assunto/) { spam("s01798",0.4,$&); } if (/quarentena/) { spam("s01799",1.0,$&); } if (/proibida/) { spam("s01792",1.0,$&); } if (/palavra proibida/) { spam("s01793",1.0,$&); } if (/nao autorizada/) { spam("s01794",2.0,$&); } if (/(stock |share |ticker |price |tech ){1,}(adjustment|analysis|coverage)/) { spam("s01786",0.8,$&); } if (/registered financial/) { spam("s01787",0.4,$&); } if (/paid advertisement/) { spam("s01788",0.4,$&); } if (/third party/) { spam("s01789",0.4,$&); } if (/not af{1,}iliated with/) { spam("s01790",0.4,$&); } if (/profiled co(mpany|rporation)/) { spam("s01791",0.4,$&); } if (/(not{0,1} |((or |)((study|test|interview)(s|ing|)|exams{0,1}|class(es|)|books{0,1}))[ \!]|(is |)(need|require)(e{0,1}d[ \!]| (to |))){3,}/) { spam("s01785",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/(higher|better|improve(d| your)) (paying |)(job|salary)/) { spam("s01784",0.4,$&); } if (/automatisch verzonden/) { spam("s01783",3.5,$&); } if (/mensagem .{0,80}(automatica|recebida)/) { spam("s01782",2.5,$&); } if (/vous (nous |)avez demande de supprimer/) { spam("s01781",4.0,$&); } if (/(hot |(east.{0,1}|)euro(pean|) |models{0,1} |agency |g[il]r[il]s{0,1} |swedish |babes{0,1} ){2,}/) { spam("s01775",(int ((0.4 * length($&) / 8) * 100)) / 100,$&); } if (/(exclusively {0,1}|available {0,1}){2}/) { spam("s01772",0.4,$&); } if (/exclusive(ly){0,1} (available {0,}|on cd.{0,1}rom {0,}){1,}/) { spam("s01770",0.8,$&); } if (/(american |medical |directory |physicians{0,1} |guide |administered by licensed ){2,}/) { spam("s01771",(int ((0.3 * length($&) / 10) * 100)) / 100,$&); } if (/(second|minute|hour|day|week|month|year|decade|centur(y|ie))s{0,1} (instead of|not)( an{0,1}|) (second|minute|hour|day|week|month|year|decade|centur(y|ie))s{0,1}/) { spam("s01768",0.8,$&); } if (/(diet|exercis)(e|ing|) (and|or|with) (diet|exercis)(e|ing|)/) { spam("s01765",0.4,$&); } if (/dyapex/) { spam("s01761",1.2,$&); } if (/works for (both |)(wo|)men and (wo|)men/) { spam("s01762",0.8,$&); } if (/foods{0,1} (yo|)u love/) { spam("s01763",0.6,$&); } if (/americas ((new|lat|fin|b|great)e|fir)st/) { spam("s01759",0.4,$&); } if (/(term |life |free |insurance ){1,}coverage/) { spam("s01758",0.8,$&); } if (/no hassles{0,1}/) { spam("s01756",0.4,$&); } if (/hey whats up/) { spam("s01752",0.6,$&); } if (/just thought i would say he(y|llo)/) { spam("s01753",0.6,$&); } if (/luv ya/) { spam("s01754",0.6,$&); } if (/popular soft.{0,1}ware/) { spam("s01748",0.4,$&); } if (/popular soft.{0,1}wares/) { spam("s01749",0.8,$&); } if (/soft.{0,1}wares/) { spam("s01757",0.6,$&); } if (/a friend has set you up/) { spam("s01747",1.2,$&); } if (/(let us |we( wi|)ll )negotiate with the (irs|tax)/) { spam("s01746",2.0,$&); } if (/a fraction of what you owe/) { spam("s01747",1.6,$&); } if (/never expire/) { spam("s01744",0.4,$&); } if (/registered copy/) { spam("s01745",0.4,$&); } if (/publication/) { spam("s01735",0.2,$&); } if (/ad{1,} photos to your e mail with msn / or /msn .{0,20}get .{0,10} months free/) { $has_msn_offer = 1; } if (/(watch|get) un.{0,1}limited/) { spam("s01726",0.4,$&); } if (/cable (subscri(ber|ption)|view(er|ing)|owner)/) { spam("s01727",0.6,$&); } if (/dear cable subscriber/) { spam("s01728",2.4,$&); } if (/mature.{0,1}chan{1,}els{0,1}/) { spam("s01731",0.8,$&); } if (/movie.{0,1}chan{1,}els{0,1}/) { spam("s01732",0.4,$&); } if (/(pay|spend) (a lot |lots |(so |)much |)(less|more)/) { spam("s01723",0.4,$&); } if (/(pay|spend) (a lot |lots |(so |)much |)(less|more) (for |on |your ){1,}(med[sz]|rz|prescription|pharma)/) { spam("s03385",2.6,$&); } if (/we(( wi|)ll| can|) (take care of|handle) (it|everything)/) { spam("s01722",1.2,$&); } if (/(^.{0,20}|http[^ ].{0,} )((high.{0,1}street|price|of{1,}er|drug|pill|tablet|slash|cut|we(ll| can)( beat|)|pay|spend|save|cost|lower|less|more|over|half|medica(tions{0,1}|l( supplies|))| meds|pharma|(hard |)earn(ed|ing)|supplies|give away|hand over|money|ship(ping|)|to your home|doctors{0,1}( visit|)|appointment).{0,20}?){2,}?(http|ad{1,} photos)/) { spam("s01720",4.8,$&); } if (/(your |high ){1,}drug( cost|)s/) { spam("s01719",0.8,$&); } if (/(a |)((incredible|unbelievable|huge|great|(saving|deal|discount)s{0,1}) {0,1}){2,}/) { $tmp= $&; if ($tmp !~ /^a great deal $/) { spam("s01718",0.8,$tmp); } } if (/(way|far) too{0,1} (much|costly)/) { spam("s01714",0.4,$&); } if (/(way|much) (lower|less) than/) { spam("s01715",0.4,$&); } if (/ mark.{0,1}downs{0,1} /) { spam("s01716",0.4,$&); } if (/(lista nem letezik|cimeztel engedelyezesre var)/) { spam("s01713",1.8,$&); } if (/your (web.{0,1}|)site.{0,50}has been submitted|submit.{0,50}your (web.{0,1}|)site/) { spam("s01708",0.8,$&); } if (/our search (engine|director(y|ie)|listing)s{0,1} database/) { spam("s01709",0.4,$&); } if (/url (that |)will be ad{1,}ed/) { spam("s01710",0.4,$&); } if (/((automated|software|url|submission).{0,6}){4}/) { spam("s01711",0.8,$&); } if (/not just for (wo|)men/) { spam("s01704",0.4,$&); } if (/for (wo|)men who (have|can|dont)/) { spam("s01705",0.4,$&); } if (/(famous |blue |erection |male |enhancement |pill |tablet ){2,}/) { spam("s01703",(int ((1.0 * length($&) / 5) * 100)) / 100,$&); } if (/this is an autoresponder ill never see your message/) { spam("s01702",5.0,$&); } if (/el moderador/) { spam("s01697",0.8,$&); } if (/sugerencia/) { spam("s03412",0.8,$&); } if (/ la lista /) { spam("s03413",0.4,$&); } if (/pueda revisarlo/) { spam("s01698",0.6,$&); } if (/siendo retenida/) { spam("s01699",0.6,$&); } if (/sera enviado/) { spam("s01700",0.6,$&); } if (/una notificacón/) { spam("s01701",0.6,$&); } if (/de la decisión/) { spam("s01696",0.6,$&); } if (/blind date network/) { spam("s01696",2.6,$&); } if (/set up a friend/) { spam("s01695",0.6,$&); } if (/demande de confirmation/) { spam("s01692",0.8,$&); } if (/(symantec|kaspersky|mcafee|interscan) (mss|antivirus|av|(group|web)shield)/) { spam("s01693",0.8,$&); } if (/report to sender/) { spam("s01690",0.8,$&); } if (/incident information/) { spam("s01691",0.8,$&); } if (/(please |)consult your (system |)administrator/) { spam("s01689",0.8,$&); } if (/( (w32.{0,1}|)bagle.{0,1} |(w32.{0,1}|)(mydoom|sobig|novarg|mimail|netsky))/) { spam("s01684",0.4,$&); } if (/this is the qmail send program.{0,150}?permanent er{1,}or.{0,150}?(mydoom|sobig|novarg|mimail|netsky|bagle)/) { spam("s01832",4.0,"qmail permanent error: " . $1); } if (/message (can{1,}ot be represented in 7.{0,1}bit|contains unicode characters)/) { spam("s01685",0.4,$&); } if (/has been sent as a binary attachment/) { spam("s01686",0.4,$&); } if (/the message (contains unicode characters|can{1,}ot be represented in 7 bit asc..( encoding|)) and has been sent as a binary attachment/) { spam("s01694",4.0,$&); } if (/(interscan (nt |mss |)|virus ){1,}a[il]ert/) { spam("s01687",0.4,$&); } if (/(message|file|attachement) (contain(s|ed)|is infected with) (a |the |)(virus|malware|worm|trojan)|infecteerd met een virus/) { spam("s01688",1.4,$&); } if (/your lucky day/) { spam("s01683",0.4,$&); } if (/give your (wife|girl(friend|)) what she wants/) { spam("s01680",3.4,$&); } if (/virility/) { spam("s01681",0.4,$&); } if (/virility pills{0,1}/) { spam("s01682",1.6,$&); } if (/((choose|pick|select) from (these |)|popular titles{0,1} |(for |)(you |)to (choose|pick|select) from){2}/) { spam("s01676",0.8,$&); } if (/works exactly the same/) { spam("s01675",0.4,$&); } if (/rock.{0,1}bottom.{0,1}prices{0,1}/) { spam("s01674",0.6,$&); } if (/academic qualifications{0,1}/) { spam("s01670",0.6,$&); } if (/(established |prestigious |(non.{0,1}){0,1}ac{1,}r(ed|)(itted|) |universit(y|ie)s{0,1} |colleges{0,1} ){2,}/) { spam("s01671",(int ((0.25 * length($&) / 10) * 100)) / 100,$&); } if (/lack (the |of |right |necessary ){0,}qualifications{0,1}/) { spam("s01672",0.8,$&); } if (/(job of your dreams|dream job)/) { spam("s01673",0.4,$&); } if (/entertain your customers{0,1}/) { spam("s01658",1.8,$&); } if (/animated logo/) { spam("s01659",0.4,$&); } if (/flash logo/) { spam("s01660",0.4,$&); } if (/web site intro/) { spam("s01661",0.4,$&); } if (/smart animation/) { spam("s01662",0.4,$&); } if (/tv commercial/) { spam("s01663",0.2,$&); } if (/most (reputable|ef{1,}ective)/) { spam("s01664",0.4,$&); } if (/recommended vendors{0,1}/) { spam("s01665",0.4,$&); } if (/exceptional service/) { spam("s01666",0.4,$&); } if (/high quality work/) { spam("s01667",0.4,$&); } if (/whatever (your |the )(deadline|budget)/) { spam("s01668",0.8,$&); } if (/make your (web.{0,1}|)site more (attractive|appealing)/) { spam("s01669",2.8,$&); } if (/i said i love you (and |but |)you said nothing/) { spam("s01649",3.4,$&); } if (/now go away from me/) { spam("s01650",0.8,$&); } if (/here are my love letters/) { spam("s01651",2.4,$&); } if (/mock me mock me again and again/) { spam("s01652",3.4,$&); } if (/billing notice/) { spam("s01643",0.4,$&); } if (/please press open/) { spam("s01644",0.6,$&); } if (/if you do not read this within/) { spam("s01645",0.6,$&); } if (/terminate (your |)internet (service|ac{1,}ount)/) { spam("s01646",0.6,$&); } if (/(exclusive |)(dating |)(web.{0,2}|)(site |)created by women/) { spam("s01640",(int ((0.75 * length($&) / 8) * 100)) / 100, $&); } if (/(exclusive |adult ){1,}dating( (web.{0,2}|)site | service| agency){0,}/) { spam("s03374",(int ((length($&) / 12) * 100)) / 100, $&); } if (/(anonymous |fun ){2,}/) { spam("s01641",0.8,$&); } if (/hey! oh my god/) { spam("s01631",0.4,$&); } if (/(so long|years|ages) since we(ve| have| talked| last){2,}/) { spam("s01632",0.4,$&); } if (/see each other anymore/) { spam("s01633",0.4,$&); } if (/i sent you something (the |)last time/) { spam("s01634",0.4,$&); } if (/wondering if you got it/) { spam("s01635",0.4,$&); } if (/let me know if you like it/) { spam("s01636",0.4,$&); } if (/(gover{0,1}n{0,1}ment|creditors) do( not|nt) want (you|me) to (know|tell|sell|see)/) { spam("s01629",2.2,$&); } if (/refinanc[^ ]{1,3}/) { spam("s01628",0.4, $&); } if (/marketing system/) { spam("s01625",0.8, $&); } if (/(n(othing|ada|aught|ought)|z(ero|ip|ilch)) (for you |)to buy/) { spam("s01626",0.8, $&); } if (/(n(othing|ada|aught|ought)|z(ero|ip|ilch)) (for you |)to sell/) { spam("s01627",0.8, $&); } if (/(super |)via9ra/) { spam("s02013",4.5, $&); } if (/(^| )(v[iagr]{4,}[\! ])/) { if (!($2 eq "viagra ")) { spam("s01623",3.0, $&); } } if (/(^| )ciali[\! ]/) { spam("s01623",2.0, $&); } if (/(^| )xana[\! ]/) { spam("s01623",1.0, $&); } if (/(^| )valiu[\! ]/) { spam("s01623",2.0, $&); } if (/([genric]{6,}) (v[iagr]{4,}[\! ])/) { if ((!($2 eq "generic")) || (!($2 eq "viagra"))) { spam("s01624",3.0, $&); } } if (/enlarg(e|ing)/) { spam("s01615",0.2, $&); } if (/supplement/) { spam("s01616",0.2, $&); } if (/enhancement/) { spam("s01617",0.2, $&); } if (/en(hanc|larg)ement (oil|pill|drug|remedy|supplement|meds{0,1} )/) { spam("s01622",2.4, $&); } if (/available!/) { spam("s01618",0.4, $&); } if (/works!/) { spam("s01619",0.4, $&); } if (/seconds{0,1}!/) { spam("s01620",0.4, $&); } if (/amazing!/) { spam("s01621",0.2, $&); } if (/at (its|their) best/) { spam("s01611",0.4, $&); } if (/(some of|among) the (fin|b)est/) { spam("s01612",0.4, $&); } if (/(f(ou|i)nd anywhere|available) (in the world|today)/) { spam("s01613",0.6, $&); } if (/check out (our|th(is|e)) s(tor|al)e/) { spam("s01607",0.4, $&); } if (/hav(e|ing) a sale on/) { spam("s01608",0.4, $&); } if (/(crazy|low) low (price|amount)/) { spam("s01609",1.4, $&); } if (/herbal (remedy|cure|enterprise)/) { spam("s01818",0.8,$&); } if (/(herbal {0,1}|(drug|pill)s{0,1} {0,1}|online {0,1}|enhancement {0,1}){3,}/) { spam("s01610",(int ((0.75 * length($&) / 6) * 100)) / 100, $&); } if (/(tiny |smallest |private |digital |wireless |video |camera |webcam ){3,}/) { spam("s01604",(int ((0.3 * length($&) / 6) * 100)) / 100, $&); } if (/surveillance/) { spam("s01605",0.2, $&); } if (/spycam/) { spam("s01606",0.4, $&); } if (/(hundred|thousand|[mb]illion)s{0,1} (of |)(us|buy|sell|custom)ers{0,1}/) { spam("s01601",0.8,$&); } if (/today!/) { spam("s01602",0.4,$&); } if (/promot(ing|es{0,1}) (your |a )(own |)((web.{0,1}|)site|business|company)/) { spam("s01603",0.8,$&); } if (/enjoy (your|this) (free |)(page|site)/) { spam("s01600",0.6,$&); } if (/(ac{1,}redited|academic|qualification|enrollment|transcript|college|doctorate|degree|masters|bachelor|diploma|desired field|required field)(.*)/) { $spam_text = $1; $remainder = $2; while ($remainder =~ /(ac{1,}redited|academic|qualification|enrollment|transcript|college|doctorate|degree|masters|bachelor|diploma|desired field|required field)(.*)/) { $spam_text .= " " . $1; $remainder = $2; } spam("s03578",(int ((0.25 * length($spam_text) / 7) * 100)) / 100,$spam_text); } if (/(our |)((special|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|academic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}[ \!]{0,}[^ ]{0,4}? {0,}){4,}(department|of{1,}ice|)/) { spam("s01598",(int ((0.25 * length($&) / 7) * 100)) / 100,$&); } elsif (/(our |)((special|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|academic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}[ \!]{0,}[^ ]{0,4}? {0,}){3,}(department|of{1,}ice|)/) { spam("s01598",(int ((0.25 * length($&) / 7) * 100)) / 100,$&); } elsif (/(our |)((special|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|course|academic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}[ \!]{0,}.{0,4}? {0,}){2,}(department|of{1,}ice|)/) { spam("s01598",(int ((0.2 * length($&) / 7) * 100)) / 100,$&); } if (/((university|course|academic|qualification|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1} ){1,}enrollment/) { spam("s02922",(int ((0.2 * length($&) / 7) * 100)) / 100,$&); } if (/((( {0,}university| {0,}doctorate| {0,}diploma| {0,}degree| {0,}bachelors| {0,}masters| {0,}registrars| {0,}phd)( and| or){0,}){1,}|enrollment)( enrollment| administration| department| of{1,}ice){1,}/) { spam("s02924",(int ((length($&) / 24) * 100)) / 100,$&); } if (/transcript/) { spam("s02923",0.2,$&); } if (/you (may |can| might |possibly |could |will ){0,}qualify/) { spam("s02995",0.2,$&); } if (/(enroll|(join|sign)( up| on|)|enlist) by the (due |specified ){0,}date/) { spam("s02925",0.4,$&); } if (/get(ting|) rocked by/) { spam("s01597",2.0,$&); } if (/(mega[^l^o^m]{0,2}|online[^l^o^m]{0,2}){1,}lott{0,1}(er(y|ie|ia)|o)s{0,1}([ \?\!]|$)/) { $tmp = $&; spam("s01590",(int ((0.4 * length($tmp) / 8) * 100)) / 100, $tmp); if ($tmp !~ /lott(er(y|ies)|os{0,1})/) { spam("s02262",1.6, $tmp); } } if (/lott{0,1}er(y|ie|ia)s{0,1}([ \?\!]|$)/) { $tmp = $&; spam("s01590",(int ((0.4 * length($tmp) / 8) * 100)) / 100, $tmp); if ($tmp !~ /lotter(y|ies)/) { spam("s02262",1.6, $tmp); } } if (/lump sum/) { spam("s01591",0.2,$&); } if (/individual .{0,2}mail ad{1,}ress/) { spam("s01593",0.4,$&); } if (/promotional program/) { spam("s01594",0.4,$&); } if (/([mb]illion|hundred|thousand|[0-9\.,]{3,}).{0,10}dull{0,1}a/) { spam("s01595",2.4,$&); } if (/p(aris|) hilton/) { spam("s01587",1.0,$&); } if (/caught on (tape|video|camera)/) { spam("s01588",1.4,$&); } if (/could be your last chance/) { spam("s01589",0.4,$&); } if (/video (only |)(released|available)/) { spam("s01590",0.8,$&); } if (/\$[0-9,.]{1,} (a copy|each)/) { spam("s01584",0.8,$&); } if (/great christmas gift/) { spam("s01585",0.4,$&); } if (/would you like to make cash/) { spam("s01581",2.0,$&); } if (/the ezy way/) { spam("s01582",2.0,$&); } if (/refer{1,}al (code|network)/) { spam("s01583",0.6,$&); } if (/maintenance fee/) { spam("s01575",0.4,$&); } if (/are you (sick |tired |and |pissed ){1,}(of|at)/) { spam("s01576",0.8,$&); } if (/for a profit/) { spam("s01577",0.4,$&); } if (/timeshare/) { spam("s01578",0.4,$&); } if (/(must be |if you are |i( a|)m |i( a|)m a)(over |under |)[0-9]{2}( years{0,1}( of age| old)|)/) { spam("s01580",0.4,$&); } if (/server is generating high volumes of member complaints/) { spam("s01572",0.8,$&); } if (/(rat|pric)es (are |)as low as/) { spam("s01571",1.0,$&); } if (/suc{2,}k/) { spam("s01564",1.0,$&); } if (/suck{2,}/) { spam("s01565",1.0,$&); } if (/depraved/) { spam("s01570",0.2,$&); } if (/you (are not going to|wont|will not) believe your eyes/) { spam("s01566",0.8,$&); } if (/if this [li]ink is unclickable/) { spam("s01568",1.0,$&); } if (/((tiny|young|nude).{0,1}){1,}(model|thing|babe|teen|chick{0,1}|hun{1,}(y|ies))/) { spam("s01569",0.8,$&); } if (/information pack/) { spam("s01561",0.4,$&); } if (/sales training/) { spam("s01562",0.4,$&); } if (/an issue for your company/) { spam("s01563",0.8,$&); } if (/(cool |wicked |free ).{0,30}screensaver/) { spam("s01560",1.5,$&); } if (/never (need to |)diet again/) { spam("s01557",1.8,$&); } if (/lower blood pressure/) { spam("s01558",0.6,$&); } if (/(improve|decrease|elevated|high) ch{0,1}olest(erol|)/) { spam("s01559",0.6,$&); } if (/illegal host/) { spam("s01554",0.8,$&); } if (/((god|jesus|pray|bible|sav(e|iou{0,1}r)|soul|church|sin|lord|calvary).{0,20}?){3,}/) { spam("s01553",1.0,$&); } if (/proven system/) { spam("s01550",0.8,$&); } if (/too good to be true/) { spam("s01551",0.4,$&); } if (/(jerk|wank|toss|wh{0,1}ack) (yourself |)of{1,}/) { spam("s01548",1.8,$&); } if (/mailz/) { spam("s01547",0.8,$&); } if (/bulk service/) { spam("s01544",0.8,$&); } if (/bulk filter/) { spam("s01545",0.8,$&); } if (/(full|complete|total)(l{0,1}y|) anonym(ity|ous)/) { spam("s01546",1.0,$&); } if (/business partner/) { spam("s01542",0.4,$&); } if (/possible business/) { spam("s01543",0.4,$&); } if (/vous aimez/) { spam("s01538",0.6,$&); } if (/nint.resse pas/) { spam("s01539",0.6,$&); } if (/cordialement/) { spam("s01540",0.6,$&); } if (/nous avons/) { spam("s01541",0.6,$&); } if (/high quality/) { spam("s01535",0.1,$&); } if (/well designed/) { spam("s01536",0.1,$&); } if (/no pop.{0,1}ups/) { spam("s01537",0.4,$&); } if (/you (wont|will (be |)not) ((be |)disappointed|regret)/) { spam("s01534",0.8,$&); } if (/er{1,}e{1,}c{1,}t{1,}i{1,}(le{0,1}|on).{0,1}d[yi]sfunction/) { spam("s01533",2.6,$&); } if (/girls{0,1} feels{0,1} sor{1,}y for (his|your) (ugly |)ass/) { spam("s01531",3.0,$&); } if (/undesirable men/) { spam("s01532",2.0,$&); } if (/no more (message|.{0,2}mail)s{0,1}/) { spam("s01527",0.8,$&); } if (/med[ie]{0,}cine/) { spam("s01528",0.2,$&); } if (/enlarge/) { spam("s01529",0.2,$&); } if (/jump in (stock |share |)(price|value)/) { spam("s01525",0.6,$&); } if (/otc news a[il]ert/) { spam("s01524",2.0,$&); } if (/stock market/) { spam("s01520",0.1,$&); } if (/(press|news) (release|a[il]ert)/) { spam("s01521",0.2,$&); } if (/(urgent |fastest |latest |breaking |compan[iesy]{1,} |news |press |release |a[il]ert ){3,}/) { spam("s02860",(int ((length($&) / 25) * 100)) / 100,$&); } if (/investor relations/) { spam("s01522",0.2,$&); } if (/(emerging|foreign) (leader|market)/) { spam("s01523",0.2,$&); } if (/photo lover/) { spam("s01518",0.4,$&); } if (/((digital|(web|)cam(corder|era|)|video|live|chat)s{0,1}.){3,}/) { spam("s01519",0.6,$&); } if (/(huge|big(ger|)|hard) (discount|penis|bastard|johnson)/) { spam("s01514",0.6,$&); } if (/(huge|big(ger|)|power(ful|)|better|improve(d| your)|strong(er|)|(rock.{0,1}|)hard) (e(rec|jacula)tions{0,1}|penis)/) { spam("s01848",1.2,$&); } if (/you( can| have | been| only| ever|ve){0,} dream(ed|ing|t|) (of|to)/) { spam("s03367",0.6,$&); } if (/hot(test|) new item/) { spam("s01513",0.6,$&); } if (/se(arch|ek)ing out stocks/) { spam("s01511",0.4,$&); } if (/(target|cur{1,}ent).{0,1}price/) { spam("s01510",0.4,$&); } if (/(target|cur{1,}ent).{0,1}(trading |)range/) { spam("s03104",0.4,$&); } if (/(target|cur{1,}ent).{0,1}stock/) { spam("s03105",0.4,$&); } if (/cur{1,}ently.{0,1}trad(es|ing)( range|)/) { spam("s03351",0.4,$&); } if (/trading ((in|at|the|[0-9\$]|cents{0,1}|dollars{0,1}) {0,}){0,}range/) { spam("s01751",0.4,$&); } if (/upside potential/) { spam("s01509",0.8,$&); } if (/online secret/) { spam("s01507",0.6,$&); } if (/((online|jobs{0,1}|employment).{0,1}){2}/) { spam("s01508",0.6,$&); } if (/(s(tar|e)t|run(n|)|open|get(t|))(ing|)(.{0,1}up| into|) (a( new|)|your( own|)) business/) { spam("s01506",1.6,$&); } if (/tired of your (cur{1,}ent |)job/) { spam("s01502",0.4,$&); } if (/tired of your boss/) { spam("s01503",0.4,$&); } if (/tired of your co(lleagues|.{0,1}workers)/) { spam("s01504",0.4,$&); } if (/new (and |)(better |)life/) { spam("s01505",0.4,$&); } if (/the same active ingredient/) { spam("s01498",0.8,$&); } if (/ hit me up/) { spam("s01495",1.8,$&); } if (/un.{0,1}(limit|meter)ed (bandwidth|.{0,2}mail)/) { spam("s01494",0.4,$&); } if (/(^| )(wo|)mens health/) { spam("s01491",0.4,$&); } if (/coupon/) { spam("s03371",0.2,$&); } if (/sexual/) { spam("s03370",0.4,$&); } if (/sexual health/) { spam("s02192",0.8,$&); } if (/tv infomercial/) { spam("s01486",0.6,$&); } if (/generat(e(d|s|)|ing) (new |)(leads|business)/) { spam("s01487",0.6,$&); } if (/(new |)(customer|member|sign.{0,1}up)s (a |per )(week|day|month|year)/) { spam("s02823",0.4,$&); } if (/exp(lode|and) your business/) { spam("s01488",0.6,$&); } if (/find out how!/) { spam("s01482",0.6,$&); } if (/you might miss/) { spam("s01479",0.4,$&); } if (/ miss( out|)( on|)!/) { spam("s01485",0.6,$&); } if (/limited op{1,}ortunit/) { spam("s01480",0.6,$&); } if (/in your area/) { spam("s01481",0.4,$&); } if (/you do(nt| not) want to miss/) { spam("s01483",0.6,$&); } if (/((there( i|)s|you( ha|)ve( got|)|with) (n(othing|ada|aught|ought)|z(ero|ip|ilch))|what) ((for |that |do )you (got |)|have ){0,}(to|can) lose/) { spam("s01484",0.6,$&); } if (/pen{1,}y stock/) { spam("s01474",0.8,$&); } if (/growth stock/) { spam("s02973",0.6,$&); } if (/stealth stock/) { spam("s02974",1.0,$&); } if (/past (performance|results) (is|are) not an indicator of future (results|performance)/) { spam("s01475",0.2,$&); } if (/stock profile/) { spam("s01476",0.2,$&); } if (/investment decision/) { spam("s01477",0.2,$&); } if (/(investment |financial )advi(ce|s[oe]r)/) { spam("s01478",(int ((0.1 * length($&) / 8) * 100)) / 100,$&); } if (/(^| )owe too much/) { spam("s01468",0.6,$&); } if (/we can (get|help) you out/) { spam("s01469",0.6,$&); } if (/health.{0,1}care/) { spam("s01465",0.4,$&); } if (/ hiring/) { spam("s01461",0.4,$&); } if (/now hiring/) { spam("s01462",0.4,$&); } if (/we( ha|)ve (got |)(the|your) (perfect |ideal |)(solution|answer)/) { spam("s01463",0.8,$&); } if (/you will develop a(n| (bett|full)(er){0,1}) (understanding|appreciation)/) { spam("s01464",0.6,$&); } if (/comunicacion/) { spam("s01459",0.4,$&); } if (/ dinero/) { spam("s01460",0.4,$&); } if (/(cost|price)s{0,1} too high/) { spam("s01456",0.8,$&); } if (/gas(oline){0,1} prices/) { spam("s01457",0.4,$&); } if (/(less|more|fewer|lower) than .{0,20} minutes a day/) { spam("s01455",0.6,$&); } if (/wall street/) { spam("s01450",0.2,$&); } if (/blue chip/) { spam("s01451",0.2,$&); } if (/automated s(tock|hare) trad/) { spam("s01452",0.6,$&); } if (/s(tock|hare) trading system/) { spam("s01453",0.6,$&); } if (/no more advertisement/) { spam("s01455",0.6,$&); } if (/whitening (kit|gel)/) { spam("s01445",0.8,$&); } if (/(brighter|whiter) smile/) { spam("s01446",0.8,$&); } if (/visit to the dentist/) { spam("s01447",0.4,$&); } if (/conventional product/) { spam("s01448",0.4,$&); } if (/(savemefuel|of{1,}ermania|redirectadvertising)/s) { spam("s01443",3.0,"Bad site: " . $&); } if (/(price|cost|skyrocket(ed|ing|)).{0,8}(price|cost|skyrocket(ed|ing|)s{0,1})/) { spam("s01441",1.2,$&); } if (/every time!/) { spam("s01442",0.6,$&); } if (/[mb]illion (people|users|customers)/) { spam("s01440",0.8,$&); } if (/economic climate in (our|this|my) country/) { spam("s01438",1.6,$&); } if (/mail advertis(e|ing)/) { spam("s01439",0.8,$&); } if (/ enter to win/) { spam("s01433",0.4,$&); } if (/(new |great ){1,}product/) { spam("s01434",0.4,$&); } if (/traf{1,}ic exchange/) { spam("s01435",1.0,$&); } if (/advertis(e|ing) on (your|my|our) site/) { spam("s01436",1.2,$&); } if (/learn the art of hypnosis/) { spam("s01428",3.6,$&); } if (/hypnosis/) { spam("s01429",0.4,$&); } if (/the complete guide to/) { spam("s01430",0.4,$&); } if (/everyone is talking about/) { spam("s01431",0.4,$&); } if (/can be yours (today|right now)/) { spam("s01432",0.6,$&); } if (/dear friend/) { spam("s01424",0.6,$&); } if (/use this internet explorer patch now/) { spam("s01425",2.4,$&); } if (/there are dangerous virus in the internet now/) { spam("s01426",2.4,$&); } if (/more than [0-9\.\,]{0,} already infected/) { spam("s01427",2.4,$&); } if (/fine print/) { spam("s01423",0.4,$&); } if (/one stop (loan|shop)/) { spam("s01419",0.8,$&); } if (/need (of |a ){0,}(loan|mort{0,1}g{0,1}age|great rate)s{0,1}/) { spam("s01420",0.8,$&); } if (/(debts{0,1} {0,1}(terminat|eliminat|consolidat).{0,3}|(terminat|eliminat|consolidat|reduc).{0,3} (your |)(unsecured |)debt)/) { spam("s01421",0.8,$&); } if (/(online |(credit |loans{0,1} )){2}/) { spam("s01422",0.8,$&); } if (/registered to receive/) { spam("s01416",0.8,$&); } if (/receive a re(ply|sponse)/) { spam("s01868",0.4,$&); } if (/(we|i) a(re|m) pleased to inform you/) { spam("s01417",0.4,$&); } if (/lucrative career/) { spam("s01418",0.4,$&); } if (/lottery (win{1,}ing |)in(formation|ternational)/) { spam("s01413",1.6,$&); } if (/(circle |)email lottery( international|)/) { spam("s01414",1.6,$&); } if (/like to spy on (you|me|her|him)/) { spam("s01412",1.0,$&); } if (/stops{0,1} .{0,30}? in (its|their) tracks/) { spam("s01408",0.8,$&); } if (/spending valuable time/) { spam("s01409",0.2,$&); } if (/no.{0,20}? works better/) { spam("s01410",0.2,$&); } if (/internet names /) { spam("s01406",1.0,$&); } if (/(new(est|)|(cool|lat)est) internet name/) { spam("s01407",1.0,$&); } if (/warp generator/) { spam("s00124",0.4,$&); } if (/procurement (procedure|department)/) { spam("s00125",0.4,$&); } if (/utmost confidentiality/) { spam("s03405",0.4,$&); } if (/i (urge|implore|beg) (of |)you to/) { spam("s03406",0.4,$&); } if (/assist (me|him|her|them|us) in receiving/) { spam("s03407",0.4,$&); } if (/new(est|) domain( name|)s/) { spam("s00126",0.2,$&); } if (/most popular/) { spam("s00127",0.2,$&); } if (/just released/) { spam("s00128",0.2,$&); } if (/say hello to /) { spam("s00129",0.4,$&); } if (/send a separate .{0,2}mail/) { spam("s00130",0.6,$&); } if (/will (only |)(be |)bounced{0,1} back to you/) { spam("s00131",0.6,$&); } if (/say goodbye to /) { spam("s00132",0.4,$&); } if (/do(nt| not) be fooled by/) { spam("s00133",0.4,$&); } if (/( makes a| great| gift| item){3,4}/) { spam("s00134",0.8,$&); } if (/(space.{0,1}age|hi(gh|).{0,1}tech) (material|polymer|fabric)/) { spam("s00135",0.6,$&); } if (/ dash mates{0,1}/) { spam("s00136",3.0,$&); } if (/(unconditional|lifetime) (guarantee|war{1,}anty)/) { spam("s00137",0.8,$&); } if (/fountain of youth/) { spam("s00138",0.6,$&); } if (/(look|feel) younger/) { spam("s00139",0.4,$&); } if (/(look |and |feel ){3}younger/) { spam("s00140",0.8,$&); } if (/the requested url/) { spam("s00141",0.4,$&); } if (/was not found on this server/) { spam("s00142",1.2,$&); } if (/download .{0,50} (now|today)/) { spam("s00143",0.4,$&); } if (/mutual(ly|) (benefi(t|cial)|agree(s|ment)|satisfact(ory|ion))/) { spam("s00144",0.6,$&); } if (/do(n| no)t (waste |any |time |or |you |wil{1,} |might |may |and ){0,}miss (this|ou[rt])/) { spam("s00145",(int ((length($&) / 34) * 100)) / 100,$&); } if (/not to be missed/) { spam("s00146",0.4,$&); } if (/violent cooperation company/) { spam("s03439",4.6,$&); } if (/absolute privacy/) { spam("s00147",0.4,$&); } if (/we .{0,20}invite you/) { spam("s00148",0.4,$&); } if (/you w(ont|ill not) want to miss/) { spam("s00149",1.0,$&); } if (/[\$0-9]{1,} {0,}usd /) { spam("s00150",1.0,$&); } if (/(good |day |hello |hi |hey |there |how |would |you |like |to ){0,}(make|earn|rec(ei|ie)ve|average)(.{0,30}\$ {0,1}[0-9\,]{2,}|(( over| more than| almost| nearly| up| to| at| least){0,} [0-9]{1,}k){1,})(( (per|a(nd{0,1}|re|)|every)( (week|day|month)|)| have| just| by| for| if| can| (return|mak|work)(ing|e|)| (tele|)phone| calls| from| your{0,1}| home| own| house| fully| qualified| start| to(day|)| now| contact| talk| with| us| 8(00|88)[0-9]{1,})[\!\?]{0,}){0,}/) { spam("s00151",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(of{1,}er|over|more than|almost|nearly|up to|costs) [\%\$]{0,} {0,1}[0-9]{1,}( [0-9]{1,}){0,} {0,1}[\%\$]{0,} (of{1,}|less|cheap(er|))/) { spam("s00152",0.8,$&); } if (/ over .{0,10}? million/) { spam("s01402",0.2,$&); } if (/save (you(rself|) |)((well ){0,1}(over|more than) |a(t least| minimum of) |almost |nearly |up to ){0,1}[\%\$]{0,} {0,1}[0-9]{1,}( [0-9]{1,}){0,} {0,1}[\%\$]{0,}/) { spam("s00153",0.8,$&); } if (/(\$ {0,1}[0-9]{1,}|[0-9]{1,} {0,1}[\%\$]) {0,1}((per|an{0,1}) ){0,1}(hour|da[yi]|week|month|year|an{1,}u(m|al))(ly){0,1}/) { spam("s00154",2.0,$&); } if (/\$[0-9\,\.]{8}/) { spam("s00155",1.3,$&); } if (/ [0-9\,\.]{2,}\$/) { spam("s00156",1.0,$&); } if (/ top [0-9]{1,2}[ \%]/) { spam("s00157",0.6,$&); } if (/[0-9 ]{1,}\% (of{1,} |discount |faster |fixed[^r]{0,1}|rate |mort{0,1}g{0,1}age |mrtg |int(erest|) ){1,}/) { spam("s00158",1.4,$&); } if (/( as (little|much) as|(for |)(only|just)) (us|) {0,1}[\%\$]{0,} {0,1}[0-9 ]{1,} {0,1}[\%\$]{0,}/) { spam("s00159",0.8,$&); } if (/ (only|just|under) [\%\$]{0,} {0,1}[0-9]{1,} {0,1}[\%\$]{0,}/) { spam("s00160",0.8,$&); } if (/ for [\%\$]{0,} {0,1}[0-9]{1,} {0,1}[\%\$]{0,}/) { spam("s00161",0.4,$&); } if (/you( wi|)ll agree/) { spam("s00162",0.2,$&); } if (/ order .{0,50} today/) { spam("s00163",0.3,$&); } if (/the last .{0,50} you( wi|)ll ever (own|need|use)/) { spam("s00164",0.8,$&); } if (/make your life easier/) { spam("s00165",0.6,$&); } if (/(people|folks{0,1}) (just |)like you/) { spam("s00166",0.8,$&); } if (/smart scissors/) { spam("s00167",3.6,$&); } if (/32bit .{0,2}mail broadcaster/) { spam("s00168",2.5,$&); } if (/\${3}/) { spam("s00169",0.4,"Lots of dollar signs"); } if (/(\$[^\$]?){12}/) { spam("s00170",1.0,"Looks like encoded text"); } if (/ca\${0,10}h/) { spam("s00171",1.0,"cash with dollar sign"); } if (/100.{0,1}\%.{0,1}(risk.{0,1}){0,1}(free|satisf(ied|action)|safe|bonus)/) { spam("s00172",2.208,$&); } if (/100.{0,1}\%.{0,1}guaranteed{0,1}/) { spam("s00173",3.326,$&); } if (/fantasy (football|soc{1,}er|sport)/) { spam("s00175",1.0,$&); } if (/cash prize/) { spam("s00176",0.4,$&); } if (/now available|available (right ){0,1}(now|today)/) { spam("s00177",0.4,$&); } if (/grand prize/) { spam("s00178",0.4,$&); } if (/you( ha|)ve (just |)won[\! ]/) { spam("s00179",1.0,$&); } if (/you.{0,30} a win{1,}er/) { spam("s00180",1.0,$&); } if (/ our sponsor/) { spam("s00181",0.6,$&); } if (/ promo /) { spam("s00182",0.4,$&); } if (/voucher/) { spam("s03417",0.4,$&); } if (/to (ac{1,}ept|redeem|claim) (your|this) (prize|gift|voucher|of{1,}er)/) { spam("s00183",1.0,$&); } if (/future (cor{1,}espond[ea]nce|mailing|an{1,}ouncement)s{0,1}/) { spam("s00184",0.6,$&); } if (/delivery problem/) { spam("s00185",0.6,$&); } if (/the following recipient/) { spam("s00186",0.6,$&); } if (/delivery failed/) { spam("s00187",0.6,$&); } if (/action (failed|attachments{0,1} (remov|delet|block).{0,2})/) { spam("s00188",0.6,$&); } if (/permanent failure/) { spam("s00189",0.6,$&); } if (/m(essage|ail) [hw]a(s|ve) not (been |)delivered/) { spam("s00190",0.6,$&); } if (/administratively prohibited/) { spam("s00191",0.6,$&); } if (/infected parts/) { spam("s00192",0.6,$&); } if (/zostal/) { spam("s00193",0.8,$&); } if (/wygenerowa/) { spam("s00194",0.8,$&); } if (/przez/) { spam("s00195",0.8,$&); } if (/bazafirmpl/) { spam("s00196",0.8,$&); } if (/ostrzec/) { spam("s00197",0.8,$&); } if (/wyslany/) { spam("s00198",0.8,$&); } if (/zarazony/) { spam("s00199",0.8,$&); } if (/nadawca/) { spam("s00200",0.8,$&); } if (/przeskanowa/) { spam("s00201",0.8,$&); } if (/posiada/) { spam("s00202",0.8,$&); } if (/swojej/) { spam("s00203",0.8,$&); } if (/ksiazce/) { spam("s00204",0.8,$&); } if (/adresowej/) { spam("s00205",0.8,$&); } if (/zauwaz/) { spam("s00206",0.8,$&); } if (/prosze/) { spam("s00207",0.8,$&); } if (/niektore/) { spam("s00208",0.8,$&); } if (/bezposrednio/) { spam("s00209",0.8,$&); } if (/uzywajac/) { spam("s00210",0.8,$&); } if (/antywirus/) { spam("s00211",0.8,$&); } if (/skontaktuj/) { spam("s00212",0.8,$&); } if (/prawdopodobne/) { spam("s00213",0.8,$&); } if (/atendimento/) { spam("s00214",0.8,$&); } if (/prezadoa/) { spam("s00215",0.8,$&); } if (/prazer/) { spam("s00216",0.8,$&); } if (/bradesco/) { spam("s00217",0.8,$&); } if (/reposta/) { spam("s00218",0.8,$&); } if (/pedido/) { spam("s00219",0.8,$&); } if (/emprestimo/) { spam("s00220",0.8,$&); } if (/seguranca/) { spam("s00221",0.8,$&); } if (/satisfacao/) { spam("s00222",0.8,$&); } if (/rapid(o|a)/) { spam("s00223",0.8,$&); } if (/seguro/) { spam("s00224",0.8,$&); } if (/satisfaze/) { spam("s00225",0.8,$&); } if (/preferênciais/) { spam("s00226",0.8,$&); } if (/microgrip nonslip pads/) { spam("s00227",4.0,$&); } if (/check.{0,1}out .{0,20}my ((web.{0,1}|)site|web.{0,1}cam)/) { spam("s00228",0.6,$&); } if (/(swap links{0,1}|link.{0,1}swap) with you/) { spam("s00229",0.8,$&); } if (/never see another pop.{0,1}up/) { spam("s00230",0.8,$&); } if (/proxies.{0,30}mailable|mailable.{0,30}proxies/) { spam("s00231",2.0,$&); } if (/daily prox(y|ies)/) { spam("s00232",2.0,$&); } if (/siehe bild/) { spam("s00233",2.4,$&); } if (/livetref{1,}/) { spam("s00234",2.4,$&); } if (/e(lectronic|).{0,1}(commerce|sales|buying)/) { spam("s00235",0.4,$&); } if (/(i |we |can |will |put |move |get |better |improve(d|ment|s|) |place(ment|) |on |your |(web|).{0,1}site |at |the |top |of |a |all |any |major ){0,}search( engines{0,1}| director(y|ie)s{0,1}| listings{0,1}){1,}/) { spam("s00236",(int ((length($&) / 24) * 100)) / 100,$&); } if (/(important|big|large|key) search (engine|director(y|ie)|listing)s{0,1}/) { spam("s01907",0.6,$&); } if (/( top|major) (search (engine|director(y|ie)|listing)|engine)s{0,1}/) { spam("s00337",1.0,$&); } if (/auto promotion/) { spam("s00237",1.2,$&); } if (/content management/) { spam("s00238",0.4,$&); } if (/ we are a /) { spam("s00239",0.4,$&); } if (/web.{0,1}design/) { spam("s00240",0.2,$&); } if (/professional(ly|).{0,1}(quality|looking)/) { spam("s00241",0.2,$&); } if (/your (client|customer)s{0,1}/) { spam("s00242",0.2,$&); } if (/(seek|try|attempt)ing to (cut|keep) (cost|expense)s( down){0,1}/) { spam("s00243",0.6,$&); } if (/your (existing|cur{1,}ent) ( web.{0,1}|)sites{0,1}/) { spam("s00244",0.6,$&); } if (/web development (firm|company)/) { spam("s00245",0.4,$&); } if (/web develop(ment|ers{0,1})/) { spam("s00246",0.2,$&); } if (/the following ad{1,}ress(es|) had permanent fatal er{1,}ors/) { spam("s00247",0.4,$&); } if (/check it out (for |)yourself/) { spam("s00248",0.4,$&); } if (/ .{0,2}mail(ing|) lists{0,1} /) { spam("s00249",0.4,$&); } if (/(when|after) you (have |)read this you/) { spam("s00250",0.4,$&); } if (/you( ha|)ve to (come to|found) the right place/) { spam("s00251",0.4,$&); } if (/our automat(ed|ic) system/) { spam("s00252",0.4,$&); } if (/(pick|select|find) .{0,20}hot.{0,1}date.{0,20}toni(ght|te)/) { spam("s00253",0.8,$&); } if (/(great|wild|b)est.{0,20}of your life/) { spam("s00254",0.6,$&); } if (/waiting for someone like you/) { spam("s00255",0.4,$&); } if (/pr(ior|evious).{0,30}exper(ience|ti[sz]e)( is|)( not|nt|) (requir|need)ed/) { spam("s00256",0.6,$&); } if (/no phone (selling|sale)/) { spam("s00257",0.6,$&); } if (/all time low/) { spam("s00258",0.2,$&); } if (/sh{4}/) { spam("s00259",0.8,$&); } if (/super.{0,2}mail/) { spam("s00260",1.2,$&); } if (/mailing software/) { spam("s00261",0.4,$&); } if (/mail.{0,1}campaign/) { spam("s00262",0.8,$&); } if (/ on the market/) { spam("s00263",0.6,$&); } if (/one of the (worlds{0,1} |)(leading|top) |(leading|top) (producer|provider|manufactur)/) { spam("s00264",0.6,$&); } if (/you can(not|t) be removed/) { spam("s00265",0.6,$&); } if (/download .{0,30}for review/) { spam("s00266",0.6,$&); } if (/(i|we) would be happy to provide you/) { spam("s00267",1.0,$&); } if (/(gover{0,1}n{0,1}ment.{0,30}cor{1,}upt|cor{1,}upt.{0,30}gover{0,1}n{0,1}ment)/) { spam("s00268",1.0,$&); } if (/ban{1,}er network/) { spam("s00270",0.4,$&); } if (/valued member/) { spam("s00271",0.6,$&); } if (/( trusted| af{1,}iliate| marketing| expert(ise|)| partner(ship|)){2,}/) { spam("s00272",1.2,$&); } elsif (/( trusted| af{1,}iliate| marketing| international| expert(ise|)| partner(ship|)){2,}/) { spam("s00272",0.8,$&); } if (/(exclusive|special|(web|)site) (promotion|collection|(software |)registration( key|))/) { spam("s00274",0.8,$&); } if (/(top|trusted) brand.{0,1}name/) { spam("s00275",0.8,$&); } if (/third party .{0,2}mail/) { spam("s00276",0.8,$&); } if (/(even |unbelievable |unbeatable |amazing |fantastic ){0,}(low(er|est|ed){0,}|best|top|cheap(er|est|)|latest|fixed|minimal|hot(test|)) (possible |feasible |int(erest|) |new ){0,1}(all |our |)(deal|price|of{1,}er|home.{0,1}loan|mort.{0,1}g{0,1}age|rate|saving|cost)s{0,1}/) { spam("s00277",(int ((length($&) / 18) * 100)) / 100,$&); } if (/ call (rate|tarif{1,})s{0,1}/) { spam("s00278",0.8,$&); } if (/rates and tarif{1,}/) { spam("s00279",0.8,$&); } if (/hot(t.{0,1}est|) (deal|price|of{1,}er|(home.{0,1}loan |mort.{0,1}g{0,1}age |)rate|nfl)s{0,1}/) { spam("s00280",1.2,$&); } if (/((^| )int|interest) rate/) { spam("s00281",0.4,$&); } if (/half.{0,1}(of{1,}|(the ){0,1}price|.{0,10}(regular|normal|usual) (price|rate))/) { spam("s00282",0.8,$&); } if (/ (again|forever|past)!/) { spam("s00283",0.6,$&); } if (/(reverse | stop | turn back |the |and |your | ){1,}aging process/) { spam("s00284",(int ((1.2 * length($&) / 14) * 100)) / 100,$&); } if (/ ailments/) { spam("s00285",0.2,$&); } if (/ a national of /) { spam("s00286",0.8,$&); } if (/ auf den /) { spam("s00287",0.3,$&); } if (/ arthritis/) { spam("s00288",0.4,$&); } if (/(considerab|substantial)ly (less|more) than/) { spam("s00289",0.4,$&); } if (/(chinese|indian|russian).{0,20}(programm|develop)er/) { spam("s00290",0.8,$&); } if (/(programm|develop)er.{0,20}(chin(a|ese)|indian{0,1}|russian{0,1})/) { spam("s00291",0.8,$&); } if (/ in.{0,1}house .{0,10}(program|develop).{0,4}/) { spam("s00292",0.6,$&); } if (/ be amazed/) { spam("s00293",0.477,$&); } if (/ blackjack /) { spam("s00294",0.3,$&); } if (/ cash/) { spam("s00295",0.6,$&); } if (/ cent je minute/) { spam("s00296",1.3,$&); } if (/ commission/) { spam("s00297",0.4,$&); } if (/ congo/) { spam("s00298",0.5,$&); } if (/ deal!/) { spam("s00299",0.6,$&); } if (/ depression/) { spam("s00300",0.2,$&); } if (/ diabetes/) { spam("s00301",0.4,$&); } if (/ eczema/) { spam("s00303",0.4,$&); } if (/ einmal /) { spam("s00304",0.3,$&); } if (/ ein /) { spam("s00305",0.3,$&); } if (/ find a man /) { spam("s00306",0.4,$&); } if (/ for .{1,15} (days|month|year)/) { spam("s00307",0.8,$&); } if (/form.{0,30} method (post|get) /) { spam("s00308",2.0,"HTML form"); } if (/input.{0,30} type hid{1,}en /) { spam("s00309",1.4,"Hidden input fields in a HTML form"); } if (/ gover{0,1}n{0,1}ment of /) { spam("s00310",0.2,$&); } if (/ haben /) { spam("s00311",0.3,$&); } if (/ (with|)in (only|(less|more|fewer) than|under|over) .{0,10} (day|month|week|year)s{0,1}/) { spam("s00312",1.2,$&); } if (/ (with|)in .{0,15} (day|month|week|year)s{0,1}/) { spam("s01530",0.8,$&); } if (/ invite you.{0,20}to join/) { spam("s00313",0.8,$&); } if (/ iraq/) { spam("s00314",0.3,$&); } if (/ lagos/) { spam("s00316",0.5,$&); } if (/ lenders/) { spam("s00317",0.4,$&); } if (/ lending agency/) { spam("s00318",0.6,$&); } if (/ (less|more|lower)!/) { spam("s00319",0.6,$&); } if (/ for less[\! ]/) { spam("s00320",0.4,$&); } if (/ lieber /) { spam("s00321",0.3,$&); } if (/ lifetime!/) { spam("s00322",1.6,$&); } if (/ loans /) { spam("s00323",0.5,$&); } if (/ nicht /) { spam("s00324",0.3,$&); } if (/arbeit/) { spam("s03587",0.3,$&); } if (/ noches[ ,\.\!]/) { spam("s00325",1.0,$&); } if (/ no (cost|obligation|charge)/) { spam("s00326",0.6,$&); } if (/ now!/) { spam("s00327",0.4,$&); } if (/ hur{1,}y!/) { spam("s02782",0.4,$&); } if (/ delay!/) { spam("s02783",0.4,$&); } if (/ of{1,}ers{0,1}!/) { spam("s00328",0.6,$&); } if (/ others!/) { spam("s00329",0.6,$&); } if (/ poker /) { spam("s00330",0.2,$&); } if (/ prices{0,1}!/) { spam("s00331",0.6,$&); } if (/ real people /) { spam("s00332",0.6,$&); } if (/ results!/) { spam("s00333",0.4,$&); } if (/ revenue!/) { spam("s00334",1.6,$&); } if (/ roulette /) { spam("s00335",0.3,$&); } if (/ supplements/) { spam("s00336",0.4,$&); } if (/ to satisfy my /) { spam("s00338",0.4,$&); } if (/ us dollars/) { spam("s00339",0.6,$&); } if (/ value!/) { spam("s00340",0.6,$&); } if (/ victim/) { spam("s00341",0.4,$&); } if (/ widow/) { spam("s00342",0.4,$&); } if (/ wir /) { spam("s00343",0.3,$&); } if (/ years{0,1} fixed/) { spam("s00344",1.0,$&); } if (/ you!/) { spam("s00345",0.3,$&); } if (/(7|5|five|seven) card stud/) { spam("s00346",0.6,$&); } if (/abaixo o resultado do preenchimento do formulario/) { spam("s00347",4.0,$&); } if (/absolutely no selling/) { spam("s00348",1.0,$&); } if (/ac{1,}elerate(d| (the|your)){0,1} aging/) { spam("s00349",1.2,$&); } if (/achtung/) { spam("s00350",2.0,$&); } if (/ad{1,}resses on cd/) { spam("s00351",1.217,$&); } if (/advertising festival/) { spam("s00355",4.0,$&); } if (/(adverti[sz]ed|seen) on (national |)(tech[^t]{0,1}|m|)(tv|television|oprah)/) { spam("s00356",0.8,$&); } if (/national (tv|television)/) { spam("s01962",0.4,$&); } if (/af{1,}idavit/) { spam("s00357",0.4,$&); } if (/(af{1,}iliate|partner).{0,2} (program|system|network)/) { spam("s00358",1.4,$&); } if (/network .{0,10}(af{1,}iliate|partner)/) { spam("s00359",0.6,$&); } if (/af{1,}iliate/) { spam("s00360",0.4,$&); } if (/one of (its|our) af{1,}iliate/) { spam("s00361",0.6,$&); } if (/your privacy is important/) { spam("s00362",0.6,$&); } if (/(join|become).{0,30}af{1,}iliate/) { spam("s00363",0.6,$&); } if (/((discount|promotion|coupon|merchandise|pric(e|ing)).{0,20}?){2}/) { spam("s00364",0.6,$&); } if (/ discount/) { spam("s00365",0.2,$&); } if (/ promotion/) { spam("s00366",0.2,$&); } if (/a remov(e.{0,1}(me){0,1}|al) link/) { spam("s00367",0.4,$&); } if (/african/) { spam("s00368",0.8,$&); } if (/a great new (game|discovery)/) { spam("s00369",1.5,$&); } if (/ali trade inc/) { spam("s00370",3.2,$&); } if (/(all information is in|please see) the attached .{0,20}file/) { spam("s00372",4.0,$&); } if (/(attached (a |)removal (tool|program)|removal (tool|program) (is |has been |)attached)/) { spam("s01959",3.0,$&); } if (/(please |)see the attached (zip |)file for details/) { spam("s00373",0.8,$&); } if (/(all|our|these|this) quote(s are| is)/) { spam("s00374",0.6,$&); } if (/all you have to do/) { spam("s00375",1.2,$&); } if (/amazing/) { spam("s00376",1.5,$&); } if (/sensational/) { spam("s03369",0.4,$&); } if (/personal mentor/) { spam("s00377",0.6,$&); } if (/(amazing |special |one[^t]{0,1}time |limited |intr[ao]duct[ao]ry |discount |promotional |unbelieveable |unique ){1,}(product |home.{0,1}loan |mort.{0,1}g{0,1}age ){0,}(of{1,}er|rate|deal|price|bonus|present)s{0,1}/) { spam("s00378",1.2,$&); } if (/g(reat|ood) (product |home.{0,1}loan |mort.{0,1}g{0,1}age ){0,}(of{1,}er|rate|deal|price|bonus|present)s{0,1}/) { spam("s03112",0.4,$&); } if (/(superb|finest|best|bet{1,}er) (od{1,}|rate)[ \!s]/) { spam("s03480",0.6,$&); } if (/(secure|get|find) (a |the |you ){0,}(best|finest|bet{1,}er|superb) (od{1,}|rate)[ \!s]/) { spam("s03481",0.8,$&); } if (/american (man|guy)/) { spam("s00379",1.5,$&); } if (/american medical association/) { spam("s00380",0.6,$&); } if (/(an{0,1}|over) \$[0-9]{0,10} (in ){0,1}value/) { spam("s00381",1.2,$&); } if (/and more!/) { spam("s00382",0.6,$&); } if (/ (for|)ever!/) { spam("s00383",0.6,$&); } if (/and other quality .{0,20}(products|services|firms|companies|stores)/) { spam("s00384",0.8,$&); } if (/an exporter .{0,20} (china|taiwan)/) { spam("s00385",1.8,$&); } if (/angola/) { spam("s00386",0.5,$&); } if (/ senegal/) { spam("s02809",0.5,$&); } if (/mauritius/) { spam("s02810",0.5,$&); } if (/mauritian bank/) { spam("s02811",1.8,$&); } if (/strict (control|stipulation)s{0,1}/) { spam("s02812",0.6,$&); } if (/political asylum/) { spam("s00387",0.6,$&); } if (/(black|white) (farm|work|labou{0,1}r)/) { spam("s00388",0.6,$&); } if (/asylum seeker/) { spam("s00389",0.6,$&); } if (/we apologi[zs]e for any inconvenience/) { spam("s00390",0.8,$&); } if (/an{1,}uit(y|ies)/) { spam("s00391",0.4,$&); } if (/another internet ad campaign produced/) { spam("s00392",2.996,$&); } if (/anticonvulsants/) { spam("s00393",0.4,$&); } if (/any time!/) { spam("s00394",0.6,$&); } if (/aol\s+users\s+click/) { spam("s00395",0.709,$&); } if (/(apply online|online application)/) { spam("s00396",0.4,$&); } if (/apply (today|now)/) { spam("s00397",0.8,$&); } if (/aqui esta el resultado de su formulario/) { spam("s00398",1.0,$&); } if (/are you ready for a change/) { spam("s00399",0.4,$&); } if (/are you sick of/) { spam("s00400",1.2,$&); } if (/are you tired of /) { spam("s00401",0.4,$&); } if (/(sick|tired|pissed) (off{0,1} |at |because |your{0,1}e{0,1} |are |being ){1,}(overweight|fat|obese)/) { spam("s03336",1.2,$&); } if (/(not |being |able |to |can(no{0,1}t|) ){0,}(squeeze|fit) (in|to){1,} your clothes/) { spam("s03337",0.8,$&); } if (/ar{1,}ested by .{0,6}gover{0,1}n{0,1}ment/) { spam("s00402",0.4,$&); } if (/ask your doctor/) { spam("s00403",0.3,$&); } if (/(as little as|only) \$[0-9]{1,}/) { spam("s00404",0.8,$&); } if (/ (cost|price) .{0,23}\$[0-9]{1,}/) { spam("s00405",0.8,$&); } if (/as (seen|adverti[sz]ed) on tv/) { spam("s00406",1.0,$&); } if (/at the time of this mailing the return .{0,2}mail ad{1,}ress is a bonafide legitimate return .{0,2}mail ad{1,}ress that was signed up for with the express purpose.{0,30}internet ter{1,}orists\./si) { spam("s00407",1.0,$&); } if (/attorney/) { spam("s00408",0.2,$&); } if (/authorization certificate/) { spam("s00409",0.8,$&); } if (/aut.nomos/) { spam("s00410",0.8,$&); } if (/auto .{0,2}mail removal/) { spam("s00411",3.935,$&); } if (/auto insurance/) { spam("s00412",0.4,$&); } if (/automatico/) { spam("s00413",0.4,$&); } if (/automatique/) { spam("s00414",0.4,$&); } if (/automatische/) { spam("s00415",0.8,$&); } if (/ and (so |)much more/) { spam("s00416",0.8,$&); } if (/no extra c(harge|ost)/) { spam("s00417",0.6,$&); } if (/(bachelors|masters|doctorate|diploma[^t])/) { spam("s00418",0.4,$&); } if (/(good|bad|low).{0,1}credit/) { spam("s00419",0.8,$&); } if (/bad debt/) { spam("s00420",0.6,$&); } if (/bank ac{1,}ount in america/) { spam("s00421",0.4,$&); } if (/bank ac{1,}ount/) { spam("s00422",0.2,$&); } if (/i (await|look forward to|anticipate) your (urgent|immediate) re(sponse|ply)/) { spam("s00424",2.0,$&); } if (/bankrupt/) { spam("s00426",0.4,$&); } if (/barely.{0,15}legal/) { spam("s00427",0.841,$&); } if (/bar{1,}ister/) { spam("s00428",0.2,$&); } if (/based on information gathered about you, we believe\s*you would be in a position to help us in transfer/) { spam("s00429",1.0,$&); } if (/beastiality/) { spam("s00430",3.0,$&); } if (/below is the result of your feedback form/) { spam("s00431",5.009,$&); } if (/besonders /) { spam("s00432",0.3,$&); } if (/(b|low)est (deal|saving|price)s{0,1} [io]n (the ){0,1}(internet|net|web|planet|earth)/) { spam("s00433",0.6,$&); } if (/(better|improved) signal/) { spam("s00434",0.8,$&); } if (/activespeed/) { spam("s00436",2.4,$&); } if (/exclusive.{0,30}(technology|product|of{1,}er|invitation)/) { spam("s00437",0.8,$&); } if (/(are|do) you suf{1,}er/) { spam("s00438",0.4,$&); } if (/patent pending/) { spam("s00439",0.4,$&); } if (/betting system/) { spam("s00440",1.5,$&); } if (/of{1,}er (is ){0,1}valid/) { spam("s00441",0.8,$&); } if (/more info(rmation){0,1} (go |click ){0,1}here/) { spam("s00442",0.8,$&); } if (/ e {0,1}gold/) { spam("s00443",0.8,$&); } if (/between your thighs/) { spam("s00444",1.4,$&); } if (/bid on (your ){0,1}(existing|cur{1,}ent) mort{0,1}g{0,1}age/) { spam("s00445",1.2,$&); } if (/bill.{0,10}1618.{0,10}title.{0,10}iii/) { spam("s00446",2.000,$&); } if (/billing ad{1,}ress/) { spam("s00447",0.705,$&); } if (/biological clock/) { spam("s00448",0.4,$&); } if (/\bits ef{1,}ective/) { spam("s00449",1.0,$&); } if (/meat[^s]{0,1}stick/) { spam("s02993",1.0,$&); } if (/(\b([kc]um|org[iy]|\b{0,1}wild\b|\b{0,1}fuck|\b{0,1}teen|\b{0,1}virgin|\b{0,1}first.{0,1}timers{0,1}|\b{0,1}action\b|\b{0,1}org(y|ie)s{0,1}|\b{0,1}spunk|\b{0,1}taboo|\b{0,1}incest|\b{0,1}puss[yi]|\b{0,1}suck\b|\b{0,1}sucking\b|\b{0,1}hot\b|\b{0,1}hottest|\b{0,1}voyeur|\b{0,1}le[sz]b(ian|o)|\b{0,1}anal\b|\b{0,1}inter{1,}acial|\b{0,1}asian\b|\b{0,1}amateur|\b{0,1}sex+[yiu\b]|\b{0,1}slut|\b{0,1}explicit|\b{0,1}xxx[^x]|\b{0,1}live\b|\b{0,1}celebrity|\b{0,1}lick|\b{0,1}dorm\b|\b{0,1}webcam|\b{0,1}semen|\b{0,1}spunk|\b{0,1}whores{0,1}|\b{0,1}ass\b|\b{0,1}schoolg[li]r[il]s{0,1}\b|\b{0,1}strip|\b{0,1}horn[yi]|\b{0,1}erotic|\b{0,1}oral\b|\b{0,1}penis\b|\b{0,1}wank\b|\btits{0,1}\b|\bnipples{0,1}\b|\b{0,1}hard.{0,1}core|\b{0,1}blow.?job|\b{0,1}nast[y|i]|\b{0,1}porn|\b{0,1}jizz|\b{0,1}smut(ty|)|\b{0,1}young pregnant|\b{0,1}(stick |)(a |the |)dildo|\b{0,1}meat[^s]{0,1}stick|\b{0,1}(in |up |)her ass|\b{0,1}(dirty|wild) sex)s{0,1}( lov(ing|es{0,1})| the(se|)){0,}(.{0,15}?)){3,}/) { spam("s00450",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(\s|^)(([kc]um|fuck(ing|s|)|teens{0,1}|virgin|first.{0,1}timers{0,1}|spunk|taboo|incest|puss(ys{0,1}|ies)|suck(s|ing)|bitche{0,1}s{0,1}|voyeur|le[sz]b(ian|o)s{0,1}|anal|inter{1,}acial|sluts{0,1}|explicit|xxx|horn(y|iest)|erotic|oral|penis|wank|tits{0,1}|hard.{0,1}core|blow.?jobs{0,1}|porn|jizz|smut(ty|)|semen|org(y|ie)s{0,1}|spunk|whores{0,1}|young pregnant|dildo|meat[^s]{0,1}sticks{0,1}|(in |up )her ass)(\s|\!|$)(.{0,15}?)){2,}/) { spam("s01827",1.6,$&); } if (/(\s|^)([kc]um)(\s|\!|$)/) { spam("s01828",0.4,$&); } if (/jizz/) { spam("s01829",0.6,$&); } if (/bleeding gums/) { spam("s00451",0.6,$&); } if (/blind.{0,1}dat(e|ing)/) { spam("s00452",0.4,$&); } if (/(free |ac{1,}ess |live ){1,}code/) { spam("s00453",0.4,$&); } if (/striptease/) { spam("s00454",0.6,$&); } if (/(free |live |hot ){1,}striptease/) { spam("s00455",1.0,$&); } if (/strongly (against |oppose(d to|) )(sending |)(unsolicited e{0,1}mail|spam)/) { spam("s00456",1.0,$&); } if (/(do not|no longer) (wish|like|want) to receive/) { spam("s00457",0.4,$&); } if (/special mailing/) { spam("s00458",0.4,$&); } if (/(\b(lingui|guilin)\b.{1,30}){2,}/) { spam("s00459",6.807,$&); } if (/[bm]illion (dollar|euro)s{0,1}/) { spam("s00460",1.2,$&); } if (/[bm]illion.{0,30}hundred.{0,30}thousand.{0,30}(dollar|euro)s{0,1}/) { spam("s00461",2.0,$&); } if (/next of kin/) { if (/(the |this |[io]f |we |you[re]{0,2} |can |establish |identity |beyond |a(ny|re) |reasonable |doubt |eligibil(e|ity) |to |for |assum(e|ed|ing) |status |our |client |customer |has |died |passed |away |on |intestate |and |nominated |no |his |her |he |she |only |surviving ){10,}next of kin/) { spam("s00462",(int ((length($&) / 28) * 100)) / 100,$&); } elsif (/(the |this |[io]f |we |you[re]{0,2} |can |establish |identity |beyond |a(ny|re) |reasonable |doubt |eligibil(e|ity) |to |for |assum(e|ed|ing) |status |our |client |customer |has |died |passed |away |on |intestate |and |nominated |no |his |her |he |she |only |surviving ){5,}next of kin/) { spam("s00462",(int ((length($&) / 28) * 100)) / 100,$&); } elsif (/(the |this |[io]f |we |you[re]{0,2} |can |establish |identity |beyond |a(ny|re) |reasonable |doubt |eligibil(e|ity) |to |for |assum(e|ed|ing) |status |our |client |customer |has |died |passed |away |on |intestate |and |nominated |no |his |her |he |she |only |surviving ){0,}next of kin/) { spam("s00462",(int ((length($&) / 28) * 100)) / 100,$&); } } if (/books on (this ){0,1}cd/) { spam("s00463",1.4,$&); } if (/bounced che(ck|que)/) { spam("s00464",0.6,$&); } if (/browse through .{0,20}(hundreds{0,1}|thousands{0,1}|our) .{0,4}personal/) { spam("s00466",2.5,$&); } if (/browse our (extensive |exclusive |range of |online |inventory |catalog(ue|) |list ){1,}/) { spam("s02828",0.6,$&); } if (/\bto\b.{0,20}\bremove.{0,30}\breply\b/) { spam("s00467",0.707,$&); } if (/ unsubscribe.{0,30} (reply|click|send a.{0,20}m(ail|essage))/) { spam("s00468",0.8,$&); } if (/ to unsubscribe /) { spam("s00469",0.4,$&); } if (/you are cur{1,}ently subscribed as/) { spam("s00470",0.8,$&); } if (/bulk.{0,3}(mail|messag(ing|es{0,1}))/) { spam("s00471",0.8,$&); } if (/business card/) { spam("s00472",0.6,$&); } if (/(fantastic|wonderful|lifetime|great|superb{0,1}|investment|incredible) {0,}op{1,}ortunit(y|ie)s{0,1}/) { spam("s02162",0.6,$&); } if (/(business {0,1}|marketing {0,1}|mlm {0,1}|(home|web|(inter|)net).{0,1}based {0,1}){1,}op{1,}ortunit(y|ie)s{0,1}/) { spam("s00473",1.5,$&); } if (/(we|i|our company) (wish|want|would like) to invest/) { spam("s03302",0.6,$&); } if (/but i still have a few questions/) { spam("s00474",0.6,$&); } if (/butthole/) { spam("s00475",0.4,$&); } if (/best.{0,1}selling/) { spam("s00476",0.4,$&); } if (/see (the|a) dif{1,}erence/) { spam("s00477",0.4,$&); } if (/(s{0,1}he|you) will (see|notice|feel) (the|a) dif{1,}erence/) { spam("s00478",0.4,$&); } if (/your friends at /) { spam("s00479",0.4,$&); } if (/(by|for) cyber firepower\!/) { spam("s00480",3.520,$&); } if (/cable compan/) { spam("s00481",1.0,$&); } if (/cable de(cod|scrambl)e/) { spam("s00482",1.4,$&); } if (/(cable|digital power) filter/) { spam("s00483",1.2,$&); } if (/(call|contact) (us ){0,1}(now ){0,1}to register/) { spam("s01835",1.0,$&); } if (/call now/) { spam("s00485",2.850,$&); } if (/call out gouranga be happy/) { spam("s00486",5.0,$&); } if (/calls from (your (own ){0,1}){0,1}home/) { spam("s00487",1.2,$&); } if (/cams{0,1}!/) { spam("s00488",0.8,$&); } if (/can supply .{0,30} products/) { spam("s00489",1.2,$&); } if (/(can you |you can).{0,20}af{1,}ord not to/) { spam("s00490",0.6,$&); } if (/cas[il]{1,}no/) { spam("s00491",1.200,$&); } if (/h[il1]{1,}[^r]{0,3}r[o0][1l]{2,}er[^c]{0,2}cas[il1]{1,}no/) { spam("s03278",1.200,$&); } if (/catalog/) { spam("s00492",0.2,$&); } if (/cayman islands/) { spam("s00493",0.6,$&); } if (/cbyi/) { spam("s00494",2.813,$&); } if (/(central|administrative).{0,4}of{1,}ice/) { spam("s00495",0.2,$&); } if (/cert(ificate){0,1} of authenticity/) { spam("s00496",0.6,$&); } if (/change .{0,2}mail ad{1,}ress in action of form/) { spam("s00497",0.2,$&); } if (/change your life/) { spam("s00498",0.8,$&); } if (/check.{0,1}out the following link/) { spam("s00499",0.4,$&); } if (/check the attach[^m]/) { spam("s00501",1.1,$&); } if (/china/) { spam("s00502",0.4,$&); } if (/taiwan/) { spam("s03373",0.4,$&); } if (/chinese company/) { spam("s00503",0.6,$&); } if (/cholesterol/) { spam("s00504",0.3,$&); } if (/(click|follow) ((here|below|aqui)|(on |)(the |)(following |)link( below|))/) { spam("s00505",1.0,$&); } if (/collagen injection/) { spam("s00506",0.6,$&); } if (/collectible/) { spam("s00508",0.4,$&); } if (/(college|university)\s+diplomas/) { spam("s00509",2.000,$&); } if (/colon cancer/) { spam("s00510",0.4,$&); } if (/columbia.{0,1}house/) { spam("s00511",0.6,$&); } if (/com o assunto/) { spam("s00512",0.8,$&); } if (/company .{0,4}switzerland/) { spam("s00513",0.8,$&); } if (/compare .{1,3} save/) { spam("s00514",0.4,$&); } if (/compete for your (business|loan|mort{0,1}g{0,1}age)|lenders compete for your/) { spam("s00515",2.4,$&); } if (/compl.mentaire/) { spam("s00516",0.4,$&); } if (/consolidate (your ){0,1}(monthly ){0,1}(bill|payment)/) { spam("s00517",1.0,$&); } if (/contains an html formatted/) { spam("s00518",0.8,$&); } if (/conversione/) { spam("s00519",0.4,$&); } if (/convocatoria/) { spam("s00520",2.0,$&); } if (/(cool|wicked) screensaver/) { spam("s00521",2.5,$&); } if (/copy.{1,20}dvd/) { spam("s00522",3.723,$&); } if (/cor{1,}upt.{0,4}gover{0,1}n{0,1}ment/) { spam("s00523",0.2,$&); } if (/cost ef{1,}ective/) { spam("s00524",0.4,$&); } if (/country in .{0,7}africa/) { spam("s00525",0.4,$&); } if (/credit.{0,1}card\s+(order|problems)/) { spam("s00526",1.000,$&); } if (/(get |rid |of |eliminate |all |of |your(self|) |monthly |ones(elf|) ){0,}(credit|bank| ){1,}card {0,}(debt|obligation)s{0,1}/) { spam("s00527",(int ((length($&) / 17) * 100)) / 100,$&); } if (/credit check/) { spam("s00528",0.4,$&); } if (/credit manage/) { spam("s00529",0.8,$&); } if (/creditor/) { spam("s00530",0.4,$&); } if (/credit problems/) { spam("s00531",0.4,$&); } if (/c.t. d.{0,2}ivoire/) { spam("s00532",0.5,$&); } if (/cupid junction/) { spam("s00533",2.0,$&); } if (/danke /) { spam("s00534",0.5,$&); } if (/data protection audit/) { spam("s00535",2.8,$&); } if (/dat(ing|e).{0,1}(community|service|(web.{0,1}|)site)/) { spam("s00536",0.6,$&); } if (/dear portal administrat/) { spam("s00537",4.0,$&); } if (/dear (registrant|home.{0,1}owner)/) { spam("s00538",3.0,$&); } if (/debtor/) { spam("s00539",0.4,$&); } if (/deep (pound|fuck|suck|lick)/) { spam("s00540",1.0,$&); } if (/defence budget/) { spam("s00541",0.4,$&); } if (/defence minister/) { spam("s00542",0.4,$&); } if (/degree program/) { spam("s00543",0.4,$&); } if (/dermatitis/) { spam("s00544",0.4,$&); } if (/de(scrambl|cod)er/) { spam("s00545",0.8,$&); } if (/diamonds/) { spam("s00546",0.2,$&); } if (/diese daten wurden ihnen von ihrem onlineformular/) { spam("s00548",4.0,$&); } if (/diese .{0,2}mail wurde bertragen von/) { spam("s00549",4.0,$&); } if (/atkins diet/) { spam("s00550",1.0,$&); } if (/diet bread/) { spam("s00551",1.0,$&); } if (/diethylpropion/) { spam("s00552",1.8,$&); } if (/digital programming/) { spam("s00554",0.4,$&); } if (/digital (tv|cable)/) { spam("s00555",1.2,$&); } if (/diplomat/) { spam("s00556",0.4,$&); } if (/direct .{0,2}mail\b/) { spam("s00557",1.171,$&); } if (/(discover|find out) (every|any)thing .{0,20}you .{0,10}(want|need)(ed){0,1} to know/) { spam("s00558",1.5,$&); } if (/does not support .{0,20}html/) { spam("s00559",0.8,$&); } if (/do(n| no)t miss .{0,30} of{1,}er/) { spam("s00560",1.0,$&); } if (/do(n| no)t (give out|share) (my|this) (number|ad{1,}ress|.{0,2}mail)/) { spam("s00561",1.4,$&); } if (/do(n| no)t reply .{0,20}to this .{0,2}mail/) { spam("s00562",1.2,$&); } if (/(do(n| no)t|why) (pay|spend) (.{0,30}times |)((any |)more |for |on |retail |another minute){1,}/) { spam("s00563",0.8,$&); } if (/double.{0,1}opt.{0,1}in/) { spam("s00565",1.5,$&); } if (/dramatic results/) { spam("s00567",0.6,$&); } if (/traf{1,}ic report/) { spam("s00568",0.4,$&); } if (/(signal|reception|anten{1,}a).{0,30} (cell|mobile).{0,1}phone|(cell|mobile).{0,1}phone.{0,30} (signal|reception|anten{1,}a)/) { spam("s00569",0.8,$&); } if (/(business {0,1}|home {0,1}|cell {0,1}|mobile {0,1}|phone {0,1}){2} bill/) { spam("s00570",0.8,$&); } if (/(cell {0,1}|mobile {0,1}|phone {0,1}){2} (provider|retailer)/) { spam("s00571",0.8,$&); } if (/(cell|mobile|phone) service provider/) { spam("s00572",0.8,$&); } if (/(increase|improve|enhance).{0,30} instantly/) { spam("s00573",1.0,$&); } if (/drive .{0,30}traf{1,}ic to/) { spam("s00574",1.2,$&); } if (/(increase|boost).{1,30}(traf{1,}ic|link popularity|search (engine|director(y|ie)|listing)s{0,1}|rating)/) { spam("s00575",2.0,$&); } if (/(more|extra|boost|(increase|improve)d{0,1})s{0,1}( your|)(( traf{1,}ic| visitor| paid| member(ship|)| internet)s{0,1}){1,}/) { spam("s01738",(int ((0.8 * length($&) / 15) * 100)) / 100,$&); } if (/(increase|more|drive|boost).{0,30}?traf{1,}ic.{0,50}?your web.{0,1}site/) { spam("s01739",2.0,$&); } if (/regarding your business/) { spam("s02820",0.4,$&); } if (/contact dbases/) { spam("s02821",1.4,$&); } if (/drowning in debt/) { spam("s00576",0.4,$&); } if (/(dude|man|men|boy|guy)s{0,1} meat/) { spam("s00577",2.4,$&); } if (/earn.{1,20}\d\d\d+.{1,30}per (week|mo(nth|\!| ))/) { spam("s00578",3.5,$&); } if (/good.{0,1}earn(ing|er)/) { spam("s01869",0.6,$&); } if (/easy to use/) { spam("s00579",0.4,$&); } if (/(ebay|((online|web).{0,1}auction)) (seminar|class|lesson|trick)/) { spam("s00580",2.1,$&); } if (/teach you .{0,30}ebay/) { spam("s00581",2.1,$&); } if (/eigentlich/) { spam("s00582",1.0,$&); } if (/einfach /) { spam("s00583",0.3,$&); } if (/mail adicional do usuario. enviado/) { spam("s00584",1.0,$&); } if (/embassy/) { spam("s00585",0.2,$&); } if (/empresa procura/) { spam("s00586",0.8,$&); } if (/male en(hanc|larg)ement( pills{0,1}|)/) { spam("s00588",(int ((0.8 * length($&) / 5) * 100)) / 100,$&); } if (/ pinacle /) { spam("s00589",1.5,$&); } if (/high volume mailer/) { spam("s00590",1.5,$&); } if (/ bulkers{0,1} /) { spam("s00591",1.0,$&); } if (/enlightened/) { spam("s00592",0.2,$&); } if (/envie .{0,2}mail par/) { spam("s00593",1.4,$&); } if (/erfahren /) { spam("s00594",0.3,$&); } if (/erhalten /) { spam("s00595",0.3,$&); } if (/wirklich/) { spam("s00596",0.4,$&); } if (/(exclusive |amateur |house.{0,1}wi[fv]es{0,1} |horny ){1,}.{0,15}pics/) { spam("s00597",1.4,$&); } if (/experience the best/) { spam("s00598",0.6,$&); } if (/expert advice/) { spam("s00599",0.4,$&); } if (/export/) { spam("s00600",0.4,$&); } if (/erotic/) { spam("s00602",0.4,$&); } if (/extended war{1,}anty/) { spam("s00603",0.4,$&); } if (/family treasure/) { spam("s00604",0.8,$&); } if (/fans{0,1}tasy.{0,1}sports/) { spam("s00605",0.6,$&); } if (/fastest growing/) { spam("s00606",0.4,$&); } if (/(fast |speed(y|ier) |overnight |fedex |ground |next day |quic{0,1}k(er|) ){1,}(shipping|delivery)/) { spam("s00607",0.4,$&); } if (/( (shipped|delivered)| to you(r door|)| within| overnight){2,}/) { spam("s01857",0.4,$&); } if (/favorite stars{0,1} (exposed|nude|naked)/) { spam("s00608",1.0,$&); } if (/fed up (with|of) .{0,30}(high price|being single)/) { spam("s00609",1.8,$&); } if (/(feel|experience) the dif{1,}erence/) { spam("s00610",0.6,$&); } if (/filtered by worldremove/) { spam("s00611",3.954,$&); } if (/financial(ly){0,1} (free|independ|stress|strain|dif{1,}icult|trap(ped|)|(im|)prison(ed|))/) { spam("s00612",0.8,$&); } if (/find love/) { spam("s00613",2.5,$&); } if (/fixed(.rate){0,1} mort{0,1}g{0,1}age/) { spam("s00614",1.0,$&); } if (/folgenden link /) { spam("s00615",0.8,$&); } if (/foreclosure/) { spam("s00616",0.4,$&); } if (/foreigner/) { spam("s00617",0.2,$&); } if (/foreign (partner|firm)/) { spam("s00618",0.6,$&); } if (/for (just|only) pen{1,}ies a day/) { spam("s00620",5.209,$&); } if (/forward this .{0,20}to a web.{0,1}based/) { spam("s00621",0.8,$&); } if (/free/) { if (/free (if|when) you (first |)sign.{0,1}(up|on)/) { spam("s01941",1.6,$&); } if (/free dat(ing|e) (community|service|(web|).{0,1}site)/) { spam("s01639",2.8,$&); } if (/free ((pre.{0,1}script|medicat)ions{0,1} {0,1}){1,}/) { spam("s01599",0.8,$&); } if (/free cable/) { spam("s01586",1.2,$&); } if (/free (help|info)/) { spam("s01957",0.4,$&); } if (/free (gift|guide)s{0,1}/) { spam("s02379",0.4,$&); } if (/free (informational |)(phone |)call/) { spam("s01579",0.8,$&); } if (/free.{0,10} priority mail shipping/) { spam("s00625",2.139,$&); } if (/free.{0,20}long distance/) { spam("s00626",0.6,$&); } if (/free.{0,20}roaming/) { spam("s00627",0.4,$&); } if (/free.{0,20}voice.{0,1}mail/) { spam("s00628",0.6,$&); } if (/free (consultation|leads)/) { spam("s00629",4.0,$&); } if (/free (subscription|membership)/) { spam("s00630",0.4,$&); } if (/free .{0,20}(estimat|quot(e|ation)|info|installation|software title|brochure|sample|conference)/) { spam("s00631",0.8,$&); } if (/free online/) { spam("s00633",0.8,$&); } if (/free cd/) { spam("s00635",0.8,$&); } if (/free video/) { spam("s00636",0.8,$&); } if (/free xxx/) { spam("s00655",0.991,$&); } if (/free (cash|mort{0,1}g{0,1}age)/) { spam("s00632",1.2,$&); } if (/free!/) { spam("s00639",0.6,$&); } if (/brand new pager free/) { spam("s00465",4.9,$&); } if (/(call|contact) (us ){0,1}(now ){0,1}(to register |)for (y{0,1}our ){0,1}free/) { spam("s00484",1.8,$&); } if (/purchase any{0,1} .{0,10}items{0,1} .{0,40}receive (your|a) free/) { spam("s00507",2.6,$&); } if (/hassles{0,1}.{0,2}}free/) { spam("s01755",0.4,$&); } if (/here.{0,1}s the free .{1,40} i told you about/) { spam("s00700",2.0,$&); } if (/i can{1,}ot move about freely now/) { spam("s00722",0.8,$&); } if (/join for free/) { spam("s00763",1.5,$&); } if (/receive (a|our|your ){0,1}free/) { spam("s00972",0.4,$&); } if (/steroid.{0,1}free/) { spam("s01112",0.4,$&); } if (/for free/) { spam("s00619",0.4,$&); } if (/totally free/) { spam("s02460",0.3,$&); } if (/absolutely free/) { spam("s02461",0.3,$&); } if (/completely free/) { spam("s02462",0.3,$&); } if (/for your free /) { spam("s00622",0.6,$&); } if (/free of charge/) { spam("s02906",0.3,$&); } } if (/f.{0,1}r.{0,1}e.{0,1}e.{0,1} (shipping|delivery)/) { if (length($&) > 13) { spam("s00638",1.8,$&); } else { spam("s00638",0.8,$&); } } if (/for the price of/) { spam("s00637",0.8,$&); } if (/(buy|save) online/) { spam("s00634",0.8,$&); } if (/fraction of the .{0,30}(price|cost)/) { spam("s00623",0.8,$&); } if (/fragst du dich/) { spam("s00624",2.0,$&); } if (/fur adult/) { spam("s00640",2.0,$&); } if (/webprogrammierern/) { spam("s00645",1.0,$&); } if (/( damen| und| her{1,}en){3}/) { spam("s00646",2.0,$&); } if (/online!/) { spam("s00647",0.6,$&); } if (/ nation!/) { spam("s00648",0.6,$&); } if (/sold out/) { spam("s00649",0.4,$&); } if (/(full|) retail (prices{0,1}|)/) { spam("s00650",(int ((0.2 * length($&) / 8) * 100)) / 100,$&); } if (/save when you order/) { spam("s00651",0.8,$&); } if (/((f|m|wom)an|person|(some|any)(one|body)) in your life/) { spam("s00652",0.8,$&); } if (/(make|i|it)s a great gift/) { spam("s00653",0.4,$&); } if (/while s(upplie|tock)s last/) { spam("s00654",0.8,$&); } if (/freundlich/) { spam("s00656",0.3,$&); } if (/full.{0,1}colou{0,1}r/) { spam("s00657",0.6,$&); } if (/full refund/) { spam("s00658",2.814,$&); } if (/future generations/) { spam("s00659",0.4,$&); } if (/futuros cor{1,}eios/) { spam("s00660",1.4,$&); } if (/gangbang/) { spam("s00661",0.5,$&); } if (/^satisfy your wife\!/) { spam("s03441",3.5,"starts with: " . $&); } if (/gehts gratis/) { spam("s00662",3.5,$&); } if (/gentle ferocity/) { spam("s00663",4.385,$&); } if (/(get.{0,4} out of|reduc.{1,3} your) debt/) { spam("s00664",0.5,$&); } if (/(get|be) paid (for|to)/) { spam("s00665",0.8,$&); } if (/get cash/) { spam("s00666",0.4,$&); } if (/(get|grow|become) rich/) { spam("s00667",1.2,$&); } if (/get only the .{0,2}mail i truly want/) { spam("s00668",1.2,$&); } if (/(help you |)(to |)get(ting){0,1}.{0,1}(you(r(self| body)|) |)(back |).{0,1}in(to|) shape/) { spam("s00669",(int ((0.4 * length($&) / 12) * 100)) / 100,$&); } if (/get y{0,1}our .{0,30}solution/) { spam("s00670",1.0,$&); } if (/ghana/) { spam("s00671",0.5,$&); } if (/gingivitis/) { spam("s00672",0.6,$&); } if (/(girls|lad(y|ie)s|women|chicks) (are |)(just |)(ready|waiting|d(y|ie)ing) (to meet you|(for|to get) (your |some |)attention)/) { spam("s00673",3.0,$&); } if (/( hott(y|ie)s{0,1}|hott(y|ie)s{0,1} )/) { spam("s00674",0.8,$&); } if (/(youngest |co(llege|.{0,1}ed) |high.{0,1}school ){1,}(hott(y|ie)|babe|g[li]r[li]|women|model)s{0,1}/) { spam("s00675",1.4,$&); } if (/we are ((permitt|allow)ed to |let)((let|allow) you see|show you|post on)/) { spam("s00676",1.4,$&); } if (/(view|watch|look|check out) th(ese|is).{0,20}(hott(y|ie)|g[il]r[li]|babe|women|chick{0,1})s{0,1}/) { spam("s00677",1.4,$&); } if (/giv(e|ing)s{0,1}.{0,1}away/) { spam("s00678",0.4,$&); } if (/gover{0,1}n{0,1}ment of{1,}icials/) { spam("s00679",0.4,$&); } if (/(gover{0,1}n{0,1}ment of nigeria|nigerian{0,1} national|nigerian{0,1} gover{0,1}n{0,1}ment)/) { spam("s00680",4.918,$&); } if (/gratuit/) { spam("s00681",0.4,$&); } if (/great (investment |web.{0,1}){0,1}site/) { spam("s00682",2.0,$&); } if (/greatest hits/) { spam("s00683",0.2,$&); } if (/guarantee.{0,3} the (lowest|best) price/) { spam("s00684",0.5,$&); } if (/guarantee/) { spam("s00685",1.0,$&); } if (/gum disease/) { spam("s00686",0.6,$&); } if (/(guy|dude)s{0,1} pounding/) { spam("s00687",1.0,$&); } if (/guys fooling around/) { spam("s00688",0.8,$&); } if (/hard.{0,1}earned/) { spam("s00689",0.8,$&); } if (/hard.{0,1}core/) { spam("s00690",0.4,$&); } if (/has been sent in ac{1,}ordance with/) { spam("s00691",1.610,$&); } if (/^(.{0,80}?http\/\/.{0,30}?\/indexhtml){2}.{0,30}?http\/\/.{0,30}?\/ushtml\s{0,}$/) { spam("s00692",3,"Standard porn spam format"); } if (/headaches/) { spam("s00693",0.2,$&); } if (/health (risk|threat|service)/) { spam("s00694",0.4,$&); } if (/healthcare/) { spam("s00695",0.4,$&); } if (/heart palpitations/) { spam("s00696",0.4,$&); } if (/(neck|back|wrist).{0,1}(pain|injury)/) { spam("s00697",0.4,$&); } if (/help wanted/) { spam("s00698",0.3,$&); } if (/(here.{0,10}|this is|these are) (the|that|those) .{0,40}? (i told you about|(i was|we were) (talking|telling you) about|we talked about|you (asked for|requested))/) { spam("s00699",1.0,$&); } if (/hgh/) { spam("s00701",2.5,$&); } if (/hi dear/) { spam("s00702",1.1,$&); } if (/high.{0,1}quality digital photo/) { spam("s00703",1.2,$&); } if (/hi.lo/) { spam("s00704",0.6,$&); } if (/hold.em/) { spam("s00705",0.6,$&); } if (/home based business/) { spam("s00706",3.2,$&); } if (/home employment/) { spam("s00707",6.493,$&); } if (/home loan/) { spam("s00708",0.4,$&); } if (/prime loan/) { spam("s00709",0.4,$&); } if (/individual loan/) { spam("s00710",0.4,$&); } if (/commercial loan/) { spam("s00711",0.4,$&); } if (/land loan/) { spam("s00712",0.4,$&); } if (/construction loan/) { spam("s00713",0.4,$&); } if (/bridge loan/) { spam("s00714",0.4,$&); } if (/(horne{0,1}y|depraved).{0,16}wi(ves|fe)/) { spam("s00715",1.4,$&); } if (/horny/) { spam("s00716",0.4,$&); } if (/young teen/) { spam("s00601",1.0,$&); } if (/((exposed|glamou{0,1}r|hot|naked|se{1,}x{1,}y{1,}|nude|nubile|tender|russian|porn|swedish|dutch).{0,1}){1,}(g(ir|ri)l|babe|teen|lad[yi]|wom[ae]n|c{1,}h{1,}i{1,}c{1,}k{1,})/) { spam("s00717",1.5,$&); } if (/(hot|naked|sexy|nude|hunky).{0,1}(guy|m[ae]n|hunk)/) { spam("s01493",1.5,$&); } if (/house ar{1,}est/) { spam("s00718",0.4,$&); } if (/h.{0,1}u.{0,1}m.{0,1}a.{0,1}n.{0,1}g.{0,1}r.{0,1}o.{0,1}w.{0,1}t.{0,1}h.{0,1}h.{0,1}o.{0,1}r.{0,1}m.{0,1}o.{0,1}n.{0,1}e{0,1}.{0,1}(therapy|)/) { spam("s00719",2.0,$&); } if (/i( a){0,1}m .{3,8}year old/) { spam("s00720",1.2,$&); } if (/(i|to) (am writing|write) (you ){0,1}this letter/) { spam("s00721",0.8,$&); } if (/ich bin .{0,20} jahre/) { spam("s00723",3.0,$&); } if (/ich bin/) { spam("s00724",1.0,$&); } if (/ich suche einen man{1,}/) { spam("s00725",4.0,$&); } if (/(ideal|available|perfect) (mate|partner)/) { spam("s00726",0.6,$&); } if (/i (do ){0,1}(rec(ie|ei)ve|get) more than [0-9\,]* (spam ){0,1}.{0,2}mails{0,1} (a|every) day/) { spam("s00727",0.4,$&); } if (/i escaped to a hide out/) { spam("s00728",0.4,$&); } if (/i (expect|hope|wish|thought) you(d| would| may| might) (like|enjoy|want) (to look at |to check ){0,1}(it|this)/) { spam("s00729",2.0,$&); } if (/if you can {0,1}(no){0,1}t (view|read) this .{0,2}mail|if this .{0,2}mail does {0,1}(no|)t appear/) { spam("s00730",0.8,$&); } if (/i hope this reaches you ok/) { spam("s00731",2.0,$&); } if (/illnesses/) { spam("s00733",0.2,$&); } if (/i love to chat/) { spam("s00734",0.3,$&); } if (/immune system/) { spam("s00735",0.3,$&); } if (/immunotherapy/) { spam("s00736",0.4,$&); } if (/^important information/) { spam("s00737",0.4,$&); } if (/improve.{0,7}career/) { spam("s00738",0.7,$&); } if (/improve.{0,7}life/) { spam("s00739",0.7,$&); } if (/income potential/) { spam("s00740",0.6,$&); } if (/increase(d| your|) (revenue|sales)/) { spam("s00742",0.4,$&); } if (/decreased{0,1}( your| their|).{0,30} (bills{0,1}|spending|expenditure|instal{1,}ments{0,1}|fees)/) { spam("s00743",0.8,$&); } if (/incredimail/) { spam("s00744",1.2,$&); } if (/independent (market ){0,1}research/) { spam("s00745",0.4,$&); } if (/i never block.{0,20}mail/) { spam("s00746",1.2,$&); } if (/informacao confidencial/) { spam("s00747",3.0,$&); } if (/informacion/) { spam("s00748",2.0,$&); } if (/informazioni/) { spam("s00749",0.4,$&); } if (/insomnia/) { spam("s00750",0.2,$&); } if (/installs ef{1,}ortlessly/) { spam("s00751",0.8,$&); } if (/([\$0-9o]{1,}k{0,1} [a\@]t{0,1} [0-9]{1,}[ %]{1,}){1,}/) { spam("s03436",(int ((length($&) / 20) * 100)) / 100,$&); } if (/instant ac{1,}ess/) { spam("s00752",3.205,$&); } if (/(instant(aneous|)|im{1,}ediate) (rebate|suc{1,}es{1,}|as{1,}ets{0,1}|cash|money|credit|funds{0,1})/) { spam("s00753",(int ((length($&) / 26) * 100)) / 100,$&); } if (/interested in chatting/) { spam("s00754",0.8,$&); } if (/internal organ/) { spam("s00755",0.8,$&); } if (/international driv.{0,20}li[s|c]en[sc]e/) { spam("s00756",0.8,$&); } if (/international executive guild/) { spam("s00757",3.521,$&); } if (/investing in micro-cap securities is highly speculative/) { spam("s00758",6.133,$&); } if (/investor spec sheet/) { spam("s00759",2.913,$&); } if (/i(ve| have){0,1} (discovered|found|c[ao]me across) this (web){0,1}site/) { spam("s00760",1.0,$&); } if (/(i|we|he) inherited/) { spam("s00761",0.6,$&); } if (/jetzt/) { spam("s00762",0.6,$&); } if (/join (now|today)/) { spam("s00764",0.4,$&); } if (/join (the ){0,1}(ten|thousand|hundred|million)/) { spam("s00765",1.0,$&); } if (/[kc]um shot/) { spam("s00766",1.0,$&); } if (/kidney stone/) { spam("s00767",0.4,$&); } if (/klicken /) { spam("s00768",0.6,$&); } if (/kontakt/) { spam("s00769",0.8,$&); } if (/kuwait/) { spam("s00770",0.4,$&); } if (/pozdrav/) { spam("s03145",0.4,$&); } if (/ljeni/) { spam("s03146",0.4,$&); } if (/hvala/) { spam("s03147",0.4,$&); } if (/ odsote{0,1}n/) { spam("s03148",0.4,$&); } if (/ nujne /) { spam("s03149",0.4,$&); } if (/ zadeve /) { spam("s03150",0.4,$&); } if (/ljiv/) { spam("s03151",0.4,$&); } if (/[aeiou]jni /) { spam("s03152",0.4,$&); } if (/[aeiou]cnik /) { spam("s03153",0.4,$&); } if (/large.{0,3}archive/) { spam("s00771",1.0,$&); } if (/print(er|ing){0,1} (suppl(y|ies)|products{0,1})/) { spam("s00772",3.5,$&); } if (/(late|former) minister/) { spam("s00773",0.8,$&); } if (/learn a.{1,15}language/) { spam("s00775",1.0,$&); } if (/learn more/) { spam("s00776",0.8,$&); } if (/(legal|secret) movie/) { spam("s00777",1.5,$&); } if (/legit.{0,5} business/) { spam("s00778",0.6,$&); } if (/lesotho/) { spam("s00779",0.5,$&); } if (/less expensive but the same thing/) { spam("s00780",2.0,$&); } if (/less than perfect credit/) { spam("s00781",1.2,$&); } if (/(lewd|kid{1,}ie|girl).{0,3}photo/) { spam("s00782",1.5,$&); } if (/lieber besucher/) { spam("s00783",2.0,$&); } if (/life insurance/) { spam("s00784",0.6,$&); } if (/limited.{0,1}(time|quantit|period)|time.{0,4}limited/) { spam("s00785",0.5,$&); } if (/limited edition/) { spam("s00786",0.4,$&); } if (/limited time only/) { spam("s00787",3.342,$&); } if (/line of credit/) { spam("s00788",1.2,$&); } if (/lip plumper/) { spam("s00789",4.0,$&); } if (/live.{0,1}(chat|sex|action)/) { spam("s00790",0.8,$&); } if (/(live|lolita|(teen|girl)(ie){0,1}).{0,1}cam/) { spam("s00791",3.4,$&); } if (/(los(e|ing)|(stay|keep|gain)(ing|)|get((ting|) rid of|)|shed(ding|))( a little){0,1}( of| my| that| your| the| those){0,}( e{0,1}xtra){0,1} (weight|fat|p(ou|)(n|)ds{0,1}|spare tire)/) { $tmp=$&; $tmpscore=1.0; if ($tmp=~/shed/) { $tmpscore = $tmpscore + 0.4; } if ($tmp=~/ xtra/) { $tmpscore = $tmpscore + 0.6; } if ($tmp=~/spare tire/) { $tmpscore = $tmpscore + 0.6; } if ($tmp=~/ pds/) { $tmpscore = $tmpscore + 0.6; } spam("s00792",$tmpscore,$tmp); } if (/(los(e|ing)|shed).{0,9}( extra){0,1} (pound|fat|spare.{0,1}tire)/) { spam("s00793",1.0,$&); } if (/lower .{0,10}rate/) { spam("s00795",0.4,$&); } if (/lower.{0,40} (blood pressure|cholesterol)/) { spam("s00796",0.4,$&); } if (/(low(er|est){0,1}|reduce(d|s|)) (your |)(monthly |).{0,20}(bill|payment)/) { spam("s00797",0.8,$&); } if (/(reduce|lower) .{0,20}phone bill/) { spam("s00798",1.8,$&); } if (/at no extra cost/) { spam("s00799",0.8,$&); } if (/ call(ing|) plan/) { spam("s00800",0.4,$&); } if (/cheape(r|st) .{0,20}solution/) { spam("s00801",0.4,$&); } if (/your business c(an|ould) benefit/) { spam("s00802",2.0,$&); } if (/maggiori/) { spam("s00803",0.4,$&); } if (/ our .{0,20}(knowledge and |)expertise/) { spam("s00804",0.8,$&); } if (/have a serious interest/) { spam("s00805",0.4,$&); } if (/for more info(rmation|) (on|about) this exciting/) { spam("s00806",0.6,$&); } if (/mail promotion/) { spam("s00807",0.8,$&); } if (/mail was sent to you because /) { spam("s00808",4.038,$&); } if (/(make{0,1}|earn|rec(ei|ie)ve{0,1}|average{0,1})(ing){0,1} .{0,30} (per|each|in the next.{0,20}) (week|month|year|an{1,}um)/) { spam("s00810",0.6,$&); } if (/manufactur/) { spam("s00813",0.2,$&); } if (/mass.{0,3}mail/) { spam("s00814",1.107,$&); } if (/mastur{0,1}bating/) { spam("s00815",0.6,$&); } if (/medication/) { spam("s00816",0.4,$&); } if (/meditation/) { spam("s00817",0.4,$&); } if (/meet someone just like you/) { spam("s00818",0.6,$&); } if (/mein name ist/) { spam("s00819",1.0,$&); } if (/meine seite/) { spam("s00820",2.0,$&); } if (/estarei/) { spam("s00821",1.0,$&); } if (/escrit/) { spam("s00822",1.0,$&); } if (/senhores/) { spam("s00823",1.0,$&); } if (/afastado/) { spam("s00824",1.0,$&); } if (/necessitando/) { spam("s00825",1.0,$&); } if (/lefissa/) { spam("s00826",1.0,$&); } if (/prontamente/) { spam("s00827",1.0,$&); } if (/atendidos/) { spam("s00828",1.0,$&); } if (/message .{0,10}sen(d|t) (to you |)in compliance (of|with)/) { spam("s00829",0.486,$&); } if (/milf/) { spam("s00830",2.5,$&); } if (/(million|thousand)\b.{0,40}\b(united states{0,1} dollars|usd)/) { spam("s00831",4.498,$&); } if (/million us dollars/) { spam("s00832",0.3,$&); } if (/(mining|development|petroleum|oil and gas|mineral) (wealth|company|corporation|producer|developer|ministry)|russian oil company|oil company in russia/) { spam("s00833",0.6,$&); } if (/ministry/) { spam("s00834",0.4,$&); } if (/(no (degree|money|job|career|qualification)s{0,1}[^n]{0,1}){1,}/) { spam("s01807",(int ((0.4 * length($&) / 8) * 100)) / 100,$&); } if (/i kept the boxes in a trust company/) { spam("s00732",1.4,$&); } if (/(increase(d| your|)|substantial)( cash|)( (money[^e]{0,1}|)earnings{0,1}| power| potential| income| savings{0,1}){1,}/) { spam("s00741",1.0,$&); } if (/make .{0,15}(cash|paychecks) .{0,15}from .{0,5}home/) { spam("s00809",1.0,$&); } if (/(receiv|earn|mak|bring in).{0,3} (a |few |some |yourself ){0,}extra( income| cash| bucks| dollars)/) { spam("s00973",0.8,$&); } if (/(double your|extra) (income|earning)/) { spam("s03232",0.8,$&); } if (/(^| |\?|\!)are you .{0,}( |\?|\!)are you /) { $temp_text = " " . $_; $temp_score = 0.2; while ($temp_text =~ /[ \?\!]are you( .{0,})/) { $temp_text = $1; $temp_score = $temp_score + 0.2; } spam("s03233",$temp_score,"Lots of \"are yous\""); } if (/do(nt| not) let (this|it) (one |you |chance |amazing |opportunity |once in a lifetime ){0,}pass (you |)by/) { spam("s03493",0.8,$&); } if (/pullback/) { spam("s03494",0.4,$&); } if (/stop wasting (your ){0,1}time/) { spam("s01115",0.6,$&); } if (/unclaimed (cash|funds)/) { spam("s01189",0.6,$&); } if (/(((work|process)(ing|)|make \${1,}) (strictly |only |)(at|from) (your |my |)home|home.{0,1}worker)/) { spam("s01237",2.000,$&); } if (/money/) { if (/willing to do (this |it |these things |)for money/) { spam("s01567",0.8,$&); } if (/tak(ing|e)s{0,1} all (of ){0,1}your money/) { spam("s01467",0.6,$&); } if (/will make you money/) { spam("s01454",0.6,$&); } if (/100.{0,1}\%.{0,1}money.{0,1}back/) { spam("s00174",2.4,$&); } if (/money.{0,1}saving/) { spam("s00273",0.4,$&); } if (/deposited th(e|is) money/) { spam("s00423",0.2,$&); } if (/i will pay good money/) { spam("s00425",0.8,$&); } if (/check or money order/) { spam("s00500",3.781,$&); } if (/do you owe .{0,10} money/) { spam("s00566",0.6,$&); } if (/free money/) { spam("s00632",1.2,$&); } if (/(bigg{0,1}|fast|eas[yi])(est|) {0,1}money/) { spam("s01853",0.4,$&); } if (/i kept the money in a trust company/) { spam("s00732",1.4,$&); } if (/increase(d| your)( money|){0,1} (earning(s| power| potential)|income)/) { spam("s00741",1.0,$&); } if (/(lot|large amount)s{0,1} of money/) { spam("s00794",1.2,$&); } if (/make .{0,15}money .{0,15}from .{0,5}home/) { spam("s00809",1.0,$&); } if (/(mak|sav)(e|ing)s{0,1} (you |)money/) { spam("s00811",0.5,$&); } if (/making money is easy|easy to make money/) { spam("s00812",0.8,$&); } if (/money.{0,1}back/) { spam("s00835",0.6,$&); } if (/money making/) { spam("s00836",4.326,$&); } if (/play .{0,40}for (real|serious) money/) { spam("s00928",0.8,$&); } if (/play for fun/) { spam("s02662",0.8,$&); } if (/save money now/) { spam("s01002",0.4,$&); } if (/(serious| real) money/) { spam("s01063",0.8,$&); } if (/unbelievable( | (amount|sum|quantit(y|ie))s{0,1} of |)money/) { spam("s01866",1.4,$&); } if (/raise (new |)money/) { spam("s01867",0.6,$&); } if (/(receiv|earn|mak).{0,3} big money/) { spam("s00973",1.0,$&); } if (/stop wasting (your ){0,1}money/) { spam("s01115",0.6,$&); } if (/unclaimed money/) { spam("s01189",0.6,$&); } if (/make money (at|from) home/) { spam("s01237",2.000,$&); } if (/the money im saving/) { spam("s01160",0.8,$&); } if (/you(ll |will| can){0,1}make .{0,20}money/) { spam("s01270",1.0,$&); } } if (/more details attached/) { spam("s00837",1.1,$&); } if (/(more than|over) .{0,30} (people|users|customers)/) { spam("s00838",0.4,$&); } if (/mort{0,1}gage/) { spam("s00839",0.4,$&); } if (/(mort{0,1}g{0,1}age |home.{0,1}loan )(int(erest|) |)rates{0,1}/) { spam("s00840",4.0,$&); } if (/motivacion/) { spam("s00841",2.0,$&); } if ($hdr_from =~ /(hotmail|yahoo|aol|netscape|msn)\.(com|net|org)/) { if (/(msn|hotmail|yahoo|aol|netscape).{0,40} months free/) { spam("s00842",-0.4,$&); } if (/(msn|hotmail|yahoo|aol|netscape).{0,40} sign up (now|today)/) { spam("s00843",-1.0,$&); } if (/(msn|hotmail|yahoo|aol|netscape).{0,40} click here/) { spam("s00844",-1.0,$&); } if (/(msn|hotmail|yahoo|aol|netscape).{0,40} (only|just|under) [\%\$]{0,} {0,1}[0-9]{1,} {0,1}[\%\$]{0,}/) { spam("s01776",-0.8,$&); } if (/(msn|hotmail|yahoo|aol|netscape).{0,40}(\$ {0,1}[0-9]{1,}|[0-9]{1,} {0,1}[\%\$]) {0,1}((per|an{0,1}) ){0,1}(hour|da[yi]|week|month|year|an{1,}u(m|al))(ly){0,1}/) { spam("s01777",-2.0,$&); } if (/(msn|hotmail|yahoo|aol|netscape).{0,40}(as little as|only) \$[0-9]{1,}/) { spam("s01778",-0.8,$&); } } if (/mugabe/) { spam("s00845",0.7,$&); } if (/multi.{0,1}player/) { spam("s00846",0.6,$&); } if (/murder/) { spam("s00847",0.2,$&); } if (/(my |our |)((fa|(br|m)o)th|sist)er (was |)(kill|murder)ed/) { spam("s00848",2.0,$&); } elsif (/(my |our )((fa|(br|m)o)th|sist)er died/) { spam("s00848",1.0,$&); } if (/(kill|murder)(ed).{0,1} my ((fa|(br|m)o)th|sist)er/) { spam("s00849",2.0,$&); } if (/muscle cramps/) { spam("s00850",0.4,$&); } if (/myrewardcenter/) { spam("s00851",3.0,$&); } if (/(my wife, jody|mi esposa, jody)/) { spam("s00852",2.569,$&); } if (/nationwide/) { spam("s00853",0.3,$&); } if (/need a loan/) { spam("s00854",0.4,$&); } if (/needed by (the|your|our) bod(y|ies|ys)|(the|your|our) bod(y|ies|ys) need/) { spam("s00855",0.8,$&); } if (/(need|require)s{0,1} (a ){0,1}html.compliant .{0,2}mail/) { spam("s00856",0.8,$&); } if (/neue .{0,2}mail aus dem fitzshop briefkasten/) { spam("s00857",4.0,$&); } if (/(new|latest) (internet |domain |name ){1,3}extension/) { spam("s00858",5.129,$&); } if (/domain name registration/) { spam("s00859",0.4,$&); } if (/(twice| times.{0,1}) the price/) { spam("s00860",0.4,$&); } if (/no (long term contract|fine print)/) { spam("s00861",0.4,$&); } if (/(nice|hot|sexy) (lad(y|ies)|wom[ae]n|(girl|gal|chick)s{0,1}) wa(nts{0,1}|iting) to (cor{1,}espond|chat) (with|to) you/) { spam("s00862",4.5,$&); } if (/nice pics/) { spam("s00863",0.8,$&); } if (/nigeria/) { spam("s00864",0.7,$&); } if (/south africa/) { spam("s01893",0.2,$&); } if (/no .{0,10}(p(re|er)scription|investment|down.{0,1}payment)s{0,1} required/) { spam("s00865",0.8,$&); } if (/no.{0,1}(one|body|person) is turned (down|away)/) { spam("s00866",1.0,$&); } if (/no credit/) { spam("s00867",0.8,$&); } if (/(doc.{0,1}t.{0,1}o.{0,1}r.{0,1}|physician|ph[a\@]rm[a\@]c(ist|y))s{0,1} (visit|fee|appointment|consultation|approval)/) { spam("s00868",1.8,$&); } if (/no equipment purchase/) { spam("s00869",0.4,$&); } if (/(nominal.{1,30}|percentage )fee/) { spam("s00870",0.4,$&); } if (/(were |are |you |we ){1,}(seeking|looking for)/) { spam("s00871",0.6,$&); } if (/(no|any) (monthly|setup) (fee|charge)s{0,1}/) { spam("s00872",0.5,$&); } if (/dear sir/) { spam("s00873",0.4,$&); } if (/for (further|more|full) (detail|instruction)s{0,1}/) { spam("s00874",0.4,$&); } if (/represent our (service|company)/) { spam("s00875",0.8,$&); } if (/in your country/) { spam("s00876",0.8,$&); } if (/dear sir.{0,6}madam/) { spam("s00877",1.0,$&); } if (/no questions asked/) { spam("s00878",4.876,$&); } if (/no selling/) { spam("s00879",1.2,$&); } if (/not available in.{1,10}(store|shop)/) { spam("s00880",0.7,$&); } if (/now you (too ){0,1}can/) { spam("s00881",0.4,$&); } if (/nu[eo]vo/) { spam("s00882",0.4,$&); } if (/numero de confirmacion/) { spam("s00883",2.0,$&); } if (/nutritio(n|ous)/) { spam("s00884",0.3,$&); } if (/obrigado/) { spam("s00885",0.8,$&); } if (/of{1,}er.{0,30}subject.{0,30}credit approval/) { spam("s00886",0.4,$&); } if (/of{1,}er bonanza/) { spam("s00887",4.5,$&); } if (/(of{1,}er expires|see full of{1,}er for details|great of{1,}er)/) { spam("s00888",0.4,$&); } if (/of{1,}er(ing){0,1} \$[0-9]{1,}/) { spam("s00889",0.6,$&); } if (/(((of{1,}shore|swiss|oversea.{0,1}|foreign) |(bank ){0,1}ac{1,}ount )(in |an{0,1} ){0,}){2,}/) { spam("s00890",1.0,$&); } if (/(op{1,}ortunit(y|ie)|chance)s{0,1}.{0,1}of.{0,1}a.{0,1}life.{0,1}time/) { spam("s00891",0.200,$&); } if (/track record/) { spam("s00892",0.200,$&); } if (/[oa]nline (sale|selling|shop|store)/) { spam("s00893",0.8,$&); } if (/sell.{0,20}online/) { spam("s00894",0.2,$&); } if (/(online |hot |new ){1,}busines{1,} op{1,}ortunit(y|ie|s){1,}/) { spam("s00895",(int ((length($&) / 20) * 100)) / 100,$&); } if (/online degree|degree online/) { spam("s00896",1.2,$&); } if (/online (gambl|bett)ing/) { spam("s00897",1.5,$&); } if (/what are you waiting for/) { spam("s00898",1.0,$&); } if (/online (of{1,}er|business|(e(lectronic|)[^c]{0,1}|)commerce|solution|marketing)/) { spam("s00899",0.8,$&); } if (/network marketing/) { spam("s00900",0.8,$&); } if (/residual income/) { spam("s00901",1.8,$&); } if (/online gam(e|ing)/) { spam("s00902",0.4,$&); } if (/(online |insurance |free |price ){1,}quote/) { spam("s00903",0.8,$&); } if (/((online|li[cs]en[cs]ed) (ph[a\@]rm[a\@]c|doctor|med)|meds online)/) { spam("s00904",1.8,$&); } if (/opposition leader/) { spam("s00905",0.4,$&); } if (/opposition/) { spam("s00906",0.2,$&); } if (/oramdco/) { spam("s00907",2.8,$&); } if (/osteoporosis/) { spam("s00908",0.4,$&); } if (/ our girls/) { spam("s00909",0.4,$&); } if (/over (21|18).{0,2} only/) { spam("s00910",2.0,$&); } if (/over[^w]{0,1}weight/) { spam("s00911",0.4,$&); } if (/painless/) { spam("s00912",0.6,$&); } if (/paragraph .a.{0,10}2.{0,10}c. of s. 1618/) { spam("s00913",6.035,$&); } if (/para ser removido/) { spam("s00914",1.4,$&); } if (/pay/) { if (/pay(ing|) too much|overpay(ing|)( for|)/) { spam("s02660",0.8,$&); } if (/pay by credit card/) { spam("s00915",0.8,$&); } if (/stop paying( those| your| expensive| costly| medical| doctors{0,1}| bills{0,1}| monthly){0,}/) { spam("s01729",(int ((0.4 * length($&) / 11) * 100)) / 100,$&); } if (/pay.{0,1}per.{0,1}view/) { spam("s01730",0.6,$&); } if (/pay.{0,1}out/) { spam("s01592",0.2,$&); } if (/ c{1,} payment/) { spam("s01466",0.6,$&); } if (/mtg payment/) { spam("s02095",0.6,$&); } if (/(^| )mo payment/) { spam("s02096",0.6,$&); } if (/pay.per.(click|impression)/) { spam("s00269",0.6,$&); } if (/ down.{0,1}payment/) { spam("s00302",0.6,$&); } if (/ (i|we).{0,20} pay you/) { spam("s00315",0.6,$&); } if (/all forms of payment/) { spam("s00371",0.4,$&); } if (/pay(ing|) too much/) { spam("s00564",1.0,$&); } if (/late pay(er|ment)/) { spam("s00774",0.6,$&); } if (/repayment/) { spam("s00985",0.4,$&); } if (/you pay (us ){0,1}(n(othing|ada|aught|ought)|z(ero|ip|ilch))/) { spam("s01265",0.8,$&); } if (/no.{0,1}more.{0,1}(re|)payments{0,1}/) { spam("s02213",0.8,$&); } } if (/penis/) { spam("s00916",0.6,$&); } if (/personal bodyguard/) { spam("s00917",0.6,$&); } if (/personal trainer/) { spam("s00918",0.3,$&); } if (/phantasien/) { spam("s00919",1.5,$&); } if (/pharma[cieys]{0,}/) { spam("s00920",0.4,$&); } if (/ rx/) { spam("s03348",0.4,$&); } if (/pharma[^p^ ]{0,} (product|need)s{0,1}/) { spam("s02764",1.0,$&); } if (/phentermine/) { spam("s00922",1.8,$&); } if (/philippine/) { spam("s00923",0.5,$&); } if (/photo\s{0,3}gal{1,2}[ae]r(y|ies)/) { spam("s00924",0.5,$&); } if (/physical exam/) { spam("s00925",0.4,$&); } if (/(piece|part) of american history/) { spam("s00926",0.4,$&); } if (/pituitary gland/) { spam("s00927",0.4,$&); } if (/please call me \@/) { spam("s00929",0.6,$&); } if (/(poker (software|game|room|action|tournament|live|online)|(live|online) poker)/) { spam("s00930",0.6,$&); } if (/political election/) { spam("s00931",0.2,$&); } if (/political party/) { spam("s00932",0.2,$&); } if (/por favor/) { spam("s00933",0.8,$&); } if (/(potential|first.{0,1}time| new) (customer|visitor)/) { spam("s00934",0.8,$&); } if (/ prank /) { spam("s00935",0.4,$&); } if (/prank.{0,1}call/) { spam("s00936",0.6,$&); } if (/(ultimate|best).{0,1}prank/) { spam("s00937",0.6,$&); } if (/visit th(e following|is) site/) { spam("s00938",0.4,$&); } if (/precious (stone|gem|jewel|metal)/) { spam("s00939",0.6,$&); } if (/p(re|er).{0,1}scription[^m]{0,1}med(ication|s|z|)/) { spam("s00940",0.4,$&); } if (/p(re|er).{0,1}scription[^d]{0,1}drugs/) { spam("s00941",0.4,$&); } if (/p(re|er).{0,1}scription[^w]{0,1}weight([^l]{0,1}loss|)/) { spam("s02727",1.2,$&); } if (/p(re|er).{0,1}scription[^d]{0,1}diet/) { spam("s02728",0.4,$&); } if (/p(re|er).{0,1}scription|p(re|er).{0,1}scribe[ds]/) { $tmp = $&; if ($tmp =~ /^per/) { spam("s00942",1.4,$tmp); } else { spam("s00942",0.4,$tmp); } } if (/((p(re|er).{0,1}scription|p(re|er).{0,1}scribe|drug|med(ic(a(tion|l)|ine)|s|z)|pharma).{0,30}(canada|mexico)|(canada|mexico).{0,30}(p(re|er)scription|prescribe|drug|medic(a(tion|l)|ine)|pharma))/) { spam("s01400",1.2,$&); } if (/prestigi{0,1}ous\b.{0,20}\bnon.{0,1}ac{1,}redited\b.{0,20}\buniversities/) { spam("s00943",1.864,$&); } if (/priapism/) { spam("s00944",1.2,$&); } if (/price.{0,2}list/) { spam("s00945",0.3,$&); } if (/print\s+out\s+and\s+fax/) { spam("s00946",1.0,$&); } if (/private chat rooms/) { spam("s00947",2.5,$&); } if (/private investigator/) { spam("s00948",0.8,$&); } if (/producto/) { spam("s00949",0.4,$&); } if (/product/) { spam("s00950",0.1,$&); } if (/professional advancement/) { spam("s00951",0.4,$&); } if (/(professionally|custom) printed/) { spam("s00952",1.0,$&); } if (/program has been used suc{1,}essfully/) { spam("s00953",0.4,$&); } if (/highly suc{1,}essful/) { spam("s00954",0.1,$&); } if (/low risk investment/) { spam("s00955",0.2,$&); } if (/minimum investment/) { spam("s00956",0.1,$&); } if (/truly unique/) { spam("s00957",0.2,$&); } if (/((un(ique|(believ|imagin)able)|supreme|incredible).{0,30}?){2}/) { spam("s00958",0.4,$&); } if (/promo(tion){0,1} code/) { spam("s00959",0.8,$&); } if (/promotion/) { spam("s00960",0.2,$&); } if (/prospective buyer/) { spam("s00961",0.6,$&); } if (/protective custody/) { spam("s00962",0.4,$&); } if (/pure profit/) { spam("s00963",4.907,$&); } if (/(healthy|large|big) profit/) { spam("s00964",0.4,$&); } if (/(quali.{2,4}|genuine) prospects/) { spam("s00965",1.2,$&); } if (/quality guarantee/) { spam("s00966",0.5,$&); } if (/quantities are limited/) { spam("s00967",0.5,$&); } if (/reach .{0,30}potential (buyer|customer|client)/) { spam("s00968",2.0,$&); } if (/real.{0,1}estate/) { spam("s00969",0.8,$&); } if (/realtor/) { spam("s00970",0.4,$&); } if (/rec(ei|ie)ved\s+this.{0.30}in er{1,}or/) { spam("s00971",1.5,$&); } if (/received.{0,15} by mistake/) { spam("s00974",1.812,$&); } if (/received this.{1,10}in er{1,}or/) { spam("s00975",1.608,$&); } if (/(receive |earn |qualif(y|ied) (for |)|secure(d|) |register(ed|) |verified ).{0,7}(degree|diploma|masters)/) { spam("s00976",1.2,$&); } if (/reclame su premio/) { spam("s00977",2.0,$&); } if (/(reduc.{1,10}|stop) wrinkles/) { spam("s00978",0.4,$&); } if (/(reduc|de.{0,1}creas|restor|in.{0,1}creas|im.{0,1}prov|shed).{1,30}(weight|fat|hair|wrinkl|sex|mood|muscle|pound|skin.{0,1}(tone|texture))/) { spam("s00979",0.7,$&); } if (/amazing breakthrough/) { spam("s01653",1.6,$&); } if (/burns{0,1} (of{1,} |)(some |more |that |)fat/) { spam("s01654",0.8,$&); } if (/increase (your |)energy/) { spam("s01655",0.6,$&); } if (/(control|suppresse{0,}|decrease)[sd]{0,1} (your |)appetite/) { spam("s01656",1.0,$&); } if (/((suppress[ingeds]{0,} |appetite |boost(ing|s|ed|) |hung[ery]{2} )((increas|improv)(e[sd]{0,1}|ing) |my |your{0,1} |and |never |feel |full |satisf[iedsy]{1,} |all |day |long |energy |levels{0,1} |sex |drive ){0,}){2,}/) { spam("s03041",(int ((length($&) / 24) * 100)) / 100,$&); } if (/(re|)fi(nance|) your ho(use|me)/) { spam("s00980",1.0,$&); } if (/(re|)fi(nance|) app(l|)(ic|)(ation|)/) { spam("s02921",0.8,$&); } if (/(re|)fi(nance|) (your{0,1} |ho(use|me) |at |with |our |a super |low| rate |of ){0,}[0-9 ]{1,}\%/) { spam("s02920",1.0,$&); } if (/refinance/) { spam("s00981",0.4,$&); } if (/reliable vend[oe]r/) { spam("s00982",0.6,$&); } if (/removal instructions/) { spam("s00983",1.232,$&); } if (/online removal/) { spam("s01958",1.0,$&); } if (/(remove|delete).{1,15}subject/) { spam("s00984",4.542,$&); } if (/members only/) { spam("s00986",0.6,$&); } if (/your (message|.{0,2}mail) .{0,30}(await|need|require)s (moderator |)approval/) { spam("s00987",1.0,$&); } if (/reply.{1,15}remove.{1,15}subject/) { spam("s00988",4.570,$&); } if (/replying to this .{0,2}mail will not unsubscribe you./) { spam("s00989",6.803,$&); } if (/((wholesale|speciali{0,1}ty|distributor).{0,15}?){2}/) { spam("s00990",0.4,$&); } if (/ remove.{0,24} from our database/) { spam("s00991",0.4,$&); } if (/requests to be taken of{1,} our .{0,2}mail(ing){0,1} list/) { spam("s00992",4.364,$&); } if (/request your assistance|your assistance (is|would be) (requir|need|appreciat)ed/) { spam("s00993",0.5,$&); } if (/(requires a.{1,20}(client|program).{0,20}(can view|capable of viewing) html|html (capable|compatible|enabled) .{0,2}mail.{0,1}(client|program))/) { spam("s00994",0.8,$&); } if (/reserve a.{0,20} name/) { spam("s00995",0.6,$&); } if (/return validate_form/) { spam("s00996",3.493,$&); } if (/revitaliz.{1,40} (heart|liver|kidney|lung)/) { spam("s00997",0.6,$&); } if (/revolutionary new product/) { spam("s00998",2.6,$&); } if (/s..{0,10}1618.{0,10}-.{0,10}section.{0,10}301/) { spam("s00999",0.858,$&); } if (/safe alternative/) { spam("s01000",0.4,$&); } if (/satisfied .{0,50}(customer|owner)/) { spam("s01001",0.6,$&); } if (/(saved{0,1}|ma[dk]e|earn(ed|)) {0,1}(you(rself){0,1} ){0,1}((tens|hundreds) {0,1}of {0,1}|a {0,1}){0,1}(hundred|thousand)s{0,1}( {0,1}of){0,1}( {0,1}dollars){0,1}/) { spam("s01003",0.8,$&); } if (/((axs.{0,1}guard|mdaemon|securiqwatchdog|scanmail|esafe|declude|inflex |anti(gen|virus)( for exchange|)|(trend|mail).{0,1}anti.{0,1}virus|symantec avf|(web|group)shield|mail.{0,1}(scan(ner|)|monitor)|(transaction|delivery|action|clean) fail(ed|ure)|(it |)(th(is|e) |)(your |)(message |file |mail |)(attached to this .{0,3}(mail|message) |)(was |has been |)((det|rej)ected|quarantined|isolated|scan{1,}ed|replaced|removed|not ac{1,}epted|intercepted|triggered|violated|triggered|(infect|purg)ed (of |)(the |)(by|with|file|message|attachment|because)|blocked|quarantined|(has been|was) deleted|(security|spam|content) (policy|rule|ctrieria|filter)|forbid{1,}en (file |)extension|triggered| rule |found|gefunden|detectado|arquivo|nao permitido|not (be |)delivered)|(possible |)(v[ií]rus|trojan)|([ia]n |)(the |executable ){0,}(file |)attachments{0,1}( not|)| (w32.{0,1}|)bagle.{0,1} |(w32.{0,1}|)(netsky|wormscoa|sobig|m[yi]doom|novar[gd])|(with |)(a |)prohibited|(to |)protect (the |our |)mail.{0,1}s(ystem|erver)|potentially (dangerous|hostile|malicious)|(dangerous|hostile|malicious) content|(executable |this type of |)files{0,1}( of this type|) (is|are) not ac{1,}ept(ed|able)|to prevent further damage|este alerta|content filters|enthielt|entdeckt|contaminado|recipient|conteudo|rejeitado( assunto|)|(pelo |)filtro).{0,30}?){3}/) { spam("s01004",3.0,$&); } if (/ (einen|del) virus/) { spam("s01005",0.8,$&); } if (/in einem ihrer dokumente festgestellt/) { spam("s01006",1.4,$&); } if (/festgestellt/) { spam("s01007",0.4,$&); } if (/infiziert/) { spam("s01008",0.8,$&); } if (/virus entdeckt/) { spam("s01834",0.8,$&); } if (/die infizierte komponente/) { spam("s01009",0.6,$&); } if (/bericht an absender/) { spam("s01010",0.8,$&); } if (/gelöscht/) { spam("s01011",0.4,$&); } if (/gracias por contactar/) { spam("s01012",0.8,$&); } if (/incidencia del virus/) { spam("s01013",1.4,$&); } if (/serán eliminados/) { spam("s01014",0.8,$&); } if (/las molestias atentamente/) { spam("s01015",1.4,$&); } if (/attachment of type ($exe_file_types) /) { spam("s01016",2.4,$&); } if (/potentially malicious content/) { spam("s01017",1.2,$&); } if (/content violation/) { spam("s01018",1.2,$&); } if (/usage restricted/) { spam("s01019",0.6,$&); } if (/(restrict|forbid|prohibit).{0,20}transmission.{0,30}attachment/) { spam("s01021",1.0,$&); } if (/please resend.{0,40}in a zip file/) { spam("s01022",1.0,$&); } if (/ban{1,}ed.{0,1}(content|cd)/) { spam("s01023",1.6,$&); } if (/(executable|dangerous) (file |)(as an |)attachment/) { spam("s01024",0.8,$&); } if (/(executable|dangerous) filetype/) { spam("s01025",0.8,$&); } if (/vector of infection/) { spam("s01026",0.4,$&); } if (/computer viruses/) { spam("s01027",0.2,$&); } if (/of{1,}ending attachment/) { spam("s01028",0.6,$&); } if (/legitimate attachment/) { spam("s01029",0.6,$&); } if (/virus infection/) { spam("s01030",0.4,$&); } if (/contains a virus/) { spam("s01031",1.8,$&); } if (/blocked (message|.{0,2}mail|delivery)/) { spam("s01032",0.6,$&); } if (/intended recipient/) { spam("s01033",0.6,$&); } if (/(message|mail).{0,30}was (blocked|quarantined|rejected)/) { spam("s01034",1.2,$&); } if (/rejected by .{0,20}server/) { spam("s01035",1.0,$&); } if (/\/sobig/) { spam("s01036",1.0,$&); } if (/please (contact|forward th(is|e) (attach(ment|ed) |e{0,1}m(ail|message) |warning |notification ){0,}to) your (system administrator|tech(nichal|.|) support|it department)/) { spam("s01037",1.0,$&); } if (/interscan.{0,20}viruswall/) { spam("s01038",2.0,$&); } if (/(the latest|cur{1,}ent|up.{0,1}to.{0,1}date) virus (information |)(file|definition)s{0,1}/) { spam("s01039",1.0,$&); } if (/anti.{0,1}(spam|virus) (content |)a[il]ert/) { spam("s01040",3.0,$&); } if (/(message|.{0,2}mail) (you sent |)(has been|was) (check|scan{1,}|block)ed/) { spam("s01041",1.4,$&); } if (/(check|scan{1,})ed for virus(es|)/) { spam("s01042",0.8,$&); } if (/virus(es|) (were |was |)(detected|found)/) { spam("s01043",1.2,$&); } if (/virus was (found|detected) .{0,50}attachment/) { spam("s01044",1.5,$&); } if (/(unac{1,}eptable|restricted|sensitive) (content|attachment)/) { spam("s01045",1.8,$&); } if (/attachments{0,1} (ha(s|ve) been |was |were |)removed/) { spam("s01046",1.0,$&); } if (/attachments{0,1} removed.{0,30}($exe_file_types_no_com)( |$)/) { spam("s01047",2.0,$&); } if (/(virus in|triggered by) a.{0,4}m(ail|essage) you sent/) { spam("s01048",1.2,$&); } if (/virus (detector|scan{1,}er)/) { spam("s01049",0.6,$&); } if (/attachments{0,1} you sent .{0,60}(has been|was) re(mov|plac)ed/) { spam("s01050",2.0,$&); } if (/attachments{0,1} (which |that |)contained (a |the |)virus/) { spam("s01051",2.0,$&); } if (/contained the (worm|trojan|virus)/) { spam("s01052",1.0,$&); } if (/schreibe mir/) { spam("s01053",0.5,$&); } if (/search (engine|director(y|ie)|listing)s{0,1}.{0,40}(rank|place)|(rank|place).{0,40}search (engine|director(y|ie)|listing)s{0,1}/) { spam("s01054",1.0,$&); } if (/ex[^c]{0,1}change[^l]{0,1}links{0,1}|links{0,1}[^e]{0,1}ex.{0,1}change/) { spam("s01055",0.8,$&); } if (/secret admirer/) { spam("s01056",0.8,$&); } if (/section.{0,10}301/) { spam("s01057",1.650,$&); } if (/see u/) { spam("s01061",1.1,$&); } if (/seminario/) { spam("s01062",2.0,$&); } if (/servi[cz]io/) { spam("s01064",0.4,$&); } if (/security/) { if (/security policy/) { spam("s01020",0.2,$&); } if (/security company/) { spam("s01058",0.6,$&); } if (/security firm/) { spam("s01059",0.4,$&); } if (/security vault/) { spam("s01060",0.4,$&); } if (/social security (number|record)/) { spam("s01090",1.8,$&); } if (/trace anyone by social security number/) { spam("s01184",2.861,$&); } } if (/sex/) { if (/sex.{0,1}spiel/) { spam("s01065",4.0,$&); } if (/sex(ual){0,1} (drive|function|tension|frustration|longevity)/) { spam("s01066",1.0,$&); } if (/sex(ual){0,1} partner/) { spam("s01067",1.4,$&); } if (/sexual(ly){0,1} (power|poten|explicit)/) { spam("s01068",1.4,$&); } if (/sexuelle{0,1}|sexuales|sexuais/) { spam("s01070",2.5,$&); } if (/sex show/) { spam("s01071",1.0,$&); } if (/sex(ual|).{0,1}li[fv]e/) { spam("s01072",1.0,$&); } if (/sex with animals/) { spam("s01077",3.0,$&); } if (/sexy{0,1} {0,1}(pic|pix|movie|image|vid)/) { spam("s01078",1.4,$&); } if (/sexy and discreet/) { spam("s01079",0.4,$&); } if (/great sex/) { spam("s01556",0.8,$&); } if (/guter sex/) { spam("s01437",2.2,$&); } } if (/explicit (material|nature)/) { spam("s01069",0.6,$&); } if (/po(werful|tent) (little |natural |)herb/) { spam("s01073",1.0,$&); } if (/(herb|natur)[ae]l.{0,50}(cure|remedy|pill|tonic|product)/) { spam("s01074",0.8,$&); } if (/in the bed.{0,1}room/) { spam("s01075",1.0,$&); } if (/(hear|read|see|listen to) what (our |)(satisfied |)customers (are |have to |)(say|think)(ing|)/) { spam("s01076",1.0,$&); } if (/sicherlich/) { spam("s01080",1.0,$&); } if (/si desea ser bor{1,}ado/) { spam("s01081",5.0,$&); } if (/sier{1,}a leone/) { spam("s01082",0.7,$&); } if (/sign up (today|now)/) { spam("s01083",1.0,$&); } if (/sistema/) { spam("s01084",0.4,$&); } if (/site is (just ){0,1}amazing/) { spam("s01085",1.0,$&); } if (/skin.{0,1}t(exture|one)/) { spam("s01086",0.4,$&); } if (/slash your (month|week|year)/) { spam("s01087",1.0,$&); } if (/smok(ing|ers)association/) { spam("s01088",2.8,$&); } if (/smooth boys/) { spam("s01089",1.0,$&); } if (/solicitor/) { spam("s01091",0.2,$&); } if (/solicitud/) { spam("s01092",0.8,$&); } if (/soluzione/) { spam("s01093",0.4,$&); } if (/spiritual event/) { spam("s01094",0.4,$&); } if (/(((intensive|workshop|consultation|seminar)s{0,1} )(our |and{0,1} |then{0,1} |this ){0,1}){2,}/) { spam("s01095",0.6,$&); } if (/subject (of the |)(mail |message |)(was |)re (re |)(your|my) details/) { spam("s01096",2.5,$&); } if (/subject (of the |)(mail |message |)(was |)re (re |)(details|thank you)/) { spam("s01097",1.5,$&); } if (/subject (of the |)(mail |message |)(was |)re (re |)(application|screensaver|movie|approved)/) { spam("s01098",1.5,$&); } if (/subject (of the |)(mail |message |)(was |)re (re |)(your|my|wicked|cool|that) (application|screensaver|movie)/) { spam("s01099",2.5,$&); } if (/subject (of the |)(mail |message |)(was |)(re |)(re |)(your|my) details/) { spam("s01100",1.0,$&); } if (/subject (of the |)(mail |message |)(was |)(re |)(re |)(details|thank you)/) { spam("s01101",1.0,$&); } if (/subject (of the |)(mail |message |)(was |)(re |)(re |)(application|screensaver|movie|approved)/) { spam("s01102",1.0,$&); } if (/subject (of the |)(mail |message |)(was |)(re |)(re |)(your|my|wicked|cool|that) (application|screensaver|movie)/) { spam("s01103",1.0,$&); } if (/sounds interesting to me/) { spam("s01104",0.6,$&); } if (/(^|\s)our system /) { spam("s01105",0.6,$&); } if (/split the(se|ir){0,1} (girl|puss)/) { spam("s01106",3.0,$&); } if (/sport.{0,2}trivia/) { spam("s01107",0.6,$&); } if (/sportsbook/) { spam("s01108",1.5,$&); } if (/sav(e|ing)\s(hundreds|thousands)/) { spam("s01109",0.8,$&); } if (/state.{0,1}of.{0,1}the.{0,1}art/) { spam("s01110",0.3,$&); } if (/start earning (today|now|more)/) { spam("s01111",0.8,$&); } if (/(stock |tech |ticker |trading |wall.{0,1}street |loan ){1,}(buyers{0,1} |price |watch ){0,}a[il]ert/) { spam("s01113",2.744,$&); } if (/(stock |hot ){1,}(oil |)pick/) { spam("s01114",2.723,$&); } if (/(strong|urgent).{0,1}buy/) { spam("s01116",6.053,$&); } if (/subject.{1,15}remove/) { spam("s01117",0.100,$&); } if (/subject to credit approval/) { spam("s01118",5.376,$&); } if (/subscriber/) { spam("s01119",0.2,$&); } if (/subscriber.{0,30}data.{0,1}base|data.{0,1}base.{0,30}subscriber/) { spam("s01120",0.6,$&); } if (/su familia/) { spam("s01121",1.0,$&); } if (/super fuel saver/) { spam("s01122",2.6,$&); } if (/(super low|home int(erest|)) rate/) { spam("s01123",2.0,$&); } if (/surveillance equipment/) { spam("s01124",0.8,$&); } if (/swaziland/) { spam("s01125",0.5,$&); } if (/swee[pt]stake/) { spam("s01126",0.6,$&); } if (/take action now!/) { spam("s01127",6.228,$&); } if (/tak(e|ing) advantage of.{1,40}(savings|of{1,}er|program)/) { spam("s01128",0.6,$&); } if (/talking library/) { spam("s01129",1.4,$&); } if (/targeted/) { spam("s01130",0.4,$&); } if (/telefonieren /) { spam("s01131",0.3,$&); } if (/temple kif{1,}/) { spam("s01132",3.368,$&); } if (/autorizzazion/) { spam("s01133",1.0,$&); } if (/possessori/) { spam("s01134",1.0,$&); } if (/vostro/) { spam("s01135",1.0,$&); } if (/nominativo/) { spam("s01136",1.0,$&); } if (/archivio/) { spam("s01137",1.0,$&); } if (/iscritti/) { spam("s01138",1.0,$&); } if (/riceverete/) { spam("s01139",1.0,$&); } if (/messaggi/) { spam("s01140",1.0,$&); } if (/educacio/) { spam("s01141",1.0,$&); } if (/aquiacute/) { spam("s01142",1.0,$&); } if (/secundaria/) { spam("s01143",1.0,$&); } if (/novedades/) { spam("s01144",1.0,$&); } if (/her{1,}amienta/) { spam("s01145",1.0,$&); } if (/diversidad/) { spam("s01146",1.0,$&); } if (/solamente/) { spam("s01147",1.0,$&); } if (/educativos/) { spam("s01148",1.0,$&); } if (/comentarios/) { spam("s01149",1.0,$&); } if (/ter{1,}orist/) { spam("s01150",0.4,$&); } if (/all (of |)(your |)future messages will be delivered/) { spam("s01151",1.0,$&); } if (/this is an automated reply/) { spam("s01152",0.2,$&); } if (/mail filter/) { spam("s01153",0.3,$&); } if (/dormant ac{1,}ount/) { spam("s01154",0.8,$&); } if (/without (making |)a will/) { spam("s01155",0.8,$&); } if (/that your .{0,2}mail ad{1,}ress is removed/) { spam("s01156",1.849,$&); } if (/the attached message can now be opened safely/) { spam("s01157",5.0,$&); } if (/the fda/) { spam("s01158",0.6,$&); } if (/the following form\b/) { spam("s01159",3.466,$&); } if (/the perfect gift/) { spam("s01161",0.4,$&); } if (/bonus item/) { spam("s01162",0.4,$&); } if (/learn(ing|) (english|spanish|german|french)/) { spam("s01163",0.8,$&); } if (/the trees save the planet use .{0,2}mail!/) { spam("s01164",2.418,$&); } if (/(this|it) .{0,30}is( not|nt) (a |)spam/) { spam("s01165",2.000,$&); } if (/this a.{0,1}d is produced and sent out by/) { spam("s01166",6.784,$&); } if (/this\b.{0,20}\b(one|1).time\b.{0,20}\b(.{0,2}mail|of{1,}er)/) { spam("s01167",1.329,$&); } if (/this (.{0,2}mail|message) ((has ){0,1}reached|was sent to) you in er{1,}or/) { spam("s01168",0.2,$&); } if (/this (|.{0,2}mail|message )(is|was) (not|never) (spam|(sent |)unsolicited)/) { spam("s01169",2.643,$&); } if (/this game is my first work/) { spam("s01170",2.6,$&); } if (/this is a (excite game|ie [\.0-9]{1,4} patch|win.{0,30} patch)/) { spam("s01171",3.1,$&); } if (/this is a (very\s*){0,1}(pow.{0,2}ful\s{0,1}){0,1}(special\s{0,1}){0,1}(fun{1,}y\s{0,1}){0,1}(new {0,1}){0,1}(game|website|tool)/) { spam("s01172",2.1,$&); } if (/th(is|ese) of{1,}ers{0,1} (is|are) (not |)(only |)available/) { spam("s01173",1.2,$&); } if (/fun{1,}y game/) { spam("s01174",0.8,$&); } if (/this safeguard is not inserted when using the registered version/) { spam("s01175",1.538,$&); } if (/til it( i){0,1}s too late/) { spam("s01176",0.6,$&); } if (/to be removed please/) { spam("s01177",4.133,$&); } if (/to unsubscribe please/) { spam("s01178",1.0,$&); } if (/please (click|visit)/) { spam("s01179",0.4,$&); } if (/to (be removed|be deleted|no longer receive th(is|ese) messages{0,1}) (from|send|reply|.{0,2}mail)/) { spam("s01180",1.020,$&); } if (/(toner|print(er|ing){0,1}|ink.{0,1}(jet){0,1}) car{0,1}tr{0,1}idge/) { spam("s01181",3.957,$&); } elsif (/(toner|print(er|ing){0,1}|ink.{0,1}(jet){0,1}).{0,40}?car{0,1}tr{0,1}idge/) { spam("s02097",1.0,$&); } if (/tools{0,1} (to|(that ){0,1}(can|will)) help you become/) { spam("s01182",1.8,$&); } if (/trabalho/) { spam("s01183",0.8,$&); } if (/traf{1,}icationco/) { spam("s01185",2.8,$&); } if (/translation (service|bureau)/) { spam("s01186",1.2,$&); } if (/(services{0,1}|bureau) (de |)(translation|traduction)/) { spam("s01403",1.2,$&); } if (/(variety of|various) languages/) { spam("s01404",0.4,$&); } if (/as part of your operation/) { spam("s01405",0.4,$&); } if (/tusegurointernacional/) { spam("s01187",4.0,$&); } if (/twink orgies/) { spam("s01188",1.4,$&); } if (/unita/) { spam("s01190",0.4,$&); } if (/un.{0,1}limited.{0,40}minutes/) { spam("s01191",0.4,$&); } if (/unsolicited commercial electronic .{0,2}mail act/) { spam("s01192",1.000,$&); } if (/(urgent|profitable) (business|venture|enquiry|deal)/) { spam("s01193",0.8,$&); } if (/(urgent|profitable) business proposal/) { spam("s01194",1.0,$&); } if (/using .{0,2}mail instead can significantly reduce this/) { spam("s01195",2.890,$&); } if (/ust a click away/) { spam("s01196",0.4,$&); } if (/usted y /) { spam("s01197",1.0,$&); } if (/verschicken /) { spam("s01202",0.3,$&); } if (/very dangerous by cor{1,}upting your files/) { spam("s01203",2.6,$&); } if (/vjestika aphrodisia/) { spam("s01211",1.739,$&); } if (/w32.{0,30}removal tool/) { spam("s01212",2.6,$&); } if (/waiting.{0,30}you.{0,30}in (my|the) bed.{0,1}room/) { spam("s01213",3.0,$&); } if (/waiting for you(r| to) call/) { spam("s01214",1.0,$&); } if (/warning.{0,40}very ad{1,}ictive site/) { spam("s01215",3.0,$&); } if (/we .{0,30}oppose the use of spam/) { spam("s01216",4.562,$&); } if (/we( a){0,1}re proud to/) { spam("s01217",0.6,$&); } if (/we( a){0,1}(re){0,1}( the){0,1} speciali(sts|[sz]e)/) { spam("s01218",1.2,$&); } if (/we are not responsible if you lose your job/) { spam("s01219",3.0,$&); } if (/we do not (spam|send unsolicited)/) { spam("s01220",1.0,$&); } if (/we guarantee/) { spam("s01221",0.8,$&); } if (/we have received a request .*subscription of your .{0,2}mail ad{1,}ress.* to the .* mailing list/) { spam("s01222",-4.0,$&); } if (/we have (the |an{0,1} |)(best ){0,1}(solution|answer|(web.{0,1}|)site)/) { spam("s01223",1.0,$&); } if (/we (will ){0,1}(honou{0,1}r|respect|process)( all|)( the|) remov(e|al) request/) { spam("s01224",4.476,$&); } if (/weight loss/) { spam("s01225",0.4,$&); } if (/weight management/) { spam("s02720",0.6,$&); } if (/we need you to/) { spam("s01226",0.6,$&); } if (/(west|east) africa/) { spam("s01227",0.6,$&); } if (/we(ve| have) help(ed){0,1} (hundred|thousand|million)/) { spam("s01228",0.8,$&); } if (/what you(ve| have) been missing/) { spam("s01229",1.0,$&); } if (/why you should buy (gold|diamond)/) { spam("s01230",3.0,$&); } if (/wie du siehst spielt/) { spam("s01231",4.0,$&); } if (/wild.{0,15}hard.{0,1}core/) { spam("s01232",2.2,$&); } if (/(wild|crazy) desires/) { spam("s01233",0.4,$&); } if (/(wish to|click to|to) re{0,1}move (yo|)urself|re{0,1}move (yo|)urself (by |click(ing|) |here |go |follow ){1,}/) { spam("s01234",1.621,$&); } if (/without attending class/) { spam("s01235",1.2,$&); } if (/worldbid\.com/) { spam("s01238",4.0,$&); } if (/worlds (smallest |private |)(digital |)(camera|web.{0,1}cam)/) { spam("s01239",1.2,$&); } if (/the (world|internet)s (first|only|best|(small|big|larg|hott)est)/) { spam("s01240",1.0,$&); } if (/wr[oi]te a single rule/) { spam("s01241",1.2,$&); } if (/www.etracks.com/) { spam("s01242",0.4,$&); } if (/xanax/) { spam("s01243",1.2,$&); } if (/zyban/) { spam("s01737",1.2,$&); } if (/xxx movie/) { spam("s01244",2.0,$&); } if (/your{0,1} desire/) { spam("s01245",0.8,$&); } if (/you.{0,15}(name|mail).{0,15}(was|were).{0,15}list/) { spam("s01246",1.0,$&); } if (/you(.{0,3}ve been|.{0,3}re{0,1}) pre.{0,1}(selected|qualified)/) { spam("s01247",1.2,$&); } if (/you(.{0,3}ve been|.{0,3}re{0,1}) (selected|qualified)/) { spam("s03368",0.6,$&); } if (/you( a){0,1}re the first player/) { spam("s01248",2.6,$&); } if (/you are advised to keep everything secret/) { spam("s01249",0.8,$&); } if (/you can save/) { spam("s01250",0.4,$&); } if (/you are receiving this .{0,2}mail because/) { spam("s01251",1.2,$&); } if (/youcansave/) { spam("s01252",2.5,$&); } if (/(you((ha|)ve|) ){0,1}(could ){0,1}(ever |always ){0,1}want(s|ed){0,1}!/) { spam("s01253",0.6,$&); } elsif (/you((ha|)ve|) (ever |always )wanted/) { spam("s01253",0.6,$&); } if (/you did not opt.in/) { spam("s01254",3.524,$&); } if (/ opt(ed|) in /) { spam("s01255",0.6,$&); } if (/of{1,}icial(ly){0,1} li[sc]en[sc]ed{0,1}/) { spam("s01256",0.6,$&); } if (/because you are over (18|21)/) { spam("s01257",1.6,$&); } if (/you (are|must be) over (18|21)/) { spam("s01258",0.4,$&); } if (/(you (do.{0,3}n.{0,3}t|(would |)no longer) (want|wish|care|like) (to receive ){0,1}|((take me |to be (taken |))of{1,} ))(more |future |our |just |)(e{0,1}[^m]{0,1}mail(ing|)s{0,1}|cor{1,}espond[ea]nces{0,1}|(my|this) list) (on this subject|in the future|from us|via |)/) { spam("s01259",1.0,$&); } if (/you (would ){0,1}((want|wish|care|prefer) not to |(don't|do not) ((want|wish|care) to ){0,1})(be contacted again|receive (any ){0,1}(more |future |further |these |this |of ){0,1}(.{0,2}mail|message|of{1,}er|solicitation|cor{1,}espond[ea]nce)s{0,1}|material)/) { spam("s01260",0.4,$&); } if (/you (do not|no longer) wish to receive|you are (not|no longer) interested in this/) { spam("s01261",0.4,$&); } if (/you have been selected as a (finalist|win{1,}er)/) { spam("s01262",3.195,$&); } if (/you only need to run this tool once/) { spam("s01263",2.6,$&); } if (/you owe it to your.{0,1}self/) { spam("s01264",0.6,$&); } if (/young (and ){0,1}healthy/) { spam("s01266",0.6,$&); } if (/your health/) { spam("s01267",0.3,$&); } if (/your income/) { spam("s01268",3.047,$&); } if (/you (were sent|have received) this message because/) { spam("s01269",2.134,$&); } if (/you(ll |will| can) (receive|save)/) { spam("s01271",0.2,$&); } if (/you( wi|)ll visit these ladies again/) { spam("s01272",3.0,$&); } if (/you( wi|)ll be glad you did/) { spam("s01273",0.8,$&); } if (/you (wish|want|would like|desire) to be removed/) { spam("s01274",2.328,$&); } if (/zaire/) { spam("s01275",0.5,$&); } if (/zimbabwe/) { spam("s01276",0.7,$&); } if (/zusehen/) { spam("s01277",1.0,$&); } if (/disallowed attachment/) { spam("s01278",0.8,$&); } if (/((is|are|please) in|see|check( out|)) (the |)attached .{0,20}file/) { $body_text_claims_attachment = 1; } if (/(comprehensive|updated|up.{0,1}to.{0,1}date) info/) { spam("s01279",0.4,$&); } if (/ to order (th(e(se){0,1}|is)|y{0,1}our) /) { spam("s01280",0.4,$&); } if (/ order today /) { spam("s01281",0.4,$&); } if (/weight gain /) { spam("s01282",0.4,$&); } if (/((diet |calories{0,1} |carb(s|ohydrates{0,1}|) |weight |pills{0,1} |atkins ).{0,30}?){3}/) { spam("s01283",0.8,$&); } if (/we( will|ll|) ship .{0,60}any.{0,1}where [io]n the (usa{0,1}|world|continent)/) { spam("s01284",0.8,$&); } if (/(^|[^e])cialis([^t]|$)/) { spam("s01206",2.2,$&); } if (/(^|[^a-z])regalis/) { spam("s01206",2.2,$&); } if (/ e[^p^c]{0,1}(pharm|chemist)/) { spam("s02746",1.2,$&); } if (/(search |)(($fuzzy_numbers) ){1,}member profiles/) { spam("s02857",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(^| )propecia/) { spam("s02883",2.0,$&); } if (/(^| )ef{1,}exor/) { spam("s03449",2.0,$&); } if (/(^| )lisinopril/) { spam("s03450",2.0,$&); } if (/finasteride/) { spam("s03440",2.0,$&); } if (/up [^ ]{1,10} cents/) { spam("s02965",0.4,$&); } if (/million (share|bar{1,}el|member)s{0,1}/) { spam("s02966",0.4,$&); } if (/(potential|prospective) invest(or|ment)s{0,1}/) { spam("s02967",0.4,$&); } if (/(huge|large|major|best|biggest|big) (gain|increase)s{0,1}/) { spam("s02967",0.2,$&); } if (/(^| )artikel( |$)/) { spam("s03239",0.6,$&); } if (/(^| )dapatkan( |$)/) { spam("s03240",0.6,$&); } if (/one of those rear deals/) { spam("s03252",3.6,$&); } if (/(on |our |this |new |amazing |the |miracle |incredible |wonderful |super ){1,}program(me|)( will| to| help(s|ing|)| your{0,1}| that| has| been| me| lose| shed| my| weight| those| the| extra| quit| few| pounds{0,1}| or| a| two| spare tire){1,}/) { spam("s03261",(int ((length($&) / 30) * 100)) / 100,$&); } if (/^i just received my watch yesterday/) { spam("s03451",2.6,$&); } if (/it looks exactly like the picture on your website/) { spam("s03452",2.6,$&); } if (/this was actually my first time ordering from the internet and ive heard so many bad things/) { spam("s03453",2.6,$&); } if (/i really wish all internet companies were like yours/) { spam("s03454",2.6,$&); } if (/je suis absent/) { spam("s03483",0.6,$&); } if (/mon retour/) { spam("s03484",0.4,$&); } if (/triton energy/) { spam("s03485",3.4,$&); } s/ //g; s/\!//g; # # Execute the code in "$body_stripped_custom_file". # Include site-specific customizations in this file. # do $body_stripped_custom_file; if (!$body_stripped_custom_found) { do $settings_path . $body_stripped_custom_file; } if (length($custom_path)) { do $custom_path . $body_stripped_custom_file; } if (/(hel{1,}o|)(my|)(dear|)(hey|)(do|would|)(you|)(want|like|)(to|)(mar{1,}y|)(a|)rus{1,}ianbeauty/) { spam("s03589",(int ((length($&) / 6) * 100)) / 100,$&); } if (/^(get|receive|earn)(a|your)(diploma|degre{1,}|online){1,}(today|)/) { spam("s03586",1.0,$&); } if (/tagheuer/) { spam("s03583",1.2,$&); } if (/our{1,}(ecord|file)s{1,}(how|indicate)/) { spam("s03582",0.8,$&); } if (/(ap{1,}rove.{0,20}submis{1,}ion|submis{1,}ion.{0,20}ap{1,}roved)/) { spam("s03581",0.8,$&); } if (/(urgent(ly|)|dire)ne{1,}d/) { spam("s03580",0.4,$&); } if (/financiala(id|s{1,}ist)/) { spam("s03579",1.0,$&); } if (/ac{1,}ai(super|)(ber{1,}y|diet)/) { spam("s03576",1.5,$&); } if (/^federalreservebank/) { spam("s03575",2.0,$&); } if (/^whatagreatidea/) { spam("s03570",3.0,$&); } if (/^w.{0,5}howpo{1,2}[vw][ea]rgai[ln]/) { spam("s03567",4.6,$&); } elsif (/po{1,2}[vw][ea]rgai[ln]/) { spam("s03568",1.6,$&); } if (/unitedconsortium|globalagrimed/) { spam("s03564",4.6,$&); } if (/mindpix/) { spam("s03561",4.6,$&); } if (/(t[l1icker]{2,}|is{1,}ue|s[ymbol]{2,}|otcb{0,1}).{0,4}(hxpn|hixipin|hpxn|hipixin|akva)/) { spam("s03560",4.6,$&); } elsif(/(hxpn|hixipin|hpxn|hipixin|arkanovaen)/) { spam("s03562",2.6,$&); } if (/herb[ae]l(cure|remedy|pil{1,}|tonic|product)/) { spam("s03551",0.8,$&); } if (/eqmeds(dot|)com/) { spam("s03550",3.5,$&); } if (/^.{0,50}http\/\/w{0,}googleco.{0,4}search\?hlenaqinurl/) { spam("s03548",4.5,$&); } if (/sale.{0,4}of{1,}onpfizer/) { spam("s03544",4.5,$&); } if (/andovermedicalinc|vegapromotional|vgpmpk|tick(er|)chvc|unitywireless/) { spam("s03539",4.6,$&); } if (/te{1,}n{1,}e{1,}s{1,}e{1,}land(for|)sale/) { spam("s03536",1.8,$&); } if (/luxurylook/) { spam("s03532",0.6,$&); } if (/spend(ing|)toomuch/) { spam("s03533",0.4,$&); } if (/priceyoucanaf{1,}ord/) { spam("s03534",0.8,$&); } if (/(great|super|wonderful(ly|)|amazing(ly|)|beautiful|exquisite|hand|crafted){1,}timepieces{0,1}/) { spam("s03531",1.0,$&); } if (/(great|super|wonderful|amazing|sound|good)fundamentals/) { spam("s03527",0.6,$&); } if (/yourcredit(score|rating|history|record|report|)doesno{0,1}tmat{1,}ertous/) { spam("s03526",3.6,$&); } if (/(c.{0,1}h.{0,1}i.{0,1}n.{0,1}a.{0,1}y.{0,1}o.{0,1}u.{0,1}t.{0,1}v|(t.{0,1}i.{0,1}c.{0,1}k|o.{0,1}t.{0,1}h.{0,1}e.{0,1}r.{0,1}o.{0,1}t.{0,1}c)e.{0,1}x.{0,1}m.{0,1}t)/) { spam("s03525",4.6,$&); } if (/((are|r)(yo|)u|)((f|tir)ed|sick)(up|with|of){1,}paying/) { spam("s03524",0.8,$&); } if (/(volum|pric)e(is|has|)(ris|increas)(ing|en|ed)|rise{0,1}ing{0,1}(volum|pric)e/) { spam("s03523",0.8,$&); } if (/investors{0,1}(are|)tak(es{0,1}|ing)not(ic|)e/) { spam("s03522",1.6,$&); } if (/tradelikecrazy/) { spam("s03521",1.6,$&); } if (/thr(ough|u)thero{1,}f/) { spam("s03520",0.6,$&); } if (/(record|high|huge)volume/) { spam("s03500",0.4,$&); } if (/(you|)(do|wil{1,})no{0,1}t(want|to){0,}mis{1,}(it|this)/) { spam("s03501",0.2,$&); } if (/al{1,}americanco(mpany|)/) { spam("s03502",0.6,$&); } if (/(double|triple|quadruple|explode)by(the|)endof(the|next|)week/) { spam("s03503",0.8,$&); } if (/trad(e|ing)s{0,1}atadiscount/) { spam("s03504",0.8,$&); } if (/specialsituationalert/) { spam("s03505",1.5,$&); } if (/hot(alert|list)/) { spam("s03506",0.6,$&); } if (/(ad{1,}|put|get)(this|it|one){1,}(to|on)(your|the)radar/) { spam("s03507",1.0,$&); } if (/dono{0,1}tletthis(chance|op{1,}ortunity|one)pas{1,}youbu{0,1}y/) { spam("s03508",0.8,$&); } if (/(bu[il]{1,}sh|bull)(alert|report)/) { spam("s03509",1.0,$&); } if (/thisis(a|the)sectortobein/) { spam("s03510",0.6,$&); } if (/hugevolumespike/) { spam("s03511",1.0,$&); } if (/peoplearealreadyloadingup/) { spam("s03512",0.8,$&); } if (/peoplearealreadyintheknow/) { spam("s03513",0.6,$&); } if (/(search|look)ingfora(wife|husband)/) { spam("s03514",1.2,$&); } if (/(find|seek)(ing|)(yourself|)a(wife|husband)/) { spam("s03515",0.8,$&); } if (/extremelybu[il]{1,}sh/) { spam("s03516",1.0,$&); } if (/(this|it)(one|)i{0,1}s(a|)shoein(to|double|by|the|end|of|week){0,}/) { spam("s03517",(int ((length($&) / 14) * 100)) / 100,$&); } if (/record(high|low|price)s{0,1}/) { spam("s03490",0.8,$&); } if (/naturalresources{0,1}/) { spam("s03491",0.6,$&); } if (/(media|publicity|advertising){1,}blitz/) { spam("s03492",1.2,$&); } if (/(have|enjoy|problems{0,1}|may|might|experience|a([rg]e|)|the|of|what(ever|)|regardles{1,}|your{0,1}|can|want|do|would|like|to){0,}bestsex(in|of|any|time|you[dr]{0,1}|would|like|want|life|http|age|regardles{1,}|wh(at|en)(ever|)){0,}/) { spam("s03488",(int ((length($&) / 10) * 100)) / 100,$&); } if (/($fuzzy_numbers|percent|\%){1,}ap{1,}reciation|(a|)(rise|increase|bo{1,}st|soar|rocket)(of|by|)($fuzzy_numbers|percent|\%){1,}/) { spam("s03486",1.0,$&); } if (/marketrate/) { spam("s03487",0.6,$&); } if (/(improv|enhanc)(ing|e|d|your){1,}libido/) { spam("s03482",1.0,$&); } if (/vip(p{0,1}ass{1,}|lounge|card)/) { spam("s03477",1.0,$&); } if (/clubvip(p{0,1}ass{1,}|lounge|card)/) { spam("s03478",1.0,$&); } if (/vip(web|site){1,}/) { spam("s03479",1.0,$&); } if (/^((gi(ft|ve)her(abigreasontoloveyou|whatshedream(s|t|ed)(of|for|to))|haygioithieuchobanbecungthamgia|bethebest(and|the|only|for){1,}her|hey.{0,15}bethinorbejustnot{0,1}sowide)http|hiiknowthissortofthingisconfidential|h(ey|i){1,}just(got|)back(intown|)from(las|)vegas|your{0,1}lovecanlastlonger|hiiamjustsendingthislet{1,}erhowareyou|hijohnhowareyou\?cal{1,}me|(take|feel)pleasurefrom(now|put)|didwecal{1,}itordidwecal{1,}it|enjoy(multi(ple|)|longer).{0,1}orgasms|lotsofpleasurewaitsforyou|enjoythenewestnowyoudontneedahugecar|neverseenthisiswhatyoualwaysneeded|trueloveshouldtakeal{1,}night|(andtheresultswil{1,}|orderitonlineand)impress(the|your)girl(friend|)|wewil{1,}get(you|)theresults{0,1}you(need|want)|buythisproductnowandal{1,}womenwil{1,}beyours|buyitnow.{0,1}and|whatsthefirstruleofinvesting)/) { spam("s03475",5.0,"Starts with:" . $&); } if (/get{1,}(ing{0,1}){1,}early/) { spam("s03472",0.6,$&); } if (/((long(est|)|most|intense|lasting|incredible|amazing)(and|)){1,}orgasms(of(your|her)life|)/) { spam("s03471",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(region|loc)alrepresentative/) { spam("s03461",0.6,$&); } if (/paymentproces{1,}((ing|manage(r|ment)|center|system)s{0,1}){0,}/) { spam("s03462",0.8,$&); } if (/(bil{1,}ing|)(loyalty|rewards)(program|system)/) { spam("s03463",(int ((length($&) / 20) * 100)) / 100,$&); } if (/personalinjury(claim|law(yer|)|of{1,}ice){1,}/) { spam("s03460",1.0,$&); } if (/(be(come|)|get|ful{1,}y|total{1,}y|completely|in|yourself|take|control|charge|(com{1,}|)and|bank|credit|car|of|your|life){0,}(d{1,}ebt.{0,1}free|out.{0,1}of.{0,1}debt)(right|now|instantly|immediately|overnight|at|for|no|zero|cost|expense|expenditure){0,}/) { spam("s01767",(int ((0.6 * length($&) / 8) * 100)) / 100,$&); } if (/(be(come|)|get|ful{1,}y|total{1,}y|completely|in|yourself|take|control|charge|(com{1,}|)and|of|your|life|by){0,}(destroy|fix|abolish|eliminate{0,1}|put(t{0,}ing|)anendto)(ing|)(your|(credit|charge|bank).{0,1}card|card){0,}d{0,}ebt(right|now|instantly|immediately|overnight|at|for|no|zero|cost|expense|expenditure){0,}/) { spam("s02243",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(solve|fix)(all|your{0,1}|of){0,}cashflow(need|problem)s{0,1}/) { spam("s03446",2.6,$&); } elsif (/cashflow(need|problem)s{0,1}/) { spam("s03447",1.0,$&); } if (/(drop|lose)($fuzzy_numbers){1,}(lbs|pounds)in($fuzzy_numbers){1,}($fuzzy_timeframe){1,}/) { spam("s03445",2.6,$&); } if (/(amazing|incredible|new|oil|field){1,}discovery/) { spam("s03443",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(get|yourself|completely|totally){0,}(out|free)ofdebt/) { spam("s03437",1.0,$&); } if (/(credit|charge|bank)card{1,}ebt/) { spam("s03438",1.0,$&); } if (/refi(nance|)today/) { spam("s03432",1.0,$&); } if (/g(ood|reat)inbed/) { spam("s03426",0.8,$&); } if (/(look|seek)ing(for|)love/) { spam("s03427",0.6,$&); } if (/revealing(photo|pi[cx])/) { spam("s03428",0.6,$&); } if (/takeco(m{1,}and|ntrol)ofyourfinanc(e|al)s{0,1}/) { spam("s03423",0.8,$&); } if (/makebigmoney/) { spam("s03424",0.8,$&); } if (/legitimatecertification/) { spam("s03456",1.8,$&); } if (/start(ing|a|your){1,}newcare{1,}r/) { spam("s03457",1.0,$&); } if (/care{1,}rdegre{1,}xpert/) { spam("s03458",1.6,$&); } if (/(fast|quick|easy|and){1,}educationalpro(ces{1,}|gram)/) { spam("s03459",1.2,$&); } if (/homescandals/) { spam("s03455",1.8,$&); } if (/(see|make)(your|the|)wifehappy|troubles{0,1}with(your|the|)wife/) { if (/((see|make)(your|the|)wifehappy|troubles{0,1}with(your|the|)wife).{0,}((see|make)(your|the|)wifehappy|troubles{0,1}with(your|the|)wife)/) { spam("s03442",3.8,$&); } else { spam("s03442",1.2,$&); } } if (/miraclesinbed/) { spam("s03421",1.4,$&); } if (/(see|make)(your|the|)wifehappy|troubles{0,1}with(your|the|)wife/ && /miraclesinbed/) { spam("s03422",2.4,"wifehappy" . $&); } if (/(home|car|or|and|new|house|job){0,}ofyourdreams/) { spam("s03419",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(watch|check)(out |)this(red|hot|fortune|[0-9]{1,}|company|stock|corporation|business){1,}(rise|go|gain|soar|fly|up|higher|sky|rocket|take|of{1,}){0,}/) { spam("s02886",(int ((length($&) / 18) * 100)) / 100,$&); } elsif (/this(red|hot|fortune[0-9]{0,}|company|stock|corporation|business){1,}(is|going|set|to){0,}(rise|go|gain|soar|fly|up|higher|sky|rocket|take|of{1,}){1,}/) { spam("s03444",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(red|)(hot|)fortune[0-9]{1,}(company|stock|corporation|business){0,}/) { spam("s02885",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(exclusive|adult|steamy){1,}titles{0,1}/) { spam("s03395",0.8,$&); } if (/(exclusive|adult|steamy){1,}(video|movie)s{0,1}/) { spam("s03395",0.8,$&); } if (/forwardlookingstatements{0,1}/) { spam("s03387",0.4,$&); } if (/(vegas|vages|lounge|las|exclusive|online|play|at|the|our|visit|us){1,}(casino|mosphere|rocks)/) { spam("s03379",(int ((length($&) / 15) * 100)) / 100,$&); } if (/bonus(id|number)/) { spam("s03380",0.4,$&); } if (/bestinthe(business|industry)/) { spam("s03382",0.4,$&); } if (/onthehouse/) { spam("s03383",0.4,$&); } if (/vegaslounge/) { spam("s03381",2.0,$&); } if (/wildbrushenergy/) { spam("s03362",2.2,$&); } if (/(wild|brush|energy|diversified|company|who(se|)|primary|goal|target|is|to|identif[yi](ing|es|)|locat(es{0,1}|ing)|find(ing|s|)|a(nd|n|)|develop(s|ing|)|oil|gas|reserves{0,1}){0,}((coalbed|methane)(and|)){1,}(sites{0,1}|with|in|the|state|of|wyoming|ad{1,}ition|wild|brush|energy|and|oil|gas|reserves{0,1}|continu(es{0,1}|ing)|to|evaluat(es{0,1}|ing)|clean|air|alternative|produc(es{0,1}|ing)|technolog(y|ies)|such|as|wind|power|trad(es{0,1}|ing)|us|under|symbol|wbrs|cur{1,}ent(ly|)|at){0,}/) { spam("s03361",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(ad{1,}|this|gem|to|your{0,1}|be|sure|and){0,}watchlist(and|then|watch|it|trades{0,1}|closely|as){0,}/) { spam("s03359",(int ((length($&) / 22.5) * 100)) / 100,$&); } if (/watch(how|)ittrades{0,1}/) { spam("s03360",0.8,$&); } if (/(may.{0,1}be|hope|hoping)we([wc]ould|will|be|able|to|can){1,}meet/) { spam("s03346",0.4,$&); } if (/(amazing|unbelievable|incredible|enormous)return(s|on(your|)(investment|))/) { spam("s03344",0.4,$&); } if (/globalsolution/) { spam("s03342",0.4,$&); } if (/keep(an|your)eyeonthis(one|compan|stock)|this(stock|compan(y|ie)s{0,1}){0,}isonetowatch/) { spam("s03343",0.4,$&); } if (/(giant|mas{1,}ive|incredible|amazing|unbelievable|huge|superb)(as{1,}ortment|col{1,}ection|selection)/) { spam("s03340",0.6,$&); } if (/we(a{0,1}re|in|the|run|an)(import|export)(ers{0,1}|)(and|we|are|import|export|business|trade|based|in|out|the|republic|of|south|north|dominican|china|japan|korea){0,}/) { spam("s03339",(int ((length($&) / 30) * 100)) / 100,$&); } if (/paymentagent/) { spam("s03338",0.8,$&); } if (/(today|visit|us|our|web|site|for|more|information|on|how|you|can|could|anyone|who|wants|wishes|to|now|enjoy|avail|of|this|offer){2,}own(ing|)property(at|in|this|beautiful|wonderful|amazing|country|location){3,}/) { spam("s03335",(int ((length($&) / 27) * 100)) / 100,$&); } elsif (/(today|visit|us|our|web|site|for|more|information|on|how|you|can|could|anyone|who|wants|wishes|to|now|enjoy|avail|of|this|offer){0,}own(ing|)property(at|in|this|beautiful|wonderful|amazing|country|location){0,}/) { spam("s03335",(int ((length($&) / 27) * 100)) / 100,$&); } if (/no(more|)waitingrooms{0,1}/) { spam("s03334",1.2,$&); } if (/(find|get)(the|your|)(drug|med)[sz]{0,1}/) { spam("s03330",0.4,$&); } if (/cut{1,}ing[^e]{0,1}edge/) { spam("s03324",0.4,$&); } if (/in(the|)(bed|sack)with(your|the)(wife|partner|girl|friend|hot){1,}/) { spam("s03321",1.0,$&); } if (/(are|)you(a|re){0,}experienc(e|ing)dif{1,}iculty(view(ing|)|the|this|of|content|message|e{0,1}mail|by|try|enabl(e|ing)|html|images{0,1}|[iao]n|your|browser){0,}/) { spam("s03320",(int ((length($&) / 40) * 100)) / 100,$&); } if (/stillin(the|)theatres{0,1}/) { spam("s03314",0.4,$&); } if (/you(ha|)vequalifiedfor/) { spam("s03313",0.4,$&); } if (/viewpointrewards/) { spam("s03308",1.4,$&); } if (/(extra|additional|bonus)(cash|income|bucks)/) { spam("s03307",0.2,$&); } if (/inyourlocality/) { spam("s03306",0.6,$&); } if (/paymentof{1,}ice/) { spam("s03305",0.6,$&); } if (/process(pay|judge{0,1})ments{0,1}/) { spam("s03304",0.8,$&); } if (/premature(ej[ae]culation|nightmare|problem){1,}/) { spam("s02713",1.8,$&); } if (/ej[ae]culat[eiong]{1,}/) { spam("s02714",0.4,$&); } if (/(satisf(y|ie)|please)[ds]{0,1}(with|)(your|the(ir|)|his|her)(partner|wife|girl.{0,1}friend)/) { spam("s03303",0.8,$&); } if (/economi[sz]e.{0,30}on(all|)your(med|pharm|rx)/) { spam("s03301",4.0,$&); } if (/(med[sz]|pharm(acy|s|a)|rx)economi[sz]e/) { spam("s03358",2.0,$&); } if (/acquisition/) { spam("s03292",0.2,$&); if (/an{1,}ounc(ing|e[sd]{0,1})(the|an|its)acquisition/) { spam("s03300",0.6,$&); } if (/acquisition.{0,1}strategy/) { spam("s03350",0.6,$&); } } if (/venture/) { spam("s03293",0.2,$&); if (/jointventure/) { spam("s03297",0.4,$&); } if (/investmentventure/) { spam("s03298",0.4,$&); } } if (/placeyourb(id|et)/) { spam("s03299",0.4,$&); } if (/dril{1,}ing(equipment|tool)/) { spam("s03294",0.4,$&); } if (/cur{1,}entinvestor/) { spam("s03296",0.4,$&); } if (/increas(e|ing)(s|d|in|the){0,}(price|value)/) { spam("s03295",0.4,$&); } if (/100\%natural/) { spam("s03289",0.4,$&); } if (/nosideef{1,}ects/) { spam("s03290",0.4,$&); } if (/wellknownbrands/) { spam("s03291",0.4,$&); } if (/soleproprietor/) { spam("s03283",0.8,$&); } if (/businessowner/) { spam("s03284",0.4,$&); } if (/cum(more|and|again|over|often){1,}/) { spam("s03433",1.8,$&); } if (/((increase|improve|your|desire|drive|and|the|volume|by|long(er|est|)|most|intense|multi(ple|)|enhance|of|life|again|over){0,}(sperm|sex(ual|)|orgasm(s|ic|)|cum|penis){1,}(increase|your|desire|drive|and|the|volume|by|[0-9\%]{1,}|long(er|est|)|most|intense|multiple|enhance|of|life|again|over){0,}){1,}/) { $templen = length($&); if ($templen > 8) { spam("s03282",(int ((length($&) / 24) * 100)) / 100,$&); } } if (/(mortgage|mrtg)(counsel|center|association){1,}/) { spam("s03281",(int ((length($&) / 30) * 100)) / 100,$&); } if (/(and|or|for|a|an|the|this|these|under|new|amazing|less|better|than|more|low|high|er|est|ly|super|\%){0,}(((fixed|variable|interest|rate|price|mortgage|mrtg)s{0,1}){1,}(and|or|for|a|an|the|this|these|under|new|amazing|less|better|than|more|low|high|er|est|ly|super|\%|[0-9]{1,}){0,}){2,}/) { spam("s03280",(int ((length($&) / 30) * 100)) / 100,$&); } if (/(our |)((s{0,1}pecial|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|a{0,1}cademic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}(and|an|a|for|or|from){0,}){4,}(department|of{1,}ice|)/) { spam("s01598",(int ((length($&) / 35) * 100)) / 100,$&); } elsif (/(our |)((s{0,1}pecial|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|a{0,1}cademic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}(and|an|a|for|or|from){0,}){3,}(department|of{1,}ice|)/) { spam("s01598",(int ((length($&) / 35) * 100)) / 100,$&); } elsif (/(our |)((s{0,1}pecial|genuine|authentic|universit(y|ie)|non.{0,1}ac{1,}r(edited|)|a{0,1}cademic|qualification|enrollment|transcript|college|doctorate|degree|master|bachelor|program|exam|diploma|cert(ificate|)|mba|phd)s{0,1}(and|an|a|for|or|from){0,}){2,}(department|of{1,}ice|)/) { spam("s01598",(int ((length($&) / 35) * 100)) / 100,$&); } if (/[dl]esaf{1,}aires/) { spam("s03273",0.4,$&); } if (/gouvernement/) { spam("s03274",0.4,$&); } if (/informatique/) { spam("s03275",0.4,$&); } if (/((original|only|unique|online|source|for|obtain(ing|)|get(ting|)|your|the|best|finest|high(est|)|quality|and|low(est|)price[sd]{0,1}){0,}(doc(tor|)|pharma(cy|cists{0,1}|cies)|online|recommended|(name|)brand(ed|s|)|over.{0,1}the.{0,1}counter|(non|)p(re|er).{0,1}scri(ption|b(ed{0,1}|ing))|(med(ication|)|drug)[sz]{0,1}|weight(loss|reduction|)|programs{0,1}|solutions{0,1})){2,}/) { spam("s03272",(int ((length($&) / 30) * 100)) / 100,$&); } if (/(yourchoiceoffield|fieldofyourcho(ice|osing))/) { spam("s03270",0.4,$&); } if (/(part|full)time(stud(y|ies|ent)|program){1,}/) { spam("s03271",0.4,$&); } if (/((virtually|almost)no|low).{0,1}risk/) { spam("s02196",0.4,$&); } if (/earlyinvestor/) { spam("s03258",0.8,$&); } if (/stockbroker/) { spam("s03259",0.4,$&); } if (/paying(customer|client)/) { spam("s03260",0.4,$&); } if (/on(ce|es).{0,1}in.{0,1}(a|your).{0,1}life(time.{0,1}op{1,}ortunity|)/) { spam("s00891",0.4,$&); } if (/op{1,}ortunity/) { if (/phenomenalop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/uniqueop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/ter{1,}ificop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/amazingop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/incredibleop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/unbeliev[eai]{1,}bleop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/money.{0,1}makingop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/profitop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/wonderfulop{1,}ortunity/) { spam("s00891",0.4,$&); } if (/superb{0,1}op{1,}ortunity/) { spam("s00891",0.4,$&); } } if (/sexooposto/) { spam("s03257",2.8,$&); } if (/(incredibl[ey]|super|)(low|high|large)(e{0,1}st|)(possible|imaginable|)commission/) { spam("s03256",0.8,$&); } if (/luckyday/) { spam("s03251",0.4,$&); } if (/tradedate/) { spam("s03255",0.4,$&); } if (/market(out|under|over|)perform/) { spam("s03253",0.6,$&); } if (/lovethis(stock|company)/) { spam("s03254",0.6,$&); } if (/energysector/) { spam("s03248",0.4,$&); } if (/untappedreserve/) { spam("s03249",0.6,$&); } if (/aquisitionstrategy/) { spam("s03250",0.6,$&); } if (/(watch(ing|)|expect(ing|))(for|)(a|)bigmovements{0,1}/) { spam("s03247",0.4,$&); } if (/personalrelationship/) { spam("s03241",0.3,$&); } if (/privateinvestment/) { spam("s03242",0.3,$&); } if (/businessinterest/) { spam("s03243",0.3,$&); } if (/balticregion/) { spam("s03244",0.2,$&); } if (/middleeast/) { spam("s03245",0.2,$&); } if (/latinamerica/) { spam("s03246",0.2,$&); } if (/growthpotential/) { spam("s03237",0.6,$&); } if (/eagerinvestors{0,1}/) { spam("s03238",0.6,$&); } if (/(pen{1,}y|exclusive){0,}(invest(ment|or|ing)|stocks{0,1}|trad(e|ing)|news){1,}(alert|advisory){1,}/) { spam("s03236",(int ((length($&) / 20) * 100)) / 100,$&); } if (/fastmovingstocks{0,1}/) { spam("s03234",0.8,$&); } if (/(short|long|medium|interim|term|recent|expected|expand(ed|ing)|increas(ed|ing)){1,}profits{0,1}/) { spam("s03235",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(slash|cut|reduc|eliminat)(ing|e|s){0,}(those|your|)(fee|payment|cost)s{0,1}/) { spam("s03228",0.4,$&); } if (/third.{0,1}party/) { spam("s03187",0.2,$&); } if (/an{1,}ounc(e[ds]{0,1}|ing)(an{0,1}|its|)((ongoing|corporate|(re|)structur(e|ing)|growth|revenues{0,1}|steps{0,1}|plans{0,1}|new|incredible|amazing|products{0,1}(line|))(and|)){1,}/) { spam("s03186",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(tremend|enorm)ousinterest/) { spam("s03183",0.4,$&); } if (/(exciting|tremendous|breaking|major)(news|advance)/) { spam("s03184",0.4,$&); } if (/(exciting|overwhelming|(tremend|enorm)ous)suc{1,}ess/) { spam("s03185",0.4,$&); } if (/thisis(the|our|1st|2nd|3rd|first|second|third||and|last|final){1,}attemptto(getintouchwith|contact)you(about|y{0,1}our{0,1}|super|low|mortgage|mrtg|fixed|onetime|of{1,}er|rate|approval|the(se|)|are|presentations{0,1}|ihave|for|please|reply|respond|getbackto|contact|(me|us)|asap|assoon|aspossible){0,}/) { spam("s03182",(int ((length($&) / 30) * 100)) / 100,$&); } if (/work(at|from|your|own|out|of){1,}ho(m|us)e/) { spam("s01236",2.5,$&); } if (/((work(foryourself|fromhome){1,}|(keep|make)(all|the|big|a|huge){0,}profits{0,1}|run(ning|)yourown(online|cas[il1]{1,}n[o0]|business|company){1,})(and|)){1,}/) { spam("s02732",(int ((length($&) / 25) * 100)) / 100,$&); } if (/(redeem|claim|your|free|gift|prize|card){3,}/) { spam("s03168",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(fast|easy|quick|speedy|reliable){1,}quotes{0,1}/) { spam("s03144",(int ((length($&) / 14) * 100)) / 100,$&); } if (/youa{0,1}re{0,1}indebted/) { spam("s03143",0.8,$&); } if (/(eradicate|eliminate|abolish)(.{0.30}debts{0,1}|(all|that|what){1,}youowe)/) { spam("s03138",0.8,$&); } if (/without(sp{0,1}end|pay|mail)ing(us|even|a|nother|single|one|more){1,}(dollar|dime|nickel|cent|pen{1,}y)/) { spam("s03139",0.8,$&); } if (/lendingorg[anizsto]{0,}/) { spam("s03140",0.8,$&); } if (/bankinglaws{0,1}/) { spam("s03141",0.6,$&); } if (/visit(us|our|web|site){1,}for(detailed|complete|more){0.}information/) { spam("s03142",0.6,$&); } if (/(superb{0,1}|great|cool|independent|super)rewards{0,1}/) { spam("s03135",0.8,$&); } if (/(super|great|sexy{0,1}|steamy|hot|hard|core|pounding){2,}action/) { spam("s03129",0.6,$&); } if (/pressrelease/) { spam("s03126",0.3,$&); } if (/((ha(s|ve)|)increas(es{0,1}|ing|ed)|(in|)activity){2}/) { spam("s03125",0.3,$&); } if (/(increase|improve)your((self|confidence|masculinity|manhood|manliness){1,}(and|)){1,}/) { spam("s03124",(int ((length($&) / 40) * 100)) / 100,$&); } if (/((and|meet|gain|or|these|when|where(ver|)|what|ever|your{0,1}|want){0,}(massive|enormous|(se|)x(y|ual|)chemistry|ondemand|instant(ly|)|arous(e|ing|al)|attract(ive|ing|)|excit(e|ing)|intrig(ue|ing)|seduc(e|ing|tion)|gorgeous|hot|goodlooking|attractive|young|girls|women|manhood|erection)(and|meet|gain|or|these|when|where(ver|)|what|ever|your{0,1}|want){0,}){4,}/) { spam("s03123",(int ((length($&) / 50) * 100)) / 100,$&); } if (/investment(tip|recommendation|prediction|advice|information)s{0,1}/) { spam("s03098",0.3,$&); } if (/stoc{0,1}k(tip|recommendation|prediction|advice|information)s{0,1}/) { spam("s03099",0.3,$&); } if (/(huge|massive|mega|big|giant)((pr|ad|verti[sz]|market|ing){1,}(campaign|promotion)|promotion)/) { spam("s03095",0.6,$&); } if (/megatrade[rs]{0,}/) { spam("s03092",1.4,$&); } if (/stockreport/) { spam("s03093",0.4,$&); } if (/smartmoney/) { spam("s03094",0.2,$&); } if (/(administr|educ)ationof{1,}ice/ && /(university|degree|diploma)/) { spam("s03087",1.2,"administration office+" . $&); } if (/(administr|educ)ationof{1,}ice/ && /enrol{1,}(ing|ment)/) { spam("s03097",1.2,"administration office+" . $&); } if (/((our|system|database|has|matched|you|up|with|new|beauties|who|have|just|signed|up|c{0,1}aroline|blonde|lbs|melanee|dark|hair(ed|)|brunette|tan(ned|)|please|check|them|out|live|online|now|http|surf|web|view|movie|links{0,1}|com)(\/{1,}|i{0,1}o{0,1}[0-9]{1,}c{0,1}|)){7,}/) { spam("s03083",(int ((length($&) / 30) * 100)) / 100,$&); } if (/via9ra/) { spam("s03075",2.4,$&); } if (/(wonderful|super|quick){0,}enhanc(er|ment)/) { spam("s03076",(int ((length($&) / 50) * 100)) / 100,$&); } if (/request(ed|)credentials{0,1}|credentials{0,1}(you|)request(ed|)/) { spam("s03069",1.0,$&); } if (/haltmsg/) { spam("s03068",1.0,$&); } if (/quality.{0,1}sex/) { spam("s03052",0.8,$&); } if (/(i|we|would|like|to|of{1,}er|your{0,1}|the|chance|of|own|d|s|ing|a){0,}(incredibl[ey]|powerful){1,}(new|software){0,}tool/) { spam("s03040",(int ((length($&) / 14) * 100)) / 100,$&); } if (/oprahs{0,1}favoritethings{0,1}/) { spam("s03036",1.4,$&); } if (/lock(ed|)in.{0,20}rate/) { spam("s03032",1.0,$&); } if (/gift(card|thischristmas){1,}/) { spam("s03031",0.4,$&); } if (/check(out|)(the|this)(above|following|)url/) { spam("s03030",0.4,$&); } if (/lendingpack/) { spam("s03029",1.0,$&); } if (/confirmshipment/) { spam("s03028",0.4,$&); } if (/bestreward/) { spam("s03027",0.4,$&); } if (/new(wireless|cell|phone){1,}ac{1,}ount/) { spam("s03026",0.4,$&); } if (/areyouavailable/) { spam("s03025",0.2,$&); } if (/inyourarea{0,1}code/) { spam("s03024",0.8,$&); } if (/urgent(news|information)/) { spam("s03023",0.2,$&); } if (/we(urgently|)need(you|)to(confirm|check)your(info(rmation|)|details|ac{1,}ount){1,}/) { spam("s03022",0.8,$&); } if (/superiorquality/) { spam("s03021",0.4,$&); } if (/(increas|maximi[sz]|stretch)[esing]{0,}(your|)((compan|busin)[yies]{1,}|)profits{0,1}/) { spam("s03020",0.8,$&); } if (/savebig/) { spam("s03019",0.4,$&); } if (/you(havebeen|were)(randomly|)(selected|chosen)(at|random|ly|to|receive|generate|get){0,}/) { spam("s03016",(int ((length($&) / 24) * 100)) / 100,$&); } if (/((achieve{0,1}|astound|amaze{0,1}|extraordinary|unbelieveable)(ing|and{0,1}|s){0,}){1,}results{0,1}/) { spam("s03014",(int ((length($&) / 24) * 100)) / 100,$&); } if (/magic(pill|tab(let|)|cure|remed(y|ie)|herb(al|))s{0,1}/) { spam("s03013",0.8,$&); } if (/impress(your|the|)(wom[ae]n|girl|friend|wife|chick){1,}s{0,1}/) { spam("s03012",0.8,$&); } if (/registrationoption/) { spam("s02977",0.2,$&); } if (/actualresultsmay(vary|dif{1,}er|)/) { spam("s02975",0.4,$&); } if (/new(pr|ad|vertising){0,}camp[ia]{1,}gn/) { spam("s02976",0.4,$&); } if (/earnings{0,1}[^p]{0,1}potential/) { spam("s02972",0.4,$&); } if (/inside[^i]{0,1}info(rmation|)/) { spam("s02968",0.4,$&); } if (/paydayloan/) { spam("s02964",1.0,$&); } if (/financial(analyst|partner)s{0,1}/) { spam("s02955",0.4,$&); } if (/independentanalysis/) { spam("s02956",0.4,$&); } if (/w32.{0,1}sober/) { spam("s02951",0.4,$&); } if (/(modify|alter|change{0,1})(ing|)s{0,1}y{0,1}ourlisting/) { spam("s02950",0.4,$&); } if (/strategic((link|partner|investment|busines|alliance)s{0,1}){1,}/) { spam("s02949",(int ((length($&) / 18) * 100)) / 100,$&); } if (/safe.{0,1}harbou{0,1}r/) { spam("s02948",0.4,$&); } if (/rewards{0,1}[^p]{0,1}program/) { spam("s02946",0.6,$&); } if (/([hw]as|not){1,}(been|)endorsed{0,1}(by|)/) { spam("s02947",0.4,$&); } if (/advancefinancially/) { spam("s02942",0.8,$&); } if (/careeradvance(direct|line|administration|al|of{1,}ice){0,}/) { spam("s02941",(int ((length($&) / 11) * 100)) / 100,$&); } if (/(high|fast|instant(ly|)|huge|rapid|massive)[^p]{0,1}pay(ing|out)/) { spam("s02940",0.4,$&); } if (/salary[^h]{0,1}(hike|raise|increase)|(hike|raise|increase).{0,10}salary/) { spam("s02939",0.8,$&); } if (/((d{0,1}etected|have|s{0,1}(light|mall)|e{0,1}r{1,}or|in|billing|problem|by|click(ing|)|reply(ing|)|provid(e|ing)|with|log(ging|)(in|on)|password|s{0,1}(in|)cerely|d{0,1}epartment|d{0,1}(uring|ear)|our|a(s|nd|)|result(ed|)|the|it|(in|)ternet|banking|of|we(re|)|could|not|unable|to|could|not|cur{1,}ent|(in|)formation|please|e{0,1}ither|you(r|)|use{0,1}|of|our|a{0,1}c{1,}ess|has|been|changed|updated{0,1}|limited|restrict(ed|ion|)|or|is|(in|)complete){0,}(regular(ly|)|s{0,1}cheduled{0,1}|a{0,1}c{1,}ounts{0,1}(holders{0,1}|)|maintenance|verif(y|ication)|procedures{0,1}|wells.{0,1}fargo|citibank|nationalcity|(bank|)ofamerica|atm|s{0,1}ervices{0,1})(d{0,1}etected|have|s{0,1}(light|mall)|e{0,1}r{1,}or|in|billing|problem|by|click(ing|)|reply(ing|)|provid(e|ing)|with|log(ging|)(in|on)|password|s{0,1}(in|)cerely|d{0,1}epartment|d{0,1}(uring|ear)|our|a(s|nd|)|result(ed|)|the|it|(in|)ternet|banking|of|we(re|)|could|not|unable|to|could|not|cur{1,}ent|(in|)formation|please|e{0,1}ither|you(r|)|use{0,1}|of|our|a{0,1}c{1,}ess|has|been|changed|updated{0,1}|limited|restrict(ed|ion|)|or|is|(in|)complete){0,}){3,}/) { spam("s02916",(int ((length($&) / 40) * 100)) / 100,$&); } if (/(mutual(ly|)|beneficial){1,}experiences{0,1}/) { spam("s02913",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(sex(y|iest|)|fun|intimate){1,}(single|partner|mate(rial|))s{0,1}(on|in|the|your|area|world|wide|web|ternet|line|site){0,}/) { spam("s02912",(int ((length($&) / 10) * 100)) / 100,$&); } if (/(are|you){0,}((find|locate{0,1}|search|seek|look|for)(ing|s|)){1,}(a|your|the|ideal|(fe|)male|sexual|soul|kinky|hot|single){0,}(partner|mate|ladie)s{0,1}(on|in|around|the|your|area{0,1}(code|)|world|wide|web|ternet|line){0,}/) { spam("s02911",(int ((length($&) / 16) * 100)) / 100,$&); } if (/((find|locate{0,1}|search|seek|look|for|there|are|you)(ing|s|)){0,}(((fe|)males{0,1}|sexual|soul|kinky|hot|singles{0,1}|partners{0,1}|mates{0,1}|lad(y|ies))(and|)){2,}(and|on|in|around|liv(e|ing)|the|your|area{0,1}(code|)|world|wide|web|ternet|line|http){0,}/) { spam("s03434",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(rolex|submariners{0,}|cheap|high.{0,1}qua[li]{2,}ty|brand(.{0,1}name|ed)){1,}(watch(es|)|rep[li]{1,}ca(ted{0,1}|s|)){1,}/) { spam("s02908",(int ((length($&) / 20) * 100)) / 100,$&); } if (/dat(e|ing)(web|)site/ && /youllneverguesswhathappenedtome/) { spam("s02907",2.5,$& . "...date site"); } if (/(no|any|without|all|freeof|those|avoid([sd]|ing|)|slash(e[sd]|ing|)|eliminat(e[sd]{0,1}|ing)|reduc(e[sd]{0,1}|ing)){1,}(start.{0,1}up|initial)(cost|fee|payment|expense)s{0,1}/) { spam("s02904",0.8,$&); } if (/(no|any|without|all|freeof|those|avoid([sd]|ing|)|slash(e[sd]|ing|)|eliminat(e[sd]{0,1}|ing)|reduc(e[sd]{0,1}|ing)){1,}(start.{0,1}up|initial){0,}((cost|fee|payment|expense)s{0,1}(and|)){1,}/) { spam("s03378",(int ((length($&) / 16) * 100)) / 100,$&); } if (/(no|any|without|all|freeof|those|avoid([sd]|ing|)|slash(e[sd]|ing|)|eliminat(e[sd]{0,1}|ing)|reduc(e[sd]{0,1}|ing)){1,}out.{0,1}of.{0,1}pocket(cost|fee|payment|expense)s{0,1}/) { spam("s02904",0.8,$&); } if (/pharma.{0,1}express/) { spam("s02900",3.0,$&); } if (/extraction(method|technolog|process)[yies]{0,}/) { spam("s02899",0.4,$&); } if (/(bituminous|asphalt|tar|oil|saturated|rich|from|(extract|product{0,1})(ing|ion|es|s)){3,}sands{0,1}/) { spam("s02898",(int ((length($&) / 16) * 100)) / 100,$&); } elsif (/(bituminous|asphalt|tar|oil|saturated|rich|from|(extract|product{0,1})(ing|ion|es|s)){1,}sands{0,1}/) { spam("s02898",(int ((length($&) / 16) * 100)) / 100,$&); } if (/production.{0,1}increase|(increase|improve|enhance|oil).{0,1}production/) { spam("s02897",0.4,$&); } if (/barnettshale/) { spam("s02996",1.0,$&); } if (/petroleum|natural(gas|resource)/ && /drilling|exploration/) { spam("s02997",0.6,"oil/gas/resource drilling/exploration"); } if (/oilreserves/) { spam("s02895",0.4,$&); } if (/profit.{0,1}picks{0,1}/) { spam("s02896",0.4,$&); } if (/(best|better|good|great|improve[sd]{0,1}|your){1,}sexualshape/) { spam("s02879",2.5,$&); } if (/(discre(et|te)|unmarked){1,}packag(e|ing)/) { spam("s02877",(int ((length($&) / 10) * 100)) / 100,$&); } if (/spure{0,1}mhttp.{0,50}discreetunmarkedpackag(e|ing)/) { spam("s02878",4.5,$&); } if (/meet(a|)(fun|single){1,}(m[ea]n|wom[ea]n|guy|gal|girl|chick)s{0,1}((m[ea]n|wom[ea]n|guy|gal|girl|chick|and|in|your{0,1}|local|area|right|now|it|free|is|to|join|for)s{0,1}){0,}/) { spam("s02856",(int ((length($&) / 18) * 100)) / 100,$&); } if (/((business|s{0,1}egment|market|system)s{0,1}){1,}analys(t|is)/) { spam("s02852",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(med|rx)[sz]{1,}tore/) { spam("s02847",1.0,$&); } if (/hedge.{0,1}fund/) { spam("s02845",0.4,$&); } if (/internetipo/) { spam("s02846",0.4,$&); } if (/real(ly|)young(lad(y|ie)|girl|teen|model|chick)[sz]{0,1}/) { spam("s02843",0.6,$&); } if (/dreamdate/) { spam("s02844",0.4,$&); } if (/((latest|leather|)mobile(cover|leather|case|charger|app(lication|)|cable)s{0,1}){3,}/) { spam("s02829",(int ((length($&) / 20) * 100)) / 100,$&); } elsif (/((latest|leather|)mobile(cover|leather|case|charger|app(lication|)|cable)s{0,1}){2,}/) { spam("s02829",(int ((length($&) / 25) * 100)) / 100,$&); } if (/paid(up|)member/) { spam("s02822",0.4,$&); } if (/(technical|content|high(est|)|quality|professional){0,}((writing|documentation|translation)(and|)){1,}services{0,1}(is|are|)(available){0,}/) { spam("s02819",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(girl|teen|co.{0,1}ed)[sz]gonewild/) { spam("s02818",0.8,$&); } if (/(order|from|the|direct|ly|your{0,1}|can){0,}convenienceofyour(own|home){0,}/) { spam("s02805",(int ((length($&) / 20) * 100)) / 100,$&); } if (/ship(ped|ping|your|order){0,}(direct|ly){0,}toyou(r|)(door|)/) { spam("s02804",(int ((length($&) / 18) * 100)) / 100,$&); } if (/(order|get|meet)(all|your|){0,}rx/) { spam("s02803",1.8,$&); } if (/(look|seek|search|need)(ing|)(for|a){0,}representatives{0,1}/) { spam("s02802",0.8,$&); } if (/we(wi|)llpay(your{0,1}|for|services){1,}/) { spam("s02801",0.8,$&); } if (/(ultimate|the|our|all|natural|complete(ly|)){0,}(diet|(weight|fat)[^l]{0,1}loss)(p(ill|atch)|technology|substance|supplement|solution)(available|right|now|today|that|can|works{0,1}|for|you|every|body|one|by){0,}/) { spam("s00553",(int ((length($&) / 8) * 100)) / 100,$&); } elsif (/(ultimate|the|our|all|natural|complete(ly|)){0,}(diet|(weight|fat)[^l]{0,1}loss)/) { spam("s00553",(int ((length($&) / 10) * 100)) / 100,$&); } if (/(bored|teen(age|)|young|hot|horny|nude|naked){1,}sluts{0,1}/) { spam("s02797",(int ((length($&) / 12) * 100)) / 100,$&); } if (/(you|can|profit|from|our|new|wonderful|unpar{1,}al{1,}el{1,}ed|great|fantastic|phenomenal|stateoftheart|onceinalifetime|unbelievable|amazing|prosperous|important|critical){0,}(franchise|business|op{1,}ortunity|investment|research|update|relation(s|hip){0,}){2,}/) { spam("s02796",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(dirty|wild|oral|fantastic|great)sex/) { spam("s02794",0.8,$&); } if (/qualified(web|)site/) { spam("s02789",0.6,$&); } if (/topofthemajorsearch(engine|listing){1,}s/) { spam("s02790",1.0,$&); } if (/guaranteed{0,1}(your|)(web|)(site|)top(positioning|placement)/) { spam("s02791",1.0,$&); } if (/(((increas|boost|enhanc)(e{0,1}[sd]{0,1}|ing|)|impress(ive|ing|es)|male|genital(s|ia|)|power|unlimited|prowess|man|hood|astonishing|levels|win{1,}ing|products{0,1}|g(irl|uy)s{0,1})(everything|areal|to|your{0,1}|[cw]ould|ever|need|the|and|size|of|with|best|every|for){0,}){3,}/) { spam("s02788",(int ((length($&) / 35) * 100)) / 100,$&); } if (/growndramatically|(dramatic|overwhelming|explosive|unbeliev[ea]{1,}ble|amazing)(growth|pick|stock|gains){1,}/) { spam("s02784",0.4,$&); } if (/scientificallyproven(to|work|on|in|all){0,}/) { spam("s02781",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(do(nt|)|you|wish|want|could|to){0,}((allure{0,1}|attract|meet|entice{0,1}|become{0,1})(ing|s|)){1,}((al(l|ot)|the|most|many|more|meet|and){0,}(beautiful|attract(ive|)|gorgeous|sex{1,}(y|ual(ly|))|uring|horny|naughty|wom[ae]n){1,}){3,}/) { spam("s02780",(int ((length($&) / 25) * 100)) / 100,$&); } elsif (/(do(nt|)|you|wish|want|could|to){0,}((allure{0,1}|attract|meet|entice{0,1}|become{0,1})(ing|s|)){1,}((al(l|ot)|the|most|many|more|meet|and){0,}(beautiful|attract(ive|)|gorgeous|sex{1,}(y|ual(ly|))|uring|horny|naughty|wom[ae]n){1,}){2,}/) { spam("s02780",(int ((length($&) / 25) * 100)) / 100,$&); } if (/((market|stock|trader|insider|analyst|th(e|is|se)|is|are|y{0,1}our|oil|hot)s{0,1}){0,}pickofthe(week|day|month)/) { spam("s02777",(int ((length($&) / 20) * 100)) / 100,$&); } if (!$body_stripped_test) { if (/((we{0,}ks{0,1}|months{0,1}|years{0,1}|last|volumes{0,1}|highs{0,1}|lows{0,1}|days{0,1}){0,}(trad(es{0,1}|ing)(at|)|(cur{1,}ent|latest|)prices{0,1}|estimate{0,1}(d|ing|s|)(a|)|targets{0,1}|proj(ect(ed|ions{0,1}|s)|)|(long|short)term|(strong|buy|sell|purchase|today|tomor{1,}ow|(expect|recommend)(ed|ations{0,1})){2,})(we{0,}ks{0,1}|months{0,1}|years{0,1}|highs{0,1}|lows{0,1}|last|volumes{0,1}|days{0,1}|profit(s|)(of|)|[\$0-9oO\%]{1,}(to[\$0-9oO\%]{0,}|)){0,}){3,}/) { spam("s02778",(int ((length($&) / 35) * 100)) / 100,$&); } elsif (/((we{0,}ks{0,1}|months{0,1}|years{0,1}|last|volumes{0,1}|highs{0,1}|lows{0,1}|days{0,1}){0,}(trad(es{0,1}|ing)(at|)|(cur{1,}ent|latest|)prices{0,1}|estimate{0,1}(d|ing|s|)(a|)|targets{0,1}|proj(ect(ed|ions{0,1}|s)|)|(long|short)term|(strong|buy|sell|purchase|today|tomor{1,}ow|(expect|recommend)(ed|ations{0,1})){2,})(we{0,}ks{0,1}|months{0,1}|years{0,1}|highs{0,1}|lows{0,1}|last|volumes{0,1}|days{0,1}|profit(s|)(of|)|[\$0-9oO\%]{1,}(to[\$0-9oO\%]{0,}|)){0,}){2,}/) { spam("s02778",(int ((length($&) / 35) * 100)) / 100,$&); } } if (/((estimated|expect(ation|ed)|recommend(ation|ed)|today|tomor{1,}ow|last|cur{1,}ent|get{1,}(ing|)inearly|onthisone|a{0,1}massiveprcampaign|(short|medium|long)term|target|price|trad(e|ing)|profit|volume|we{0,}k|month|year|day|high|low)(s|ly|to|its|is|at|of|[\$0-9\%]{1,}){0,}){5,}/) { spam("s02798",(int ((length($&) / 35) * 100)) / 100,$&); } if (/(week|month|year|day)(ly|)target/) { spam("s03174",0.4,$&); } if (/(price|stock|company|watch){1,}((th|)is|set|going|about|ready|ripe|to|for|make|a|big|massive|huge|will|it){1,}(jump|gain|explode|increase|soar)/) { spam("s03175",(int ((length($&) / 40) * 100)) / 100,$&); } if (/homebusiness/) { spam("s03176",0.4,$&); } if (/(pick|set|choose)yourown((work|)(ing|)hours|workload|(work|)(ing|)schedule)/) { spam("s03177",0.4,$&); } if (/with(no(ne|)|of|out|any|all|the|less|usual){1,}hype/) { spam("s03178",0.4,$&); } if (/(play|enjoy|ing|all|of|your){0,}((favou{0,1}rite|games|poker|texas|(five|seven|5|7|)card|stud|hold.{0,1}em|blackjack|slots|roulette)(such|as|including){0,}){2,}/) { spam("s03180",(int ((length($&) / 35) * 100)) / 100,$&); } if (/hi(gh|)rollers{0,1}/) { spam("s03179",0.6,$&); } if (/positive(test|)results{0,1}/) { spam("s02799",0.4,$&); } if (/bestkeptsecret/) { spam("s03181",0.4,$&); } if (/teen.{0,1}portal/) { spam("s02775",0.8,$&); } if (/(love|like|want|need)togetlaid/) { spam("s02773",1.0,$&); } if (/fuck.{0,1}bud{1,}y/) { spam("s02774",1.0,$&); } if (/(serious|long|term){1,}relationships{0,1}/) { spam("s02774",(int ((length($&) / 25) * 100)) / 100,$&); } if (/manage(s|all|of|your){0,}adverti[sz]ing/) { spam("s02772",0.4,$&); } if (/sleek(er|est|)design/) { spam("s02768",0.4,$&); } if (/mix((of|and|high(est)|the){0,}(performance|style|quality)){1,}/) { spam("s02769",0.4,$&); } if (/for(those|people|shoppers|cutsomers){1,}who(demand|need|require|and){1,}(only|)thebest/) { spam("s02770",0.6,$&); } if (/without((sacrific|compromis)ing(or|)){1,}(on|)((quality|features|price)(or|)){1,}/) { spam("s02771",0.4,$&); } if (/for[mu]{2}(la|)forsuc{1,}es{1,}|suc{1,}es{1,}(ful|)for[mu]{2}la/) { spam("s02767",0.4,$&); } if (/((loss|slash|lose|body)(the|in|)){1,}lbs/) { spam("s02766",0.8,$&); } if (/((bad|poor|sexual|(fe|)male|sleeping|deep|(in|)ef{1,}ective|extensive|lackof|unhealthy){1,}(performance|(disorder|cure|treatment)s{0,1}|pain|stress|tension|energy|cholester(in|ol)){1,}(and|)){2,}/) { spam("s02733",(int ((length($&) / 20) * 100)) / 100,$&); } if (/((nasty|in{1,}ocent|juicy|spicy|live|hardcore|swingers{0,1}){1,}((teen(ager{0,1}|)|h[ou]n{1,}(y|ey|ie)|female|g(ir|a)l|web|s{0,1}ite|dat(e|ing))s{0,1}){1,}){1,}/) { spam("s02718",(int ((length($&) / 13) * 100)) / 100,$&); } if (/((great|good|looking{0,1}|fora){2,}((teen(ager{0,1}|)|h[ou]n{1,}(y|ey|ie)|female|g{0,1}(ir|a)l|web|s{0,1}ite|dat(e|ing))s{0,1}){1,}){1,}/) { spam("s02905",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(live|action|online){1,}tournaments{0,1}/) { spam("s02664",0.6,$&); } if (/[o0]n[li1]{1,}ne{1,}cas[il1]{1,}n[o0]/) { $tmp = $&; if (!($tmp eq "onlinecasino")) { spam("s02664",2.8,$tmp); } else { spam("s02664",1.6,$tmp); } } if (/[li1]{1,}nternet{1,}cas[il1]{1,}n[o0]/) { $tmp = $&; if (!($tmp eq "internetcasino")) { spam("s02664",2.8,$tmp); } else { spam("s02664",1.6,$tmp); } } if (/(improve|test)(your|skills{0,1}|or|test|and|playing|ability){2,}/) { spam("s02663",(int ((length($&) / 20) * 100)) / 100,$&); } if (/(great|superb|fantastic|amazing|excellent|techniques{0,1}|for|sex|dating){2,}/) { spam("s02607",0.6,$&); } if (/(great|superb|fantastic|amazing|excellent)product/) { spam("s02609",0.6,$&); } if (/mak(es{0,1}|ing)love/) { spam("s02608",0.4,$&); } if (/porn.{0,1}star/) { spam("s02606",0.4,$&); } if (/(visit|click)(on|)th(e|is)(following|)link(below|)/) { spam("s02599",0.8,$&); } if (/(tracking|confirmation).{0,1}number/) { spam("s02597",0.8,$&); } if (/home.{0,1}(loan|position)/) { spam("s02188",0.6,$&); } if (/trenton(nj|)home/) { spam("s02598",0.8,$&); } if (/approval.{0,1}system/) { spam("s02584",0.8,$&); } if (/speed.{0,10}yourdial.{0,1}up.{0,1}con{1,}ection/) { spam("s02583",3.5,$&); } if (/sexualperformance/) { spam("s02579",1.6,$&); } if (/possibl[ey](contains|)spam/) { spam("s02558",0.8,$&); } if (/c(opy|ut)a{0,1}nd{0,1}paste.{0,50}ad{1,}ress.{0,80}browser/) { spam("s02469",1.2,$&); } if (/rep[li]{1,}cas{0,1}.{0,1}ba{1,}z{1,}a{1,}r/) { spam("s02468",4.5,$&); } if (/vastselect(ion|)/) { spam("s02456",0.4,$&); } if (/(online|internet|web).{0,1}(med|refill|p(re.{0,1}|er)scription)[sz]{0,1}/) { spam("s02254",1.0,$&); } if (/(on.{0,1}line|internet|web|live).{0,1}dating/) { spam("s02817",0.8,$&); } if (/sleepingdisorder/) { spam("s02424",0.4,$&); } if (/slash(ed|)(our|the|)prices{0,1}/) { spam("s02423",0.4,$&); } if (/ef{1,}ective(cure|treatment)s{0,1}/) { spam("s02417",0.4,$&); } if (/convenient(service|localtion|processing)/) { spam("s02418",0.4,$&); } if (/quickprocessing/) { spam("s02419",0.4,$&); } if (/(reliable|safe|easy){1,}distribution/) { spam("s02420",0.4,$&); } if (/reliablehandling/) { spam("s02421",0.4,$&); } if (/(super|exceptional|value|first.{0,1}rate|top){0,}(quality|brand.{0,1}name|and|generic){1,}(med(ical|icine|)|pill|drug|tablet)[sz]{0,1}/) { spam("s02416",0.8,$&); } if (/(super|exceptional|first.{0,1}rate|increase(d|in(the|)))(value|quality)/) { spam("s02415",0.4,$&); } if (/((enlarge|increase|enhance|grow|bigger|ad{1,}s{0,1}(tothe|)(size|girth|width)).{0,50}(pen[i1]s|man.{0,1}hood|erection|dildo)|(pen[i1]s|man.{0,1}hood|erection|didlo).{0,50}(enlarge|increase|enhance|grow|bigger|ad{1,}s{0,1} (to the |)(size|girth|width)))/) { spam("s00587",3.0,$&); } if (/((enlarge|increase|enhance|hard|grow|bigger|ad{1,}s{0,1}(tothe|)(size|girth|width))dick|dick(enlarge|increase|enhance|hard|grow|bigger|ad{1,}s{0,1}(tothe|)(size|girth|width)))/) { spam("s01864",1.6,$&); } if (/(increase|improve|enhance)(s|d|)(your|the|life ){0,1}quality(of(your|)life|)/) { spam("s02108",0.4,$&); } if (/(apple|brother|canon|compaq|hp|lexmark|epson|fuji|nec|andmany(others|more)|printer|toner|cartridges{0,1}){3,}/) { spam("s02393",(int ((length($&) / 20) * 100)) / 100,$&); } if (/notforthefaintofheart/) { spam("s02391",1.2,$&); } if (/(most|)(ultimate|extreme)moviechan{1,}els{0,1}(you|)(wi|)(ll|)(tobe|)(f(i|ou)nd|)([ao]nline|)/) { spam("s02392",(int ((length($&) / 12) * 100)) / 100,$&); } if (/lifelong($fuzzy_timeframe|)(income|earnings|salary)/) { spam("s02366",0.8,$&); } if (/wea{0,1}re(dedicat|committ)edto/) { spam("s02364",0.8,$&); } if (/nopill[sz]{0,1}ne(cessary|eded)/) { spam("s02362",0.8,$&); } if (/((eliminat|reduc|decreas|restor|increas|improv|shed|los)e{0,1}(ing|s|)(th(os|)e|your|)(few|coupleof|)(extra|)((weight|loss|fat|hair|wrinkles{0,1}|s{0,1}ex|mood|energy|s{0,1}tress|muchmore|levels{0,1}(of|)|hormone|natural|muscle|mass|p(ou|)(n|)ds{0,1}|cellulite|s.{0,1}kin.{0,1}(tone|texture))(and|your|)){1,}){2,}/) { spam("s02361",(int ((length($&) / 20) * 100)) / 100,$&); } if (/teen.{0,1}vid(eo|)[sz]{0,1}/) { spam("s02357",0.8,$&); } if (/teen.{0,1}(having|)sex/) { spam("s02358",1.2,$&); } if (/(([kc]um(ming|)|org[iey]{1,}|wild|group|deep|fuck(ing|)|teen|petite|babe|action|(s|)punk|taboo|incest|puss[iey]{1,}|(s|)uck(ing|)|hot(test|)|voyeur|le[sz]b(ian|o)|anal|inter{1,}acial|asian|amateur|(s|)ex[ualy]{0,}|(s|)lut|explicit|x{2,}|live|celebrit[iey]{1,}|lick|dorm|webcam|(s|)emen|whore|asse{0,1}|((s|)chool|).{0,1}g[liu]r[il]|(s|)trip(per|)|horn[yi]|erotic|oral|penis|wank|tit|nipple|hard.{0,1}core|blow.{0,1}job|nast[y|i]|porn|jizz|penetrat(e|ion)|twat)(nes|)s{0,1}){3,}/) { spam("s02356",(int ((length($&) / 20) * 100)) / 100,$&); } if (/drugz/) { spam("s02346",0.8,$&); } if (/(online|internet|web|mega|www|li[cs]en[cs]ed){1,}[^p^c]{0,1}(pharm|chemist)/) { spam("s02176",1.2,$&); } if (/adult(movie|)chan{1,}el/) { spam("s00352",1.4,$&); } if (/adults{0,1}only/) { spam("s00353",1.0,$&); } if (/(instant(ly|)|download|hund[re]{0,}ds|of|thousands|tens|full|length){0,}(adult|teen)((web|)site|pi[cx](ture|)|photo|movie|film|vid(eo|)|dvd|fli(ck|x)|star|image|rental)[sz]{0,1}(available|for|you|to|download|now|on.{0,1}demand|instant(ly|)){0,}/) { spam("s00354",(int ((length($&) / 7) * 100)) / 100,$&); } if (/(ad{1,}|gain|increase|grow|enlarge).{0,1}((from|by|up|to|one|two|three|four|five|six|seven|eight|nine|ten|eleven|twelve|or|more|several|many).{0,1}){0,}inches/) { spam("s01769",0.8,$&); } if (/utilizando/) { spam("s01198",0.8,$&); } if (/vacaciones/) { spam("s01199",1.0,$&); } if (/valium/) { spam("s01200",0.4,$&); } if (/vault/) { spam("s01201",0.2,$&); } if (/viacreme/) { spam("s01204",2.8,$&); } if (/generic.{0,1}(viagra|levitra|cialis|regalis|sil{0,1}den[aei]fil|med(ication|s))/) { spam("s01205",2.0,$&); } if (/super.{0,1}(viagra|levitra|cialis|regalis)/) { spam("s02077",2.0,$&); } if (/v[li]agra/) { spam("s01206",2.2,$&); } if (/levitra/) { spam("s01206",2.2,$&); } if (/sil{0,1}den[aei]fil/) { spam("s01206",2.2,$&); } if (/video.{0,1}(web.{0,1}|)(service|site|chat|talk|galler(y|ie))s{0,1}/) { spam("s01207",0.8,$&); } if (/(video|movie|teen|ware|mp3)z/) { spam("s01208",0.100,$&); } if (/video\s{0,1}clip/) { spam("s01209",0.5,$&); } if (/visa|mastercard/) { spam("s01210",0.4,$&); } if (/low(er|est|)rate/) { spam("s02703",0.4,$&); } if (/g[eo]tlaid/) { spam("s02705",0.4,$&); } if (/virgin(teen|g[iu]{0,1}rl|z){0,}/) { spam("s02705",1.0,$&); } } # # Tests on a lower-case version of a concatenation of the first few lines of each attachment. # sub attach_tests { local $_ = $attach_test_text; $done_attach_tests = 1; # study if (/details\.pif/) { spam("s01285",4.0,"Attachment mentions " . $&); } if (/photo\.scr|photo and article\.exe/) { spam("s01285",3.5,"Attachment mentions " . $&); } if (/\.exe/) { spam("s01884",1.5,"Attachment mentions " . $& . " file"); } elsif (/\.($exe_file_types_no_com)/) { spam("s01286",2.0,"Attachment mentions " . $& . " file"); } if (($attach_extension eq "gif") && ($spam_desc =~ /s03079/)) { spam("s03080",4.0,"original message with .gif attachment"); } if ($attach_extension eq "b64") { spam("s03062",0.4,".b64 attachment"); } if ($attach_extension eq "bhx") { spam("s03062",0.4,".bhx attachment"); } if ($attach_extension eq "hqx") { spam("s03062",0.2,".hqx attachment"); } if ($attach_extension eq "uu") { spam("s03062",0.6,".uu attachment"); } if ($attach_extension eq "uue") { spam("s03062",0.6,".uue attachment"); } if ($attach_extension eq "mim") { spam("s03062",0.4,".mim attachment"); } if (($attach_extension eq "zip") or ($attach_extension eq "rar") or ($attach_extension eq "tgz") or ($attach_extension eq "gz") or ($attach_extension eq "bhx") or ($attach_extension eq "hqx") or ($attach_extension eq "uu") or ($attach_extension eq "uue")) { if (/(encrypted|secure|protected|extended).{0,4}m(ail|essage).{0,1}file/i) { spam("s01678",1.0,".zip attachment mentions " . $&); } if (/script.{0,10}language.{0,4}vbs/i) { spam("s01678",1.0,".zip attachment mentions " . $&); } if (/replace.{0,2}strreverse/i) { spam("s01678",1.0,".zip attachment mentions " . $&); } if (/document\.($exe_file_types)/) { spam("s01677",3.0,".zip attachment contains " . $& . " file"); } if (/\..{3}[ _\xa0]{1,}\.($exe_file_types)/) { spam("s01678",4.5,".zip attachment has hidden exe: " . $&); } if (/\ {6,}\.($exe_file_types)/) { spam("s01998",(int ((1.0 * length($&) / 10) * 100)) / 100,".zip attachment has exe preceded by lots of spaces: " . $&); } } elsif (/(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|html{0,1}|doc|$exe_file_types)\ {6,}\.($exe_file_types)/) { spam("s01998",(int ((1.0 * length($&) / 10) * 100)) / 100,$1 . " filename has exe preceded by lots of spaces: " . $&); } if (/\.(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|html{0,1}|doc|te{0,1}xt|jpe{0,1}g|jif|gif|png|bmp|pdf)[ _\xa0]{0,}\.($exe_file_types)/) { spam("s01678",4.5,"attachment has hidden exe: " . $&); } if ($attach_extension eq "exe" and /beagle/) { spam("s01642",4.5,".exe attachment contains " . $& . " signature"); } if (/html/i && /vbscript/i && /szbinary/i) { spam("s01648",4.0,"Attachment has vbscript szbinary"); } if ($opt_d) { $attach_test_text_print = $attach_test_text; $attach_test_hex = ""; $i = length($attach_test_text_print); if (!($i % 16)) { $attach_test_hex = " \"" . substr($attach_test_text_print, $i - 16) . "\""; } else { $attach_test_hex = " \"" . substr($attach_test_text_print, $i - ($i % 16)) . "\""; } $attach_test_hex =~ s/[\177-\377]/\./g; $attach_test_hex =~ s/[\000-\037]/\./g; while ($i) { $c = chop($attach_test_text_print); $attach_test_hex = sprintf("%2.2x ", ord($c)) . $attach_test_hex; $i--; if (!($i % 16)) { $attach_test_hex = "\n" . $attach_test_hex; if ($i) { $asc = " \"" . substr($attach_test_text_print, $i - 16, 16) . "\""; $asc =~ s/[\177-\377]/\./g; $asc =~ s/[\000-\037]/\./g; $attach_test_hex = $asc . $attach_test_hex; } } } $opt_d and print "\n---------------------------------------------------\n" . "Attachment: (\"$attach_extension\" extension):\n" . $attach_test_hex . "\n---------------------------------------------------\n"; } if (($attach_extension eq "zip") or ($attach_extension eq "rar") or ($attach_extension eq "tgz") or ($attach_extension eq "gz") or ($attach_extension eq "bhx") or ($attach_extension eq "hqx") or ($attach_extension eq "uu") or ($attach_extension eq "uue")) { $tmp = $&; s/^.*?(this is a multi\-part message in mime format\.{0,1}){1,}//g; if (/pk\003\004\000\001\000\000\000/) { spam("s01679",4.5,"." . $tmp ." attachment contains bad pkzip signature"); } } else { s/^.*?(this is a multi\-part message in mime format\.{0,1}){1,}//g; if (/^(pk\003\004|mz)/) { spam("s02059",3.0,"." . $attach_extension ." attachment appears to contain a zipped file"); $attach_extension = "zip"; if (/document\.($exe_file_types)/) { spam("s01677",3.0,".zip attachment contains " . $& . " file"); } if (/\..{3}[ _]{1,}\.($exe_file_types)/) { spam("s01678",4.5,".zip attachment has hidden exe: " . $&); } if (/\ {6,}\.($exe_file_types)/) { spam("s01998",(int ((1.0 * length($&) / 10) * 100)) / 100,".zip attachment has exe preceded by lots of spaces: " . $&); } } } $tmp_length = length; s/[\177-\377]//g; s/[\000-\037]//g; $opt_d and print "\n---------------------------------------------------\n" . "Attachment text:\n" . $_ . "\n---------------------------------------------------\n"; if (!length($attach_extension) or $attach_extension =~ /(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|$exe_file_types)/) { $tmp = "." . $&; if (!length($attach_extension)) { $tmp = ""; } if (/^pk/ && ($tmp_length < 50)) { spam("s02085",2.5,$tmp ." attachment appears to contain a partial pkzip file of length " . $tmp_length); } elsif ($tmp_length < 20) { spam("s02085",(20 - $tmp_length) * 0.225,$tmp ." attachment appears to contain a truncated file of length " . $tmp_length); } if (/^pk.{0,}\!l\!(this |windows ){1,}program( cannot be run in dos mode| must be run under win32|)/) { spam("s02085",0.8,$tmp ." attachment contains a pkzipped windows executable"); } if (/^pk.*\.($exe_file_types)m[z\?](kernel32\.dll|)(p{0,1}(el|)\@|pel)/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00001"); } elsif (/(mz([\@\?p]{0,}|.{0,1}\@)|^pk.{0,})\`{0,}\!l\!(this |windows ){1,}program( cannot be run in dos mode| must be run under win32|)\.{0,1}[\$\@](.{0,50}rich.{0,30}pel|.{0,2}pel)/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00002"); } elsif (/^pk.{0,50}mz(\@.{0,30}|.{0,50}\@)pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00003"); } elsif (/^mz(\@.{0,30}|.{0,50}\@|kernel32\.dll)pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00004"); } elsif (/mz\${0,1}\@.{0,}rich.{0,}compressed.{0,}pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00005"); } elsif (/^mzpel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00006"); } elsif (/\.($exe_file_types)m[z\?]\@\!l\!this/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00007"); } elsif (/^(pk|mz).*(\$p.{0,1}|pelp)(l[\`p].*upx0\`{0,1}upx1|\`p.*upx[01])/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00008"); } elsif (/mz\@\`{0,1}\!l\!(this |windows ){1,}program( cannot be run in dos mode| must be run under win32|)\.{0,1}\$hhhhhhhdhh_hhrichhpel2\@ \@upx0/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00009"); } elsif (/mzpelgif/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00010"); } elsif (/mz[^\@]{0,4}\@.{0,100}rich.{0,30}pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00011"); } elsif (/mz.{0,}pel.{0,}upx[01]/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00012"); } elsif (/mz\@.{0,}rich.{0,}pel.{0,}upx0/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00013"); } elsif (/mz\?{0,1}\@\`\!l\!(this |windows ){1,}program( cannot be run in dos mode| must be run under win32|)\.{0,1}\$pelr..\@0.khmttaptoa/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00014"); } elsif (/mz\@.{0,}pel.{0,}\.text.{0,}\.reloc/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00015"); } elsif (/mz\@pel(p\`{1,2}pj0|sjx)/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00016"); } elsif (/pk.{0,}mz\@.{0,}rich.{0,}pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00017"); } elsif (/^mz\@.{0,}upx[01]/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00018"); } elsif (/^pkd1tkc\).{0,}tb\$\'\$3\$\.\!\"hk\$8xxxqbbj\.wf\~\`8h\"h\.\(af\;ym\}c\?o\,i8z\]5\!\[o\/ rts\#7/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00019"); } elsif (/mz.{0,1}\@\!l\!.*\$pel/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00020"); } elsif (/^pk.{0,10} {50,}$/) { spam("s01679",4.5,$tmp ." attachment contains empty pkzip virus signature 00021"); } elsif (/mz\@\`{0,1}\!l\!this program cannot be run.{0,30}compressed by petite/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00022"); } elsif (/^pk.{0,20}(update-kb[0-9]{1,}-x86\.exe)/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00023 - pkzipped file named $1"); } elsif (/^pk.{0,4}\@photo\/photo\.bmp/) { spam("s01679",4.5,$tmp ." attachment contains virus signature 00024 - pkzipped file containing photo/photo.bmp"); } if (/^pk.{0,}(\.exe)/) { spam("s01773",2.5,$tmp ." attachment appears to contain a pkzipped " . $1 . " file"); } elsif (/^pk.{0,}\.($exe_file_types_no_com)/) { spam("s01774",3.5,$tmp ." attachment appears to contain a pkzipped ." . $1 . " file"); } if (/^rar\!.{0,}(\.exe)/) { spam("s01773",2.5,$tmp ." attachment appears to contain a RAR compressed " . $1 . " file"); } elsif (/^rar\!.{0,}\.($exe_file_types_no_com)/) { spam("s01774",3.5,$tmp ." attachment appears to contain a RAR compressed ." . $1 . " file"); } if (/^pk.{0,}\.(txt|text|zip|doc|jpg|jpeg|htm|html|gif|rtf)(\s{0,}\.)($exe_file_types)/) { spam("s01883",3.0, "Suspicious pkzipped extension: \." . $1 .$2 .$3); } if (/etrust antivirus scan/) { spam("s03386",2.5,$&); } } if ($attach_extension eq "vbs") { if (/dim filesys, filetxt, getname, path, textfile, itextfile = \".{0,}?\.($exe_file_types)\"/) { spam("s01849",4.5,".vbs attachment contains virus signature"); } } if ($attach_extension eq "hta") { if (/script\s{0,1}language\s{0,1}\=\s{0,}\".{0,1}vbscript\".{0,1}.{0,}createobject.{0,10}scripting\.filesystemobject/) { spam("s01849",4.5,".hta attachment contains virus signature"); } } if (/^file .{0,} deleted by panda antivirus$/) { spam("s01750",4.5,$&); } if (/attachment .{0,30} contained (a |)virus(es|)/) { spam("s01820",4.0,$&); } if (/replaced with this text file/) { spam("s01821",4.0,$&); } } # # Tests that need to be done line-by-line on the decoded text # $body_has_caps = 0; $body_has_form = 0; $body_has_long_line= 0; $body_has_gappy_line= 0; $body_has_lots_of_qp= 0; sub body_line_tests { my $line = shift(@_); if ($line =~ /(illegal|invalid) (attachment|file type).{1,}?($exe_file_types_no_com)/i) { spam("s01833",4.0,$&); } if (!$body_has_caps && ($line =~ /^[0-9\s\\\/\"\'\,\.\-\!\r\n]{0,}[A-Z][0-9A-Z\s\\\/\"\'\,\.\-\!\r\n]{14,}$/)) { $body_has_caps = spam("s01287",0.4,"CAPS: " . $&); } if (!$body_has_form && ($line =~ /[^<][a-za-z][a-za-z]+.{1,15}?\s+_{30,}/)) { $body_has_form = spam("s01288",3.135,$&); } if (!$body_has_long_line && (length($line) > 199)) { $body_has_long_line = 1; if ($hdr_from !~ /(hotmail|msn|yahoo)\.com/) { spam("s01289",0.6,"Line > 199 chars"); } } if (!$body_has_gappy_line && ($line =~ /([a-z][-_\.\,\:\;\'\~]{1,3}){5}/i)) { $body_has_gappy_line = spam("s01290",0.672,$&); } } # # Extracts the "raw" address from a mail address possibly of the form: "Full Name" # sub addr_get { local $_ = shift(@_); local $addr = ""; if (/([^\"]*){0,1}\"([^\"]{1,})\"(\s*){0,1}<([^>]{1,})>(.*){0,1}/) { $addr = $4; } elsif (/([^\<]*){0,1}<([^>]{1,})>(.*){0,1}/) { $addr = $2; } elsif (/([^,^;]*)[,; ]{1,}(.*){0,1}/) { $addr = $1; } else { $addr = $_; } if ($addr =~ /^\.{1,}(.*?)$/) { $addr = $1; } if ($addr =~ /^(.*?)\.{1,}$/) { $addr = $1; } return $addr; } # # Removes special chars from a raw email address # sub addr_sanitize { my $addr = shift(@_); $addr =~ s/[\|\[\]\(\)\/\\\?\*\+]//g; $addr =~ s/[\x80-\xFF]/ /g; if ($addr =~ /^\.{1,}(.*?)$/) { $addr = $1; } if ($addr =~ /^(.*?)\.{1,}$/) { $addr = $1; } return $addr; } # # Tests on the main header section # sub hdr_main_tests { local $hdr_custom_found = 0; $done_hdr_main_tests = 1; # # Execute the code in "$hdr_custom_file". # Include site-specific customizations in this file. # do $hdr_custom_file; if (!$hdr_custom_found) { do $settings_path . $hdr_custom_file; } if (length($custom_path)) { do $custom_path . $hdr_custom_file; } if ($hdr_recv_from_internal and (!$hdr_no_to) and (($hdr_subject =~ /^Unsolicited Mail$/i) or ($hdr_to =~ /^abuse\@/i))) { spam("s02658", $spam_score_internal_abuse_report, "Internal mail abuse report: " . $&); } if ($hdr_main =~ /(broadfax|cematics|\.ms83|(great|big|super)-{0,1}(daily|net|online){0,1}-{0,1}(savings|offers)|theoffers|youcansave|freegasdaily|dont.miss.this.deal|emailoffer.{0,1}|virtualoffer.{0,1}|emailbargain.{0,1}|\@smok(ing|er.{0,1}))\.(co|net|org)/) { spam("s01291",4.8,"Bad site in header: " . $&); } if ($hdr_main =~ /\nmessage-id: ([^\n]*).*\nreceived: / && $1 !~ /yahoo/ && $hdr_main !~ /from mail pickup service by hotmail\.com/) { spam("s01292",1.785,"Message ID added by relay"); } if ($hdr_main =~ /\nsubject:.*?\nreceived:(.*?)(\n|$)/) { my $recv_line = $1; if ($recv_line !~ /excite.*via http/) { spam("s01293",0.5,"Received: following Subject:"); } } if ($hdr_have_recv_from) { if ($hdr_recv_from eq "unknown") { spam("s01295",3.0,"Received: from unknown"); $hdr_recv_unknown = 1; } } elsif ($hdr_recv =~ /from unknown/) { spam("s01296",1.0,"Received: includes an unknown source"); } if ($hdr_recv =~ /helo (192\.168|10)\.[0-9\.]{0,12}/) { spam("s01297",2.0,"Received: internal HELO: " . $&); } if (length($hdr_helo) and length($mail_domain) and ($hdr_helo =~ /$mail_domain/i)) { spam("s01741",4.5,"Received: HELO using our domain: " . $hdr_helo); } if ($hdr_no_from) { spam("s01298",4.8,"From: missing"); } else { if ((!$hdr_no_to) && ($hdr_from eq $hdr_to)) { spam("s01299",1.2,"From and To the same: " . $&); } if ($hdr_from =~ /^["\s]*\?\s*$/) { spam("s01300",0.5,"From: no real name"); } if ($hdr_from =~ /\d(.*?)\d\d\@/) { spam("s01301",0.8,"From: ends in numbers with preceding number"); } if ($hdr_from =~ /\d\d\@/) { spam("s01302",0.4, "From: ends in numbers"); } if ($hdr_from =~ /\d+[a-z]+\d+\S*@/) { spam("s01303",0.8,"From: mixed numbers/letters"); } if ($hdr_from =~ /\<\d.*?@/) { spam("s01304",0.4,"From: begins with numbers"); } if ($hdr_from =~ /(^\@|<\@| \@[^<]*$|<>)/) { spam("s01305",0.5,"From: no local-part before @"); } if ($hdr_from =~ /\@([0-9]{1,3}\.){3}[0-9]{1,3}/) { spam("s01306",4.5,"From: IP address: " . $&); } $tmp_from = addr_get($hdr_from); $tmp_from =~ s/[\'\"\s\[\]\{\}]//g; if ($tmp_from !~ /(\"[^\"]+\"|\S+)\@\S+\.\S+/) { spam("s01307",4.5,"From: malformed"); } if ($hdr_raw_from =~ /(^\=\?(.{0,15}?)\?.|\=\?iso-(.{0,15}?)\?)/oi) { spam("s01308",0.8,"From: encoded - " . $1); } $recv = $hdr_recv; $recv =~ s/\s+/ /gs; if ($hdr_main =~ /mailing-list: contact \S+\@\S+\; run by ezmlm/ && $hdr_main =~ /delivered-to: mailing list/ && $revc =~ /qmail \d+ invoked from network\); \d+ ... \d+/ && $recv =~ /qmail \d+ invoked by .{3,20}\); \d+ ... \d+/) { # # ezmlm may have removed the headers, so we let the forged header tests go # } else { my $test_hdr_from = $hdr_from; # # "Normalize" various .co, .ca etc hiding techniques. # $test_hdr_from =~ s/([\@\.])(hotmail|msn|aol|yahoo|networksolutions|brightmail|eudoramail|lycos(mail|))\.(.*?)$/$1$2\.com/; $test_hdr_from =~ s/([\@\.])(earthlink|netscape)\.(.*?)$/$1$2\.net/; $opt_d and $opt_m && print "\n---------------------------------------------------------------\n" . "Forgery checking:\nFrom: $test_hdr_from\nRecv: $hdr_recv_from" . "\n---------------------------------------------------------------\n"; if ($hdr_have_recv_from && length($recv_from_whitelist) && $hdr_recv_from =~ /($recv_from_whitelist)$/s) { spam("s02701",$spam_score_recv_from_whitelist, "SMTP \"Received from\" whitelist: " . $&); } if ($hdr_have_recv_from && $hdr_recv_from_full =~ /\(helo [^\)]*hotmail\.com/ && $hdr_recv_from !~ /\.hotmail\.com$/) { $forged_from = spam("s01309",4.0,"Forged hotmail HELO (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } if ($test_hdr_from =~ /hotmail\.com/) { $appears_to_be_from = "hotmail"; if ($hdr_x !~ /x-originating-ip: \[{0,1}\d+\.\d+\.\d+\.\d+/ || !($recv =~ /from \S*hotmail(\.msn|)\.com \(/ || $recv =~ /from \S+ by \S+\.hotmail(\.msn|)\.com with http\;/)) { $forged_from = spam("s01310",4.0,"Forged hotmail received 1 (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /yahoo\.com/) { $appears_to_be_from = "yahoo"; if ($recv !~ /by smtp[0-9]{0,}\.\S+\.yahoo\.com with smtp/ && $recv !~ /by web\S+\.yahoo\.com via http/) { $forged_from = spam("s01311",4.0,"Forged yahoo.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); if (length($hdr_recv_from) && ($hdr_recv_from !~ /yahoo/)) { spam("s01825",1.0,"Forged yahoo received from doesn't mention yahoo"); } } } elsif ($test_hdr_from =~ /msn\.com/) { $appears_to_be_from = "msn"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.(hotmail|msn)\.com\>{0,1}$/) { $forged_from = spam("s01312",4.0,"Forged msn.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /[\@\.](e{0,1}mail|usa)\.com/) { $appears_to_be_from = "mail"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.(outblaze|portal2)\.com\>{0,1}$/) { $forged_from = spam("s01313",4.0,"Forged mail/usa.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /excite\.com/) { $appears_to_be_from = "excite"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.excite(network|)\.com\>{0,1}$/) { $forged_from = spam("s01314",4.0,"Forged excite.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /lycos(mail|).com/) { $appears_to_be_from = "lycos"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.lycos(mail|)\.com\>{0,1}$/) { $forged_from = spam("s01399",4.0,"Forged lycos.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /eudoramail\.com/) { $appears_to_be_from = "eudoramail"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.whowhere\.com\>{0,1}$/) { $forged_from = spam("s01415",4.0,"Forged eudoramail.com address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /netscape\.(com|net|org)/) { $appears_to_be_from = "netscape"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.aol\.com\>{0,1}$/) { $forged_from = spam("s01415",4.0,"Forged netscape address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /barclays\.(co(m|\.uk)|net|org)/) { $appears_to_be_from = "barclays"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.barclays\.co\.uk\>{0,1}$/) { $forged_from = spam("s01415",4.0,"Forged Barclays address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /networksolutions\.com/) { $appears_to_be_from = "networksolutions"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.(networksolutions|netsol)\.com\>{0,1}$/) { $forged_from = spam("s01415",4.0,"Forged networksolutions address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /[\.\@](att|sbc|pacbell|yahoo)\.(com|net)/) { $appears_to_be_from = "ATT/SBC/PacBell"; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.(att|sbc|pacbell)\.(com|net)\>{0,1}$/) { $forged_from = spam("s01415",4.0,"Forged ATT/SBC/PacBell address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /\@(mac\.com)/) { my $from_domain = $1; $appears_to_be_from = "mac"; $from_domain =~ s/\./\\\./g; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.($from_domain|apple\.com)\>{0,1}$/) { $from_domain =~ s/\\\./\./g; $forged_from = spam("s01315",4.0,"Forged " . $from_domain ." address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } # elsif ($test_hdr_from =~ /[\@\.]amazon\.com/) { if ($hdr_have_recv_from && $hdr_recv_from =~ /\.amazon\.com\>{0,1}$/) { spam("s02634",-50.0,"Seems to be a legitimate amazon.com mail (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } elsif ($test_hdr_from =~ /gmail\.com/) { my $from_domain = $1; $appears_to_be_from = "gmail"; $from_domain =~ s/\./\\\./g; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.(gmail|google)\.com\>{0,1}$/) { $from_domain =~ s/\\\./\./g; $forged_from = spam("s01316",4.0,"Forged " . $from_domain ." address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } # The next rules covers the generic situation where an address like # "addr@somedomain.com" should come from a server like "server.somedomain.com" # elsif ($test_hdr_from =~ /(earthlink\.net|aol\.com|brightmail\.com|lycos\.com|juno\.com|freebsd\.org|paypal\.com)/) { my $from_domain = $1; $appears_to_be_from = $from_domain; $appears_to_be_from = s/\..*//; $from_domain =~ s/\./\\\./g; if ($hdr_have_recv_from && $hdr_recv_from !~ /\.$from_domain\>{0,1}$/) { $from_domain =~ s/\\\./\./g; $forged_from = spam("s01316",4.0,"Forged " . $from_domain ." address (from: " . $hdr_from . " recv: " . $hdr_recv_from . ")"); } } } } if ($hdr_no_to) { spam("s01317",2.0,"To/Cc/Bcc: missing"); } else { if ($hdr_to =~ /(^\@|<\@| \@[^<]*$|<>)/) { spam("s01318",3.3, "To: no local-part before @"); } if ($hdr_to !~ /((\"[^\"]+\"|\S+)\@\S+\.\S+|undisclosed-recipients:)/) { spam("s01319",0.2,"To: malformed"); } if ($hdr_to =~ /^\s*(\"?)([\w%\+\-=_\.]+)\1\s*<\2\@[\w%\+\-=_\.]+>/) { spam("s01320",0.5,"To: repeats local-part as real name"); } if ($hdr_to =~ /undisclosed.*recipient\S*@/) { spam("s01321",2.4,"To: undisclosed recipients"); } if ($hdr_to =~ /\b([a-z][a-z])[^@]{0,20}(@[-a-z0-9_\.]{0,30}).{0,30}?(?:\1[^@]*\2.{0,20}?){9,}/) { spam("s01322",1.4,"To: lots of similar recipients"); } if ($hdr_to =~ /\<{0,1}\d.*?@/) { spam("s02910",0.4,"To: begins with numbers"); } } if ($hdr_no_date) { spam("s01323",2.2,"Date: missing"); } else { if ($hdr_date =~ / am| pm/) { spam("s01324",3.2,"Date: has AM/PM"); } if ($hdr_date =~ /^..., \d+ ... .... ..:..:..$/) { spam("s01325",2.0,"Date: no timezone"); } if ($hdr_date =~ /[-+](1[4-9]\d\d|[2-9]\d\d\d)$/) { spam("s01326",2.0,"Date: bad timezone"); } if ($hdr_date =~ /\d+ [^a-z]{3,} \d\d\d\d/) { spam("s01327",1.2,"Date: bad month"); } } if ($hdr_no_subject) { if ($hdr_from =~ /(hotmail|msn)\.com/) { spam("s01328",1.0,"Subject: missing"); } else { spam("s01329",4.0,"Subject: missing"); } } elsif (!length($hdr_subject)) { spam("s03528",3.0,"Subject: empty"); } else { $opt_d && $opt_m and print "\n------------------------------------------------------------\n" . "Subject: [" . $hdr_subject . "]" . "\n------------------------------------------------------------\n"; if ($hdr_subject =~ /[refwd\: ]{0,}arbeit/i) { spam("s03588",2.0,"Subject: " . $&); } if ($hdr_subject =~ /rolex/i) { spam("s03584",1.0,"Subject: " . $&); } if ($hdr_subject =~ /tag heuer/i) { spam("s03585",1.0,"Subject: " . $&); } if ($hdr_subject =~ /^Postal Tracking/i) { spam("s03577",2.0,"Subject: " . $&); } if ($hdr_subject =~ /^ac{1,}ai (super |)(berry|diet)/i) { spam("s03571",3.2,"Subject: " . $&); } elsif ($hdr_subject =~ /ac{1,}ai (super |)(berry|diet)/i) { spam("s03573",2.2,"Subject: " . $&); } if ($hdr_subject =~ /weight loss|los(e|ing) weight/i) { spam("s03572",2.5,"Subject: " . $&); } if ($hdr_subject =~ /Federal Reserve Bank/i) { spam("s03574",2.0,"Subject: " . $&); } if ($hdr_subject =~ /Monthly Payments Keep Rising/i) { spam("s03569",3.2,"Subject: " . $&); } if ($hdr_subject =~ / stenton /i) { spam("s03566",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^(extra |new |best ){1,}(proposal|money|vacancy)\!$/i) { spam("s03565",3.5,"Subject: " . $&); } if ($hdr_subject =~ /angelina jolie naked|larry king shot/i) { spam("s03563",4.8,"Subject: " . $&); } if ($hdr_subject =~ /(med|drug|pill).{0,}(sale|discount|price)/i) { spam("s03559",3.0,"Subject: " . $&); } if ($hdr_subject =~ /penny.{0,}stock/i) { spam("s03558",3.5,"Subject: " . $&); } if ($hdr_subject =~ /stock.{0,}(pick|price|roof|daily|report)/i) { spam("s03557",0.5,"Subject: " . $&); } if ($hdr_subject =~ /stock/i) { spam("s03556",0.5,"Subject: " . $&); } if ($hdr_subject =~ /watches|timepieces/i) { spam("s03555",1.5,"Subject: " . $&); } if ($hdr_subject =~ /OTC/) { spam("s03554",1.5,"Subject: " . $&); } if ($hdr_subject =~ /porno (video|dvd|movie)/i) { spam("s03553",4.5,"Subject: " . $&); } if ($hdr_subject =~ /what a stupid face you have|^you look really stupid/i) { spam("s03552",4.5,"Subject: " . $&); } if ($hdr_subject =~ /[0-9]{1,}\% (discount|medi|pill|pharm)/i) { spam("s03549",3.5,"Subject: " . $&); } if ($hdr_subject =~ /armchair vegas/i) { spam("s03547",4.5,"Subject: " . $&); } if ($hdr_subject =~ /rep[li]{1,}cas/i) { spam("s03545",2.0,"Subject: " . $&); } if ($hdr_subject =~ /p.{0,1}f.{0,1}i.{0,1}z.{0,1}e.{0,1}r/i) { if (length($&) != 6) { spam("s03546",2.0,"Subject: " . $&); } } if ($hdr_subject =~ /(hook up with these girls|Local chicks who need|swingers who love sex|This site boasts .*escorts)/i) { spam("s03543",4.5,"Subject: " . $&); } if ($hdr_subject =~ /HOT ([Aa]lert|[Rr]eport|[Ss]tock)/) { spam("s03540",3.5,"Subject: " . $&); } if ($hdr_subject =~ /^watch this .* stock|hot stock|the bull is back/i) { spam("s03541",3.0,"Subject: " . $&); } if ($hdr_subject =~ /super.{0,1}(star|rocket) stock report|(next |big ){1,}market winner|stock breaker report|Unusual Huge Volume|(Extremely |)(Aggressive |market |(Investo|trade)rs{0,1} |Urgent |Stock |Equity ){2,}Alert/i) { spam("s03542",4.0,"Subject: " . $&); } if ($hdr_subject =~ /thank(s| you).*(we(re|) (have |are |)(accept|ready)).*( give| lend| you(r|)| a){1,}( loan| application| company| business| some cash){1,}/i) { spam("s03537",2.0,"Subject: " . $&); } if ($hdr_subject =~ /^med[sz]{0,1} sale$/i) { spam("s03518",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^(grand |very |important |momentous |significant |essential |weighty ){1,}(letter|message|note)\.{0,1} you (must |have |should |to |are |required{0,1} ){1,}(read|peruse)\.{0,1}$/i) { spam("s03476",5.0,"Subject: " . $&); } if ($hdr_subject =~ /^[a-z]{1,} [a-z]{1,} wrote\:$/i) { spam("s03466",3.8,"Subject: " . $&); } if ($hdr_subject =~ /^\[.{0,1}N.{0,1}E.{0,1}W.{0,1}S.{0,1}\]/i) { spam("s03262",1.4,"Subject: " . $&); } if ($hdr_subject =~ /^email not allowed$/i) { spam("s03108",0.8,"Subject: " . $&); } if ($hdr_subject =~ /^(recollection|recognition) (award|diploma|degree)/i) { spam("s03081",3.4,"Subject: " . $&); } if ($hdr_subject =~ /^incomplete app/i) { spam("s03048",2.4,"Subject: " . $&); } if ($hdr_subject =~ /ac{1,}ount/i) { if ($hdr_subject =~ /(update|verify) your .{0,30} ac{1,}ount/i) { spam("s02880",0.4,"Subject: " . $&); } if ($hdr_subject =~ /ac{1,}ount update/i) { spam("s02914",0.6,"Subject: " . $&); } if ($hdr_subject =~ /ac{1,}ount (problem|warning)|(problem|warning).{0,30}your.{0,30}ac{1,}ount/i) { spam("s02915",1.0,"Subject: " . $&); } } if ($hdr_subject =~ /^is it me you[ are\']{1,}looking for\?$/i) { spam("s03055",2.4,"Subject: " . $&); } if ($hdr_subject =~ /^Re(\[[0-9]{1,}\]){0,1}\:$/i) { spam("s03011",1.8,"Subject: " . $&); } elsif ($hdr_subject =~ /^Re\[[0-9]{1,}\]\:/i) { spam("s03008",0.6,"Subject: " . $&); } if ($hdr_subject =~ /^(cheap |and |imported |canadian |new ){1,}drugs$/i) { spam("s03007",3.0,"Subject: " . $&); } if ($hdr_subject =~ /dvd/i) { spam("s02872",0.4,"Subject: " . $&); } if ($hdr_subject =~ /(\%[A-Z][A-Z0-9\-\_\.\?]{1,} ){1,}/) { spam("s02738",(int ((length($&) / 25) * 100)) / 100,"Looks like Subject has unexpanded auto-spam tags: " . $&); } if ($hdr_subject =~ /xanax/i) { spam("s02709",2.0,"Subject: " . $&); } if ($hdr_subject =~ /v[li]agra/i) { spam("s02706",2.0,"Subject: " . $&); } if ($hdr_subject =~ /(^|[^e])cialis([^t^e]|$)/i) { spam("s02707",2.0,"Subject: " . $&); } if ($hdr_subject =~ /^hi its josh thats my new phone number/i) { spam("s02698",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^armenian genocide plagues ankara 90 years on/i) { spam("s02585",5.0,"Subject: " . $&); } if ($hdr_subject =~ /^augen auf$/i) { spam("s02568",5.0,"Subject: " . $&); } if ($hdr_subject =~ /60 jahre befreiung.{0,10}Wer feiert mit\?/i) { spam("s02548",5.0,"Subject: " . $&); } if ($hdr_subject =~ /^(re:{0,1}.{0,1}hello)$/i) { spam("s02449",0.4,"Subject: " . $1); } if ($hdr_subject =~ /^re:{0,1}.{0,1}\[[0-9]{1,}\]\s{0,}$/i) { spam("s02305",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^.{0,50} alert:{0,1} unauthorized login attempts{0,1}/i) { spam("s02211",2.4,"Subject: " . $&); } if ($hdr_subject =~ /important info(rmation|) (about|re(garding|)) your/i) { spam("s01899",0.4,"Subject: " . $&); } if ($hdr_subject =~ / unknown$/i) { spam("s01814",0.6,"Subject: " . $&); } if ($hdr_subject =~ /out.{0,1}of.{0,1}office/i) { spam("s01815",0.6,"Subject: " . $&); } if ($hdr_subject =~ /((auto(mated|matic|)|vacation|out.{0,1}of.{0,1}(the|).{0,1}office) {0,}){1,}.{0,1}re(ply|spon(se|der))/i) { spam("s01816",0.6,"Subject: " . $&); } if ($hdr_subject =~ /(nem letezo lista|leveled engedelyezesre)/i) { spam("s01712",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^[^a-z]*[A-Z]{2,}[^a-z]*$/o) { spam("s01330",2.0,"Subject: CAPS"); } if ($hdr_subject =~ /^re: (your ){0,1}application\s{0,}$/i) { spam("s01331",1.4,"Subject: " . $&); } if ($hdr_subject =~ /^where\?/i) { spam("s01332",1.4,"Subject: " . $&); } if ($hdr_subject =~ /^((.{0,40}?): |) approved\s{0,}$/i) { spam("s01333",0.4,"Subject: " . $&); } if ($hdr_subject =~ /^((.{0,40}?): |)(your|my) (details|application)\s{0,}$/i) { spam("s01334",1.4,"Subject: " . $&); } if ($hdr_subject =~ /^((.{0,40}?): |)(wicked|cool) screensaver\s{0,}$/i) { spam("s01335",2.4,"Subject: " . $&); } if ($hdr_subject =~ /^(re:{0,1} |)(re:{0,1} |)approved\s{0,}$/i) { spam("s01336",2.4,"Subject: " . $&); } if ($hdr_subject =~ /^(re:{0,1} |)(re:{0,1} |)(your|my|that|those) (detail|application|movie)s{0,1}\s{0,}$/i) { spam("s01337",2.4,"Subject: " . $&); } if ($hdr_subject =~ /^(re:{0,1} |)(re:{0,1} |)(wicked|cool) screensaver\s{0,}$/i) { spam("s01338",2.4,"Subject: " . $&); } if ($hdr_subject =~ /\!/o) { spam("s01339",0.8,"Subject: !"); } if ($hdr_subject =~ /\!\!/o) { spam("s01340",0.6,"Subject: !!"); } if ($hdr_subject =~ /\!\!\!+/o) { spam("s03331",(int ((length($&) / 5) * 100)) / 100,"Subject: " . $&); } if ($hdr_subject =~ /(\s{6,}|\t)/o) { spam("s01341",2.469,"Subject: spaces"); } if ($hdr_subject =~ /[\s\t\+\-\_\=\>\<\.\*\,]{8,}/o) { spam("s01490",1.0,"Subject: repeated non-alphanums: " . $&); } if ($hdr_subject =~ /\?+\s*$/o) { spam("s01342",0.1,"Subject: ends with ?"); } if ($hdr_subject =~ /(^\s*|\s+)adv:/oi) { spam("s01343",4.7,"Subject: ADV:"); } elsif ($hdr_subject =~ /(^\s*|\s+)\({0,1}adv\){0,1}($|\s)/oi) { spam("s01343",2.7,"Subject: ADV"); } if ($hdr_subject =~ /your membership exchange/oi) { spam("s01344",4.244,"Subject: memb ex"); } if ($hdr_subject =~ /spam.{0,3}(warning|alert)/i) { spam("s01910",1.0,"Subject: " . $&); } if ($hdr_subject =~ /\[spam\]/i) { spam("s01942",1.0,"Subject: " . $&); } if ($hdr_subject =~ /^(warning.{0,4}|.{0,4}?Watchdog.{0,6}?|)(possible |)(virus |e{0,1}mail ){0,1}(alert|warning|found|(infect|detect|block)ed|infection)/i) { spam("s01345",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^(warning.{0,4}|)((found|detected|blocked) (virus|e{0,1}.{0,1}mail)|e{0,1}.{0,1}mail reject(ed|ion) notification)/i) { spam("s01346",3.0,"Subject: " . $&); } if ($hdr_subject =~ /virus (was |has |been ){0,}(found|detected|blocked)|anti.{0,1}virus notification/i) { spam("s02926",1.2,"Subject: " . $&); } if ($hdr_subject =~ /((warning.{0,4}|)(your{0,1} |)(mail.{0,1}server |)(may |)(ha(ve|s)|contain|sent( us|))s{0,1} a virus|virus (alert|warning)|detectado vírus)/i) { spam("s01347",3.0,"Subject: " . $&); } if ($hdr_subject =~ /^aviso.{0,50}rejeitado/i) { spam("s01887",2.0,"Subject: " . $&); } if ($hdr_subject =~ /question.*(for|to|from ebay).*(seller|member)/oi) { spam("s01348",1.0,"Subject: question for seller"); } if ($hdr_subject =~ / order\b/oi) { spam("s01349",1.311,"Subject: order"); } if ($hdr_subject =~ /([a-z][-_\.\,\:\;\'\~\ ]{1,3}){5,}/oi) { spam("s01350",1.722,"Subject: gappy"); } if ($hdr_subject =~ /(^\=\?(.{0,15}?)\?.|\=\?iso-(.{0,15}?)\?)/oi) { spam("s01351",1.6,"Subject: encoded - " . $1); $temp = $hdr_subject; $temp =~ s/\=\?(.{0,15}?)\?(.\?|)//g; $temp =~ s/\?\=//g; } else { $temp = $hdr_subject; } if ($temp =~ /[^\=]\?.{2,}$/o) { spam("s01352",1.315,"Subject: ?"); } } if ($hdr_x =~ /x-msmail-priority: high/) { spam("s01353",0.8,$&); } if ($hdr_x =~ /x-mailer: the bat/) { spam("s01354",4.0,$&); } if ($hdr_x =~ /bad rfc2822/) { spam("s01355",4.0,$&); } if (length($smtp_server_ip)) { if ($hdr_recv =~ / by \[{0,1}$smtp_server_ip\]{0,1} /) { spam("s01356",4.0,$&); } if ($hdr_recv =~ /\(helo $smtp_server_ip\)/) { spam("s01357",4.0,"Received: HELO using our server IP: " . $&); } } if (length($mail_domain)) { if ($hdr_from !~ /\@$mail_domain/ && $hdr_all_to !~ /\@$mail_domain/) { spam("s01358",2.4,"Not from/to $mail_domain"); } if ($hdr_from !~ /\@$mail_domain/ && $hdr_return_path =~ /$mail_domain/i) { spam("s01359",1.2,"Return path includes mail domain: " . $&); } } if (length($hdr_charset)) { if ($hdr_charset eq 'ibm852' || $hdr_charset eq 'xunknown' || $hdr_charset eq 'iso' || $hdr_charset =~ /^(usascii|iso8859|iso10646|utf|ucs|cp125|windows|unicode11utf[78])/) { } else { if ($hdr_charset =~ /^iso2022jp$/i) { spam("s01360",3.0,"Faraway main charset: " . $hdr_charset); } else { spam("s01361",1.2,"Faraway main charset: " . $hdr_charset); } } if ($hdr_charset =~ /.?default/) { spam("s01362",4.5,"Non-existant main charset: " . $hdr_charset); } } } # # Tests on individual MIME headers. # $hdr_base64_text = 0; $hdr_other_text = 0; $hdr_far_charset = 0; $hdr_non_charset = 0; sub hdr_part_tests { $done_hdr_part_tests = 1; # # Some checks for text portions of the mail # if (($hdr_type > 0) && ($hdr_type < 5)) { if (!$hdr_base64_text && ($hdr_enc == 2)) { $hdr_base64_text = spam("s01363",2.0,"Base64 encoded text " . $hdr_type); } if ($hdr_enc != 2) { $hdr_other_text++; } } if (length($hdr_charset)) { if (!$hdr_far_charset) { if ($hdr_charset eq 'usascii' || $hdr_charset eq 'ibm852' || $hdr_charset eq 'xunknown' || $hdr_charset eq 'iso' || $hdr_charset =~ /^(iso8859|iso10646|utf|ucs|cp125|windows|unicode11utf[78])/) { } else { $hdr_far_charset = spam("s01364",1.2,"Faraway body charset: " . $hdr_charset); } } if (!$hdr_non_charset) { if ($hdr_charset =~ /.?default/) { $hdr_non_charset = spam("s01365",4.5,"Non-existant body charset: " . $hdr_charset); } } } } ########################################################################################## # # getHttpIndexFile # # Opens a socket to the specified host on port 80 and tries to execute a "GET /", (i.e. # it tries to download the homepage from the specified host.) # ########################################################################################## use IO::Socket; use Expect; sub getHttpIndexFile { my $host = shift(@_); defined $host or return ""; my $filename = shift(@_); defined $filename or $filename = ""; my $get_timeout = 10; if ($time_max_allowed && (time() - $time_start < ($time_max_allowed * 2))) { $get_timeout = ($time_max_allowed * 2) + $time_start - time(); if ($get_timeout > 30) { # $opt_d and print "get_timeout=" . $get_timeout . "\n"; $get_timeout = 30; } elsif ($get_timeout < 5) { # $opt_d and print "get_timeout=" . $get_timeout . "\n"; $get_timeout = 5; } } # $opt_d and print "get_timeout=" . $get_timeout . "\n"; # $opt_d and print "opening socket\n"; # # Note: alarm is used to overcome problems with the "timeout" parameter to IO::Socket::INET # in some perl implementations. getHttpIndexFile() should be called within an "eval" block, # so that the "die" function called from the alarm handler will not halt processing. # local $SIG{ALRM} = sub { spam("s01596",4.0,"Cannot open link: Timed Out"); die 'Timed Out'; }; alarm $get_timeout + 1; my $sock = new IO::Socket::INET (PeerAddr => $host, PeerPort => 80, Proto => 'tcp', timeout => $get_timeout); alarm 0; if (!defined $sock) { spam("s01512",4.0,"Cannot open link: " . $host); return } # $opt_d and print "opened socket - initializing Expect\n"; my $expect = Expect->exp_init($sock); defined $expect or return ""; # $opt_d and print "connected - sending GET request\n"; $expect->send("GET /" . $filename . " HTTP/1.0\r\nHost: " . $host . "\r\n\r\n"); # $opt_d and print "sent GET request - waiting for response\n"; $expect->expect($get_timeout, '-re', ''); # $opt_d and print "got response - returning\n"; return $expect->exp_before() . $expect->exp_match() . $expect->exp_after(); } # # Some final tests before wrapping up. # (Check for things like HTML only, missing/encoded text) # $body_has_text = 0; $body_has_empty_text_part = 0; $body_has_rawtext = 0; $body_has_text_after_closing_html = 0; $body_has_possible_attachment = 0; $body_text_claims_attachment = 0; $body_html_formatted = 0; $body_img_in_non_html = 0; $body_html_only = 0; $body_has_html = 0; $body_has_html_tags = 0; sub final_tests { $done_final_tests = 1; $opt_d and $opt_m and print "\n---------------------------------------------------\n" . "Final Tests:\n" . "hdr_cont_type: [" . $hdr_cont_type ."]\n" . "hdr_cont_enc: [" . $hdr_cont_enc ."]\n" . "hdr_cont_disp: [" . $hdr_cont_disp ."]\n" . "---------------------------------------------------\n"; if (!$spam_whitelist_bypass || !$whitelist_bypass) { if (!length($hdr_subject) && ($hdr_cont_disp =~ /\.pdf/i)) { spam("s03529",2.0,"Subject empty, with a PDF attachment"); } if ($hdr_cont_type =~ /^ {0,1}multipart\/related; {1,}boundary.{0,50}text\/html; {1,}.{0,50}image\/gif; {1,}name=.{0,50}$/i) { spam("s03049",0.5,"Multipart related with HTML and a GIF image"); } if (($hdr_cont_type =~ /^ {0,1}multipart\/related\; type=\"multipart\/alternative\"\; boundary\=/i) && ($hdr_cont_enc =~ /^ {0,1}quoted-printable quoted-printable$/i) && ($spam_desc =~ /s03011/)) { spam("s03015",3.2,"Multipart related with Re subject"); } if (($hdr_cont_type =~ /^ {0,1}multipart\/alternative\; boundary\=\".*?\" text\/plain\; charset\=iso-8859-1 text\/html\; charset\=iso-8859-1/i) && ($spam_desc =~ /s03038/)) { spam("s03039",1.6,"Multipart alternative with Registration Options"); } if ($single_word_count == 2) { spam("s03519",2.0,"Entire mail consists of two single words"); } if ($spam_desc =~ /s02910.*?s01323/) { spam("s02978",2.4,"Date missing and to begins with numbers"); } if ($s02838 >= 2) { spam("s02838",($s02838 / 10.0) * $s02838,"cumulative score: size matters way too much: $s02838"); } if (($hdr_subject =~ /^re: ac{1,}ount/i) && ($attach_extension_list eq "\.gif") && ($hdr_cont_type =~/multipart\/related.*?multipart\/alternative.*?text\/plain.*?text\/html.*?image\/gif/i)) { spam("s02813",5.0,"Re Account with GIF"); } if (($hdr_cont_type =~ /^\s{0,}multi[^;]{0,};[^;]{0,}text[^;]{0,};\s{0,}$/i) && ($hdr_cont_enc =~ /^\s{0,}quoted-printable[;\s]{0,}$/i)) { spam("s02776",1.0,"Multipart mail with a single quoted-printable part"); } if ($attach_extension_list =~ /\.(gif|jpg|jpeg|jif|bmp|png)\.(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1})/i) { spam("s01999",1.0,"Image attachment followed by a zip file - possible password protected virus"); } if ($returned_mail && $hdr_subject =~ /re: (hello|your document)/oi) { spam("s01837",5.0,"Returned Mail Subject: " . $&); } if ($body_text_claims_attachment && !$body_has_possible_attachment) { spam("s01366",4.5,"Body says there is an attachment: none found"); } if ($body_has_text_after_closing_html) { spam("s01367",2.6,"Text after closing HTML tag"); } if (!$body_has_text && $body_has_raw_text) { spam("s01368",2.0,"Body has no meaningful text"); } if ($hdr_type_list =~ /msg/) { spam("s01369",1.0,"Contains a \"message\" part"); } if ($hdr_cont_type =~ /(application|audio|video)/i) { if ($hdr_cont_type =~ /name=(.{0,}\.exe)/i) { spam("s01370",1.5,"Dangerous attachment: " . $1); } if ($hdr_cont_type =~ /name=(.{0,}\.($exe_file_types_no_exe))/i) { spam("s01371",4.5,"Dangerous attachment: " . $1); } if ($hdr_cont_type =~ /name=(.{0,}y{0,1}our_(details|secret)\.zip)/i) { spam("s01372",4.5,"Dangerous attachment: " . $1); } if ($hdr_cont_disp =~ /name=(.{0,}\.exe)/i) { spam("s01370",1.5,"Dangerous attachment: " . $1); } if ($hdr_cont_disp =~ /name=(.{0,}\.(exe_file_types_no_exe))/i) { spam("s01371",4.5,"Dangerous attachment: " . $1); } if ($hdr_cont_disp =~ /name=(.{0,}your_details\.zip)/i) { spam("s01372",4.5,"Dangerous attachment: " . $1); } } if ($has_yahoo_redirect && !(($appears_to_be_from eq "yahoo") && !$forged_from)) { spam("s01500",1.4,"yahoo redirect"); } if ($has_msn_offer && !((($appears_to_be_from eq "msn") or ($appears_to_be_from eq "hotmail")) && !$forged_from)) { spam("s01734",0.8,"Possible fake msn offer"); } if ($hdr_type_list =~ /text\/(xml|html)/) { if ($hdr_have_recv_from && $hdr_type_list eq "text/html/unenc/," && $hdr_recv_from =~ /\.(hotmail|msn)\.com$/ && $hdr_from =~ /\@(hotmail|msn)\.com>$/) { # # hotmail/msn doesn't send a non-html version with each mail. # Allow it to pass if our mailserver received it from a hotmail/msn # domain, (i.e. no relays), and it is from a hotmail/msn address. # } else { if ($hdr_type_list !~ /text\/(unknown|plain|bad)/) { spam("s01373",4.5,"HTML/XML text only"); } if ($body_has_empty_text_part) { spam("s01374",4.5,"HTML/XML text part with empty alternative part"); } } if (!$body_has_html_tags) { spam("s01444",0.5,"HTML/XML text with no HTML/XML tags"); } } if ($hdr_base64_text && !$hdr_other_text) { spam("s01375",2.5,"Base64 encoded text only"); } if ($hdr_have_boundary && !$hdr_found_boundary) { spam("s01492",3.0,"Multipart mail with no parts"); } if ($http_link_checking && ($spam_score < $spam_threshold) && !$time_exceeded && !time_limit_up() && length($body_http_host) && (!length($mail_domain) || ($hdr_from !~ /\@$mail_domain/))) { spam("s01496",0.0,"Checked link: http://" . $body_http_host . "/" ); $opt_d and print "\n---------------------------------------------------\n" . "Fetching link: http://" . $body_http_host . "/\n" . "---------------------------------------------------\n"; eval { $body_test_text = getHttpIndexFile($body_http_host, ""); }; $frame = ""; if (!length($body_test_text)) { spam("s02800",4.8,"Empty link" ); } while (length ($body_test_text)) { $opt_d and print "\n---------------------------------------------------\n" . "Link returned:\n" . $body_test_text . "/\n" . "---------------------------------------------------\n"; if ($body_test_text =~ /\^\"]{1,}))[\>\"]/i) { $body_http_host = $1; spam("s02909",2.5,"Meta-refresh redirect: " . $body_http_host); if (!length($redirect_body_http_host)) { $redirect_body_http_host = $body_http_host; $redirect_body_http_host =~ s/https{0,1}:\/\///i; $redirect_body_http_host =~ s/\/.*//i; } else { $redirect_body_http_host = ""; } } else { $redirect_body_http_host = ""; if (length($frame)) { $frame = ""; } elsif ($body_test_text =~ /document\.write.*?]*?src\s*?\=.*?\+\s*?(.*?)\s*?\+/i) { $var = $1; if ($body_test_text =~ /var\s*?$var\s*?\=\s*?[\"\'](.*?)[\"\']\s*?\;/i) { $frame = $1; } spam("s01740",2.5,"Link has script with frame redirect to " . $frame); } } if ($body_test_text =~ /document\.write\s{0,}\(unescape\s{0,}\(/i) { spam("s01657",4.5,"Link has script with: " . $& . "))"); } if ($body_test_text =~ /affiliate.id/i) { spam("s02344",2.8,$&); } if ($body_test_text =~ /campaign.id/i) { spam("s02344",1.2,$&); } if ($body_test_text =~ /unsubscribe/i) { spam("s03414",0.8,$&); } if ($body_test_text =~ /report abuse/i) { spam("s03415",0.8,$&); } if ($body_test_text =~ /can spam/i) { spam("s03416",0.8,$&); } if (($body_test_text =~ /unsubscribe/i) && ($body_test_text =~ /report abuse/i) && ($body_test_text =~ /can spam/i)) { spam("s03418",1.2,"unsubscribe - report abuse - can spam"); } if ($body_test_text =~ /.{0,10}.{0,}<\/HEAD>(.{0,10}<\!--[^\>]{0,}>|).{0,10}]{0,}>.{0,10}]{0,})>.{0,10}<\/FRAMESET>.{0,10}(.{0,}<\/NOFRAMES>|)<\/HTML>/is) { spam("s03227",3.2,"Link with single frame loading " . $2); } if ($body_test_text =~ /<SCRIPT.{0,5}LANGUAGE=\"JavaScript\".{0,}?eval.{0,}?unescape.{0,}?(\\x..){20}.{0,}<body>.{0,200}<\/body>/is) { spam("s03312",4.8,"Javascript using unescape encoding"); } $body_raw_text = $body_test_text; body_site_tests(); $body_test_text =~ s/^\s*//; $body_test_text =~ s/\s*$//; while ($body_test_text =~ /(.*)\<meta name\=\"description\" content\=\"([^>]*)>(.*)/is) { $body_test_text = $1 . $2 . $3; } while ($body_test_text =~ /(.*)\<meta name\=\"keywords\" content\=\"([^>]*)>(.*)/is) { $body_test_text = $1 . $2 . $3; } while ($body_test_text =~ /^<[^>]*>(.*)/s) { $body_test_text = $1; } while ($body_test_text =~ /(.*)<[^>]*>(.*)/s) { $body_test_text = $1 . $2; } $body_test_text =~ s/\&\#([0-9]{2,3})\;/chr $1/eg; $body_test_text =~ s/\&[^\s^\;]{1,6}\;//sg; $body_test_text =~ s/[\_\-\,\:\;\.\"\'\`\(\)\*\&\^\#\~\+\=\<\>\[\]\\]\{\}\§//g; $body_test_text =~ s/[ \t\s]{1,}/ /g; $body_test_text = lc($body_test_text); $body_test_text =~ s/ ([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/-([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/([a-z][a-z])-/$1 /g; $body_test_text =~ s/-([a-z][a-z])/ $1/g; $body_test_text =~ s/-//g; $opt_d and $opt_t and !$opt_q and print "\n-----\ntext:\n-----\n" . $body_test_text . "\n"; if ($body_test_text =~ /test page for (the |)apache/) { spam("s01517",4.5,"Link to an unfinished apache site"); } if ($body_test_text =~ /under construction/) { spam("s02018",2.5,"Link to a site that is under construction"); } if ($body_test_text =~ /no site (configured|available) at this address/) { spam("s02721",2.5,"Link to an unavailable site"); } if ($body_test_text =~ / 401.{0,30}|authorization required/) { spam("s01826",4.5,"Link to a password protected site"); } elsif ($body_test_text =~ /( 403 forbidden|you dont have permission to ac{1,}ess|directory listing denied|does not allow contents to be listed)/) { spam("s01501",4.5,"Link is to a protected site"); } elsif ($body_test_text =~ /( 404.{0,30}|site )not found/) { spam("s01630",4.5,"Link to an incomplete site"); } elsif ($body_test_text =~ /(^http\/1\.[01] 3[0-9]{2} |this (object|document) may be found here)/) { spam("s01581",2.5,"Link to a redirect"); } elsif ($body_test_text =~ /^http\/1\.[01] 601/) { spam("s01779",2.5,"Link to a virtual host server"); } elsif ($body_test_text =~ /^http\/1\.[01] [13456][0-9]{2}/) { spam("s02901",2.5,"Return code: " . uc($&)); } if ($body_test_text =~ /name last modified size description parent directory/) { spam("s01574",4.5,"Link to a site with no home page"); } if ($body_test_text =~ /browser sux error/) { spam("s01780",4.5,$&); } if ($body_test_text =~ /(site temporarily unavailable|no website configured at this address)/) { spam("s01836",4.5,$&); } if ($body_test_text =~ /^invalid (host|site)/) { spam("s01940",4.5,"Link to invalid host"); } if (length($body_test_text) < 2) { spam("s01549",4.5,"Link to an empty page"); } else { body_tests(); } $body_test_text = ""; if (length($frame)) { spam("s01496",0.0,"Checked link: http://" . $body_http_host . "/" . $frame ); $opt_d and print "\n---------------------------------------------------\n" . "Fetching link: http://" . $body_http_host . "/" . $frame . "\n" . "---------------------------------------------------\n"; eval { $body_test_text = getHttpIndexFile($body_http_host, $frame); }; } elsif (length($redirect_body_http_host)) { spam("s01496",0.0,"Checked link: http://" . $redirect_body_http_host . "/" ); $opt_d and print "\n---------------------------------------------------\n" . "Fetching link: http://" . $redirect_body_http_host . "/" . "\n" . "---------------------------------------------------\n"; eval { $body_test_text = getHttpIndexFile($redirect_body_http_host, ""); }; } } } } } ########################################################################################## # # verifyMX is an experimental function that checks MX records. It also serves as an # example of how RMX records could be checked if/when their usage becomes common. # Currently, this function is not called from the code, (the call is commented out). # # If you want to tailor this code to verify particular "FROM" domains against their # MX records, feel free to do so here, and uncomment the call to this function further # on in the code. Personally, I'm not comfortable enough with the accuracy of MX-only # checks to enable this code at this time. # ########################################################################################## use Net::DNS; sub verifyMX { if (!$hdr_have_recv_from || !length($hdr_recv_from) || ($hdr_recv_from eq "unknown")) { spam("s01555", 0, "From unknown: " . $hdr_recv_from); return; } $hdr_from_domain = ""; if ($hdr_smtp_from =~ /.*\@([^ ]*?)( |$)/) { $hdr_from_domain = $1; } if (!length($hdr_from_domain)) { $hdr_from_domain = addr_get($hdr_from); if ($hdr_from_domain =~ /.*\@([^ ]*?)( |$)/) { $hdr_from_domain = $1; } } if (!length($hdr_from_domain)) { spam("s01555", 0, "No From domain found"); return; } if ((length($hdr_recv_from) >= length($hdr_from_domain)) && index($hdr_recv_from, $hdr_from_domain, length($hdr_recv_from) - length($hdr_from_domain)) == length($hdr_recv_from) - length($hdr_from_domain)) { spam("s01555", 0, "Domains match: " . $hdr_recv_from . " and " . $hdr_from_domain); return; } my $res = Net::DNS::Resolver->new; if (!defined $res) { spam("s01555", 0, "Cannot create DNS resolver"); return; } my $packet = $res->query($hdr_recv_from); if (!defined $packet) { spam("s01555", 0, "No DNS entry for " . $hdr_recv_from); return; } my @answer = $packet->answer; if (!defined @answer) { spam("s01555", 0, "No answers for " . $hdr_recv_from); return; } my $fromIp = ""; foreach $rr (@answer) { if ($rr->string =~ /\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s{0,}$/) { $fromIp = $1; } } $packet = $res->query($hdr_from_domain); if (!defined $packet) { spam("s01555", 0, "No DNS entry for " . $hdr_from_domain); return; } @answer = $packet->answer; if (!defined @answer) { spam("s01555", 0, "No answers for " . $hdr_from_domain); return; } foreach $rr (@answer) { if ($rr->string =~ /\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s{0,}$/) { my $ip = $1; if ($ip eq $fromIp) { spam("s01555", 0, "Found match for " . $hdr_recv_from . " (" . $fromIp . ")"); return; } } } $packet = $res->query($hdr_from_domain, "MX"); if (!defined $packet) { spam("s01555", 0, "No MX entries for " . $hdr_from_domain); return; } @answer = $packet->answer; if (!defined @answer) { spam("s01555", 0, "No MX answers for " . $hdr_from_domain); return; } foreach $rr (@answer) { if ($rr->string =~ /\s([^\s]*)\.\s{0,}$/) { my $name = $1; my $namePacket = $res->query($name); if (!defined $namePacket) { spam("s01555", 0, "No DNS entry for " . $name); return; } my @nameAnswer = $namePacket->answer; if (!defined @nameAnswer) { spam("s01555", 0, "No answers for " . $name); return; } foreach $rr2 (@nameAnswer) { if ($rr2->string =~ /\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s{0,}$/) { my $ip = $1; if ($ip eq $fromIp) { spam("s01555", 0, "Found MX match for " . $hdr_recv_from . " (" . $fromIp . ")"); return; } } } } } spam("s01555", 0, "No matching IP address for " . $hdr_recv_from . " at " . $hdr_from_domain); } ########################################################################################## # # Code section. # # From this point on, we're in the "logic" section of the program. # # Typically, only perl/mail experts, (or me, I guess), will want to modify code from # this point forward. # ########################################################################################## # # Quite a few global variables... # $hdr_no_subject = 1; $hdr_no_date = 1; $hdr_no_from = 1; $hdr_no_to = 1; $hdr_type_err = 0; $hdr_cont_enc = ""; $hdr_cont_type = ""; $hdr_cont_disp = ""; $hdr_type_list = ""; $hdr_type = 0; $hdr_in_hdr_test = 0; $hdr_enc_err = 0; $hdr_enc = 0; $hdr_len = 0; $hdr_have_boundary = 0; $hdr_found_boundary = 0; $hdr_boundary = ""; $hdr_last = ""; $hdr_main = ""; $hdr_main_text = ""; $hdr_part = ""; $hdr_subject = ""; $hdr_from = ""; $hdr_raw_from = ""; $hdr_smtp_from = ""; $hdr_recv_from = ""; $hdr_recv_unknown = 0; $hdr_recv_ip = ""; $hdr_recv_from_full = ""; $hdr_return_path = ""; $hdr_have_recv_from = 0; $hdr_have_first_recv_from = 0; $hdr_recv_from_internal = 0; $hdr_to = ""; $hdr_to_user = ""; $hdr_all_to = ""; $hdr_cc = ""; $hdr_x = ""; $hdr_recv = ""; $hdr_date = ""; $hdr_in_hdr = 1; $hdr_in_mainhdr = 1; $hdr_has_empty_charset = 0; $hdr_helo = ""; $body_len = 0; $body_text = ""; $body_full_len = 0; $body_test_text = ""; $body_stripped_text = ""; $body_first_http_host = ""; $spam_score = 0; $spam_desc = ""; $whitelist_bypass = 0; $time_exceeded = 0; $exit_code = -1; $log_open = 0; $stripped_mail_domain = ""; $attach_len = 0; $attach_test_text = ""; $attach_linecount = 0; $attach_extension = ""; $attach_extension_list = ""; $attach_filename = ""; $forged_from = 0; $has_yahoo_redirect = 0; $has_msn_offer = 0; $appears_to_be_from = ""; $timed_out = 0; $body_stripped_test = 0; sub reset_global_strings { $mail_domain = ""; $smtp_server = ""; $whitelist = ""; $beigelist = ""; $blacklist = ""; $darklist = ""; $graylist = ""; $hdr_cont_enc = ""; $hdr_cont_type = ""; $hdr_cont_disp = ""; $hdr_type_list = ""; $hdr_boundary = ""; $hdr_last = ""; $hdr_main = ""; $hdr_main_text = ""; $hdr_part = ""; $hdr_subject = ""; $hdr_from = ""; $hdr_raw_from = ""; $hdr_smtp_from = ""; $hdr_recv_from = ""; $hdr_recv_unknown = 0; $hdr_recv_ip = ""; $hdr_recv_from_full = ""; $hdr_return_path = ""; $hdr_to = ""; $hdr_to_user = ""; $hdr_all_to = ""; $hdr_cc = ""; $hdr_x = ""; $hdr_recv = ""; $hdr_date = ""; $body_text = ""; $body_test_text = ""; $body_stripped_text = ""; $spam_desc = ""; $stripped_mail_domain = ""; } sub body_text_normalize { $body_test_text =~ s/(v[il\!1\|ÏÌÍÎìíîï][a\@\&ÂÁÀÄÅÃáàãåâä]gr[a\@\&ÂÁÀÄÅÃáàãåâä])/viagra/g; $body_test_text =~ s/(lev[i\!1\|ÏÌÍÎìíîï]tr[a\@\&ÂÁÀÄÅÃáàãåâä])/levitra/g; $body_test_text =~ s/(c[i\!1\|ÏÌÍÎìíîï][a\@\&][\|l1][i\!1\|ÏÌÍÎìíîï]s)/cialis/g; $body_test_text =~ s/[\@\&]/a/g; if ($body_test_text =~ /f.{0,1}[1l].{0,1}n.{0,1}a.{0,1}n.{0,1}c.{0,1}[e3]/) { spam("s02700",2.6,$&); } if ($body_test_text =~ /st0ck/) { spam("s02971",2.2,$&); } $body_test_text =~ s/([a-z])3([a-z])/$1e$2/g; $body_test_text =~ s/([a-z])1/$1i/g; $body_test_text =~ s/([a-z])0/$1o/g; $body_test_text =~ s/1([a-z])/i$1/g; $body_test_text =~ s/\|([a-z])/i$1/g; $body_test_text =~ s/0([a-z])/o$1/g; $body_test_text =~ s/([0-9])ous([^a-z])/${1}0us$2/g; $body_test_text =~ s/ ([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/-([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/([a-z][a-z])-/$1 /g; $body_test_text =~ s/-([a-z][a-z])/ $1/g; $body_test_text =~ s/([a-z])iii/$1ill/g; $body_test_text =~ s/([a-z])ii/$1il/g; $body_test_text =~ s/ÿffffe4/a/g; my @gapcount = $body_test_text =~ /-/g; $gapscore = @gapcount / 20; if ($gapscore >= 0.1) { spam("s01380",$gapscore,"Words with g a p s"); } $body_test_text =~ s/-//g; if ($body_test_text =~ /(\?.|)\?utf.8\?q\?/) { spam("s02327",1.0,$&); $body_test_text =~ s/(\?.|)\?utf.8\?q\?//g; } if ($body_test_text =~ / p{1,}.{0,1}e{1,}.{0,1}n{1,}.{0,1}i{1,}.{0,1}s{1,}.{0,1} / && (length($&) > 7)) { spam("s01638",2.6,$&); $body_test_text =~ s/ p{1,}.{0,1}e{1,}.{0,1}n{1,}.{0,1}i{1,}.{0,1}s{1,}.{0,1} / penis /g; } if ($body_test_text =~ / n{1,}.{0,1}i{1,}.{0,1}g{1,}.{0,1}e{1,}.{0,1}r{1,}.{0,1}i{1,}.{0,1}a{1,}/ && (length($&) > 8)) { spam("s02127",1.6,$&); $body_test_text =~ s/ n{1,}.{0,1}i{1,}.{0,1}g{1,}.{0,1}e{1,}.{0,1}r{1,}.{0,1}i{1,}.{0,1}a{1,}/ nigeria/g; } if ($body_test_text =~ /w{1,}e{1,}[il]{1,}g{1,}h{1,}t{1,}/) { if (!($& eq "weight")) { spam("s01760",1.2,$&); } $body_test_text =~ s/w{1,}e{1,}[il]{1,}g{1,}h{1,}t{1,}/weight/g; } if ($body_test_text =~ /d{1,}i{1,}e{1,}t{1,}/) { if (!($& eq "diet")) { spam("s01764",1.2,$&); } $body_test_text =~ s/d{1,}i{1,}e{1,}t{1,}/diet/g; } if ($body_test_text =~ /p.{0,1}h.{0,1}[a\@r].{0,1}[a\@r].{0,1}m.{0,1}[a\@].{0,1}c.{0,1}[yi]/ && (length($&) > 8)) { spam("s02290",3.00,$&); $body_test_text =~ s/p.{0,1}h.{0,1}[a\@].{0,1}r.{0,1}m.{0,1}[a\@].{0,1}c.{0,1}(y|i)/pharmac$1/g; } if ($body_test_text =~ /f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}e/ && (length($&) > 7)) { if ($body_test_text =~ /r[^ ]{0,1} {0,1}e[^ ]{0,1} {0,1}f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}e/ && (length($&) > 9)) { spam("s02298",2.6,$&); $body_test_text =~ s/r[^ ]{0,1} {0,1}e[^ ]{0,1} {0,1}f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}e/refinance/g; } else { spam("s02919",1.6,$&); } $body_test_text =~ s/f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}e/finance/g; } if ($body_test_text =~ /r[^ ]{0,1} {0,1}e[^ ]{0,1} {0,1}f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}g/ && (length($&) > 11)) { spam("s02257",2.6,$&); $body_test_text =~ s/r[^ ]{0,1} {0,1}e[^ ]{0,1} {0,1}f[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}a[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}c[^ ]{0,1} {0,1}i[^ ]{0,1} {0,1}n[^ ]{0,1} {0,1}g/refinancing/g; } if ($body_test_text =~ /p.{0,1}r.{0,1}e.{0,1}a.{0,1}p.{0,1}p.{0,1}r.{0,1}o.{0,1}v.{0,1}e.{0,1}d/ && (length($&) > 11)) { spam("s02258",2.6,$&); $body_test_text =~ s/p.{0,1}r.{0,1}e.{0,1}a.{0,1}p.{0,1}p.{0,1}r.{0,1}o.{0,1}v.{0,1}e.{0,1}d/preapproved/g; } if ($body_test_text =~ /p.{0,1}[er].{0,1}[re].{0,1}s.{0,1}c.{0,1}r.{0,1}i.{0,1}p.{0,1}t.{0,1}i.{0,1}o.{0,1}n/ && (length($&) > 12)) { spam("s02702",2.6,$&); $body_test_text =~ s/p.{0,1}[er].{0,1}[re].{0,1}s.{0,1}c.{0,1}r.{0,1}i.{0,1}p.{0,1}t.{0,1}i.{0,1}o.{0,1}n/prescription/g; } if ($body_test_text =~ /o{1,}.{0,1}n{1,}.{0,1}l{1,}.{0,1}i{1,}.{0,1}n{1,}.{0,1}e{1,}/ && (length($&) > 6)) { spam("s02363",1.0,$&); $body_test_text =~ s/o{1,}.{0,1}n{1,}.{0,1}l{1,}.{0,1}i{1,}.{0,1}n{1,}.{0,1}e{1,}/online/g; } if ($body_test_text =~ /h{1,}.{0,1}o{1,}.{0,1}m{1,}.{0,1}e{1,}.{0,1}l{1,}.{0,1}o{1,}.{0,1}a{1,}.{0,1}n{1,}/ && (length($&) > 8) && !($& eq "home loan")) { spam("s02710",1.0,$&); $body_test_text =~ s/h{1,}.{0,1}o{1,}.{0,1}m{1,}.{0,1}e{1,}.{0,1}l{1,}.{0,1}o{1,}.{0,1}a{1,}.{0,1}n{1,}/home loan/g; } $body_test_text =~ s/ l{1,}o{1,}s{1,} / loss /g; $body_test_text =~ s/ l{1,}o{1,}s{1,}e{1,} / lose /g; $body_test_text =~ s/ y[oun]{2,}g / young /g; $body_test_text =~ s/ r[ea]{3,}[il] / real /g; $body_test_text =~ s/ c[ou]{2,}p{1,}[il]es / couples /g; } sub body_analyze { # $opt_d and $opt_r and !$opt_q and print "\n---------\noriginal text:\n---------\n" . $body_test_text . "\n"; if ($stop_on_spam && ($spam_score >= $spam_threshold)) { spam("s01376",0.0,"Skipped body tests - already spam"); $body_full_len = 0; $body_test_text = ""; $body_stripped_text = ""; $body_raw_text = ""; return; } $body_test_text =~ s/^\s*//; $body_test_text =~ s/\s*$//; $body_test_text =~ s/[yY]\(\)[uU]/you/g; $body_test_text =~ s/([a-zA-Z])\+([a-zA-Z])/$1t$2/g; if (!$hdr_in_hdr_test) { $body_test_text =~ s/\\\/\\\//w/g; $body_test_text =~ s/\\\^\//w/g; $body_test_text =~ s/\\\//v/g; } $body_test_text =~ s/[\_\-\,\:\;\.\"\'\`\(\)\*\^\#\~\+\=\<\>\[\]\\\÷\{\}\§]//g; $body_test_text =~ s/[ \t\s]{1,}/ /g; $body_test_text =~ s/ \/ / /g; $stripped_mail_domain = $mail_domain; $stripped_mail_domain =~ s/[\,\:\;\"\'\&\^\#\~\+\=\<\>\.]//g; $stripped_mail_domain =~ s/[ \t\_\-\s]{1,}/ /g; length($body_test_text) and (!$hdr_in_hdr_test) and $body_has_text = 1; $body_raw_text =~ s/^\s*//; $body_raw_text =~ s/\s*$//; length($body_raw_text) and (!$hdr_in_hdr_test) and $body_has_rawtext = 1; if (!$time_exceeded && time_limit_up()) { $time_exceeded = 1; spam("s01377",0.0,"Skipped body_raw_tests - time limit is up"); } else { $opt_d and $opt_r and !$opt_q and print "\n---------\nraw text:\n---------\n" . $body_raw_text . "\n"; body_raw_tests(); } if ($stop_on_spam && ($spam_score >= $spam_threshold)) { spam("s01378",0.0,"Skipped secondary body tests - already spam"); } elsif (!$time_exceeded && time_limit_up()) { $time_exceeded = 1; spam("s01379",0.0,"Skipped body_tests - time limit is up"); } else { if (!$spam_whitelist_bypass || !$whitelist_bypass) { $body_test_text = lc($body_test_text); $opt_d and $opt_r and !$opt_q and print "\n---------\npresubstitution text:\n---------\n" . $body_test_text . "\n"; body_presubstitution_tests(); body_text_normalize(); $opt_d and $opt_t and !$opt_q and print "\n---------------------\ntext: (length=" . length($body_test_text) . ")\n---------------------\n" . $body_test_text . "\n"; if (!length($body_test_text) && !$zero_len_body && !$hdr_in_hdr) { $zero_len_body=1; spam("s02871",4.6,"Empty body"); } if (length($body_test_text) || !$hdr_in_mainhdr) { body_tests(); } $body_test_text =~ s/[\?\!]//g; # # Note: We can only perform the next test if length($body_test_text) < 32767 # (This is a Perl limitation.) # if (length($body_test_text) && length($body_test_text) < 32767 && ($hdr_to =~ /$body_test_text/)) { spam("s01381",1.0,"Full subject/text repeats part of To: " . $&); } if (length($body_stripped_text)) { $body_stripped_test = 1; $body_raw_text = $body_stripped_text; body_raw_tests(); $body_stripped_text =~ s/[ \/\t\.\,\"\'\`\:\;\(\)\*\&\^\#\~\+\=\-\_\<\>\{\}\§]{1,}/ /g; $body_stripped_text =~ s/^\s*//; $body_stripped_text =~ s/\s*$//; $body_stripped_text = lc($body_stripped_text); if (length($body_stripped_text)) { $body_test_text = $body_stripped_text; body_presubstitution_tests(); $body_test_text =~ s/\@/a/g; $body_test_text =~ s/([a-z])1/$1i/g; $body_test_text =~ s/([a-z])0/$1o/g; $body_test_text =~ s/1([a-z])/i$1/g; $body_test_text =~ s/\|([a-z])/i$1/g; $body_test_text =~ s/0([a-z])/o$1/g; $body_test_text =~ s/ ([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/-([a-z]) ([a-z]) /-$1-$2-/g; $body_test_text =~ s/([a-z][a-z])-/$1 /g; $body_test_text =~ s/-([a-z][a-z])/ $1/g; $body_test_text =~ s/-//g; $opt_d and $opt_t and !$opt_q and print "\n--------------\nstripped text:\n--------------\n" . $body_test_text . "\n"; body_tests(); } $body_stripped_test = 0; } } } $body_full_len = 0; $body_test_text = ""; $body_stripped_text = ""; $body_raw_text = ""; } sub body_process_text { $body_raw_text .= $body_text; $body_text =~ s/[\r\n]/ /g; if (!$hdr_in_hdr) { if ($body_text =~ /<table(.*)\/table>/is) { $table_keep = $1; $table = $1; $table_txt = ""; while (length($table) and (length($table) < 4096)) { if ($table =~ /(.*)\/table>(.*)<table(.*)/is) { $table = $1; $next_table = $3; } else { $next_table = ""; } $opt_d and print "\n-----------------------\nUnprocessed Table Text:\n-----------------------\n" . $table . "\n"; $max_row = 0; $max_col = 0; $row_num = 0; while (($row_num < 20) and ($table =~ /<tr(.*?)>(.*?)(<\/{0,1}tr>.*)/si)) { $tr_opts = $1; $tr = $2; $table = $3; if ($tr_opts =~ /valign.*?(top|bottom)/si) { $tr_valign = lc($1); } else { $tr_valign = "none"; } $opt_d and print "\nRow: valign=$tr_valign: " . $tr . "\n\n"; $col_num = 0; while (($col_num < 20) and ($tr =~ /<td(.*?)>(.*?)<\/td>(.*)/si)) { $td_opts = $1; $td = $2; $tr = $3; $td_rowspan = 0; $td_colspan = 0; if ($td_opts =~ /align.*?(left|right)/si) { $td_align = lc($1); } else { $td_align = "none"; } $skip_col = 0; if ($td_opts =~ /rowspan[^0-9]{1,}(3d|)([0-9]{1,})/si) { $td_rowspan = $2; if (!$td_rowspan) { $skip_col = 1; } } if ($td_opts =~ /colspan[^0-9]{1,}(3d|)([0-9]{1,})/si) { $td_colspan = $2; } $this_row = $row_num; $this_col = $col_num; if ($td_rowspan > 0) { $this_row = $this_row + $td_rowspan - 1; } if (($td_colspan > 0) and ($td_align eq "right")) { $this_col = $this_col + $td_colspan - 1; } $opt_d and print "Col (row=$this_row, col=$this_col, align=$td_align, rowspan=$td_rowspan, colspan=$td_colspan): " . $td . "\n"; if (!$skip_col) { if ($td =~ /<br>/si) { while ($td =~ /(.*?)<br>(.*)/si) { while ($tmp_txt{$this_row, $this_col}) { $this_col = $this_col + 1; } $tmp_txt{$this_row, $this_col} .= $1; $opt_d and print " Txt (row=$this_row, col=$this_col): [" . $tmp_txt{$this_row, $this_col} . "]\n"; $td = $2; $this_row = $this_row + 1; if ($this_row > $max_row) { $max_row = $this_row; } if ($this_col > $max_col) { $max_col = $this_col; } } } elsif ($td =~ / /si) { while ($td =~ /(.*?)<.*?>(.*)/si) { $td =~ s/(.*?)<.*?>(.*)/$1$2/si; } while ($td =~ /(.*?) (.*)/si) { while ($tmp_txt{$this_row, $this_col}) { $this_col = $this_col + 1; } $tmp_txt{$this_row, $this_col} .= $1; $opt_d and print " Txt (row=$this_row, col=$this_col): [" . $tmp_txt{$this_row, $this_col} . "]\n"; $td = $2; $this_row = $this_row + 1; if ($this_row > $max_row) { $max_row = $this_row; } if ($this_col > $max_col) { $max_col = $this_col; } } } if (length($td)) { while ($tmp_txt{$this_row, $this_col}) { $this_col = $this_col + 1; } $tmp_txt{$this_row, $this_col} .= $td; $opt_d and print " Txt (row=$this_row, col=$this_col): [" . $tmp_txt{$this_row, $this_col} . "]\n"; $this_row = $this_row + 1; if ($this_row > $max_row) { $max_row = $this_row; } if ($this_col > $max_col) { $max_col = $this_col; } } $col_num = $col_num + 1; } } $row_num = $row_num + 1; } if ($max_row && $max_col) { $this_row = 0; while ($this_row < $max_row) { $this_col = 0; while ($this_col <= $max_col) { $table_txt .= $tmp_txt{$this_row, $this_col}; $this_col = $this_col + 1; } $this_row = $this_row + 1; $table_txt .= " "; } $opt_d and print "\n---------------------\nProcessed Table Text:\n---------------------\n" . $table_txt . "\n"; } $table = $next_table; } $table = $table_keep; $table_txt2 = ""; while (length($table) and (length($table) < 4096)) { if ($table =~ /(.*)\/table>(.*)<table(.*)/is) { $table = $1; $next_table = $3; } else { $next_table = ""; } $opt_d and print "\n-----------------------\nUnprocessed Table Text:\n-----------------------\n" . $table . "\n"; $max_row = 0; $max_col = 0; $row_num = 0; while (($row_num < 20) and ($table =~ /<tr(.*?)>(.*?)(<\/{0,1}tr>.*)/si)) { $tr_opts = $1; $tr = $2; $table = $3; if ($tr_opts =~ /valign.*?(top|bottom)/si) { $tr_valign = lc($1); } else { $tr_valign = "none"; } $opt_d and print "\nRow: valign=$tr_valign: " . $tr . "\n\n"; $col_num = 0; while (($col_num < 20) and ($tr =~ /<td(.*?)>(.*?)<\/td>(.*)/si)) { $td_opts = $1; $td = $2; $tr = $3; $td_rowspan = 0; $td_colspan = 0; if ($td_opts =~ /align.*?(left|right)/si) { $td_align = lc($1); } else { $td_align = "none"; } $skip_col = 0; if ($td_opts =~ /rowspan[^0-9]{1,}(3d|)([0-9]{1,})/si) { $td_rowspan = $2; if (!$td_rowspan) { $skip_col = 1; } } if ($td_opts =~ /colspan[^0-9]{1,}(3d|)([0-9]{1,})/si) { $td_colspan = $2; } $this_row = $row_num; $this_col = $col_num; if ($td_rowspan > 0) { $this_row = $this_row + $td_rowspan - 1; } if (($td_colspan > 0) and ($td_align eq "right")) { $this_col = $this_col + $td_colspan - 1; } $opt_d and print "Col (row=$this_row, col=$this_col, align=$td_align, rowspan=$td_rowspan, colspan=$td_colspan): " . $td . "\n"; if (!$skip_col) { if ($td =~ /<br>/si) { while ($td =~ /(.*?)<br>(.*)/si) { while ($tmp_txt2{$this_row, $this_col}) { $this_col = $this_col + 1; } $tmp_txt2{$this_row, $this_col} .= $1; $opt_d and print " Txt (row=$this_row, col=$this_col): [" . $tmp_txt2{$this_row, $this_col} . "]\n"; $td = $2; $this_row = $this_row + 1; if ($this_row > $max_row) { $max_row = $this_row; } if ($this_col > $max_col) { $max_col = $this_col; } } } if (length($td)) { while ($tmp_txt2{$this_row, $this_col}) { $this_col = $this_col + 1; } $tmp_txt2{$this_row, $this_col} .= $td; $opt_d and print " Txt (row=$this_row, col=$this_col): [" . $tmp_txt2{$this_row, $this_col} . "]\n"; $this_row = $this_row + 1; if ($this_row > $max_row) { $max_row = $this_row; } if ($this_col > $max_col) { $max_col = $this_col; } } $col_num = $col_num + 1; } } $row_num = $row_num + 1; } if ($max_row && $max_col) { $this_row = 0; while ($this_row < $max_row) { $this_col = 0; while ($this_col <= $max_col) { $table_txt2 .= $tmp_txt2{$this_row, $this_col}; $this_col = $this_col + 1; } $this_row = $this_row + 1; $table_txt2 .= " "; } $opt_d and print "\n---------------------\nProcessed Table Text:\n---------------------\n" . $table_txt2 . "\n"; $table_txt .= " " . $table_txt2; } $table = $next_table; } } if ($body_text =~ /<font[^>]{1,}style[^>]{1,}float[^>]{0,}>/is) { $tmp_count = 0; while ($body_text =~ /<font[^>]{1,}style[^>]{1,}float[^>]{0,}>.{0,}?<\/font>/is) { $body_text =~ s/<font[^>]{1,}style[^>]{1,}float[^>]{0,}>.{0,}?<\/font>//i; $tmp_count = $tmp_count + 1; } if ($tmp_count) { spam("s02806",0.4 * $tmp_count,"font style float right X $tmp_count"); $tmp_count = 0; } } if ($body_text =~ /<(div|font)[^>]{1,}id=/is) { $div_left = $body_text; $opt_d and print "\n---------------------\nUnprocessed DIV text:\n---------------------\n" . $div_left . "\n"; $max_row = 0; while ($div_left =~ /<(div|font)[^>]{1,}?id=/si) { $tmp = lc($1); if (($tmp eq "font") and (($div_left =~ /<font[^>]{1,}?id=[^>]*?>(.*?)<\/font>(.*)/si) or ($div_left =~ /<font[^>]{1,}?id=[^>]*?>(.*?)/si) )) { $div = $1; $div_left = $2; $opt_d and print "Font: " . $div . "\n"; $row_num = 0; while (($row_num < 20) && ($div =~ /(.*?)<br>(.*)/si)) { $tmp_div_txt{$row_num} .= $1; $div = $2; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } if (length($div)) { $tmp_div_txt{$row_num} .= $div; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } } elsif (($tmp eq "div") and (($div_left =~ /<div[^>]{1,}?id=[^>]*?>(.*?)<\/div>(.*)/si) or ($div_left =~ /<div[^>]{1,}?id=[^>]*?>(.*?)/si) )) { $div = $1; $div_left = $2; $opt_d and print "Div: " . $div . "\n"; $row_num = 0; while (($row_num < 20) && ($div =~ /(.*?)<br>(.*)/si)) { $tmp_div_txt{$row_num} .= $1; $div = $2; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } if (length($div)) { $tmp_div_txt{$row_num} .= $div; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } } elsif ($div_left =~ /<(div|font)[^>]{1,}?id=(.*)/si) { $div_left = $2; } } if ($max_row) { $row_num = 0; $div_txt = ""; while ($row_num < $max_row) { $div_txt .= $tmp_div_txt{$row_num} . " "; $row_num = $row_num + 1; } $div_txt .= " "; } $opt_d and print "\n-------------------\nProcessed DIV text:\n-------------------\n" . $div_txt . "\n"; } if ($body_text =~ /<(div|font)[^>]{1,}style[^>]{1,}float/is) { $div_left = $body_text; $opt_d and print "\n---------------------\nUnprocessed DIV text:\n---------------------\n" . $div_left . "\n"; $max_row = 0; while ($div_left =~ /<(div|font)[^>]{1,}?style[^>]{1,}?float/si) { $tmp = lc($1); if (($tmp eq "font") and (($div_left =~ /<font[^>]{1,}?style[^>]{1,}?float[^>]*?>(.*?)<\/font>(.*)/si) or ($div_left =~ /<font[^>]{1,}?style[^>]{1,}?float[^>]*?>(.*?)/si) )) { $div = $1; $div_left = $2; $opt_d and print "Font: " . $div . "\n"; $row_num = 0; while (($row_num < 20) && ($div =~ /(.*?)<br>(.*)/si)) { $tmp_div_txt{$row_num} .= $1; $div = $2; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } if (length($div)) { $tmp_div_txt{$row_num} .= $div; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } } elsif (($tmp eq "div") and (($div_left =~ /<div[^>]{1,}?style[^>]{1,}?float[^>]*?>(.*?)<\/div>(.*)/si) or ($div_left =~ /<div[^>]{1,}?style[^>]{1,}?float[^>]*?>(.*?)/si) )) { $div = $1; $div_left = $2; $opt_d and print "Div: " . $div . "\n"; $row_num = 0; while (($row_num < 20) && ($div =~ /(.*?)<br>(.*)/si)) { $tmp_div_txt{$row_num} .= $1; $div = $2; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } if (length($div)) { $tmp_div_txt{$row_num} .= $div; $row_num = $row_num + 1; if ($row_num > $max_row) { $max_row = $row_num; } } } elsif ($div_left =~ /<(div|font)[^>]{1,}?style[^>]{1,}?float(.*)/si) { $div_left = $2; } } if ($max_row) { $row_num = 0; $div_txt = ""; while ($row_num < $max_row) { $div_txt .= $tmp_div_txt{$row_num} . " "; $row_num = $row_num + 1; } $div_txt .= " "; } $opt_d and print "\n-------------------\nProcessed DIV text:\n-------------------\n" . $div_txt . "\n"; } if ($hdr_type == 2) { $body_has_html = 1; if (!$body_has_text_after_closing_html && $body_raw_text =~ /<\/html>(.*>){0,1}([^>^<]*)$/i && $2 =~ /[0-9A-Za-z]/) { $body_has_text_after_closing_html = 1; } if (length($table_txt)) { $body_text .= " " . $table_txt; $table_txt = ""; } if (length($div_txt)) { $body_text .= " " . $div_txt; $div_txt = ""; } $body_text =~ s/\&\#([0-9]{2,3})\;/chr $1/eg; $body_text =~ s/<\\{0,1}(br|td)>/ /gi; $body_length_with_img = length($body_text); while ($body_text =~ /<img ([^>]*)>/i) { $body_text =~ s/(.*)<img ([^>]*)>(.*)/$1$3/gi; $body_stripped_text .= $2; } $body_length_without_img = length($body_text); if (($body_length_with_img > 100) && ($body_length_without_img <= $body_length_with_img / 2)) { spam("s02174",(int (($body_length_with_img / $body_length_without_img) * 100)) / 100, "HTML message with lots of img tags"); } while ($body_text =~ /<\!--([^>]*)-->/) { $body_text =~ s/(.*)<\!--([^>]*)-->(.*)/$1$3/g; $body_stripped_text .= $2; } if ($body_text =~ /(\<td[^\>]{0,}rowspan)[^\>]{0,}\>((\<[^\>]{0,}\>){0,}?(\&.{1,8}\;){0,}?[a-z0-9]{1,4}(\&.{1,8}\;){0,}?(\<\/[^\>]{0,}\>){0,}?){1,}?\<\/td[^\>]{0,}\>/i) { $rowspan_count = 0; $temp_text = $body_text; while ($temp_text =~ /(\<td[^\>]{0,}rowspan)[^\>]{0,}\>((\<[^\>]{0,}\>){0,}?(\&.{1,8}\;){0,}?[a-z0-9]{1,4}(\&.{1,8}\;){0,}?(\<\/[^\>]{0,}\>){0,}?){1,}?\<\/td[^\>]{0,}\>/i) { $find_str = $1; $position = index($temp_text, $find_str, 0); $rowspan_count++; last if ($position == -1); $temp_text = substr($temp_text, $position + 10); } spam("s02425",0.8 * $rowspan_count, "HTML message appears to use rowspan to obscure text"); } if ($body_text =~ /\<span[^\>]{0,}?display[^\>]{0,}?none[^\>]{0,}?\>.*?\<\/span[^\>]{0,}?\>/i) { $span_count = 0; while ($body_text =~ /\<span[^\>]{0,}?display[^\>]{0,}?none[^\>]{0,}?\>.*?\<\/span[^\>]{0,}?\>/i) { $find_str = $&; $position = index($body_text, $find_str, 0); $span_count++; last if ($position == -1); $body_text = substr($body_text, 0, $position) . substr($body_text, $position + length($find_str)); $find_str =~ s/\<\/{0,1}span[^\>]{0,}?\>//ig; $body_stripped_text .= $find_str; } spam("s02610",0.4 * $span_count, "HTML message appears to use span with hidden display attribute to obscure text"); } while ($body_text =~ /<([^>]*)>/) { $body_text =~ s/(.*)<([^>]*)>(.*)/$1$3/g; $body_stripped_text .= $2; } $body_text =~ s/&([^\;]{1,8})\;/ /g; if (($body_length_with_img > 100) && ($body_length_without_img <= $body_length_with_img / 2) && (length($body_text) <= $body_length_with_img / 10) ) { spam("s02175",1.0, "HTML message with lots of img tags and very little text"); } } elsif (!$body_has_html) { if (!$body_html_formatted && $body_raw_text =~ /^\s{0,}(<!doc[^>]+>){0,1}\s{0,}<html.*<\/html>\s{0,}$/is) { spam("s01382",2.4, "Non-HTML message part appears to be HTML formatted"); $body_html_formatted = 1; $body_text =~ s/\&\#([0-9]{2,3})\;/chr $1/eg; $body_text =~ s/<\\{0,1}(br|td)>/ /gi; while ($body_text =~ /<([^>]*)>/) { $body_text =~ s/([^<]*)<([^>]*)>(.*)/$1$3/g; $body_stripped_text .= $2; } $body_text =~ s/&([^\;]{1,8})\;/ /g; } elsif (!$body_html_formatted && $body_raw_text =~ /\<(\/{0,1}font|\/{0,1}div|br)\>/is) { spam("s0248",0.8, "HTML tags in Non-HTML message part: " . $&); $body_html_formatted = 1; $body_text =~ s/\&\#([0-9]{2,3})\;/chr $1/eg; $body_text =~ s/<\\{0,1}(br|td)>/ /gi; while ($body_text =~ /<([^>]*)>/) { $body_text =~ s/([^<]*)<([^>]*)>(.*)/$1$3/g; $body_stripped_text .= $2; } $body_text =~ s/&([^\;]{1,8})\;/ /g; } if ($body_raw_text =~ /<img\s/is) { if (!$body_img_in_non_html) { spam("s01383",1.2, "Image tag in a non-HTML message part"); $body_img_in_non_html = 1; } if (!$body_html_only) { $temp_text = $body_raw_text; $temp_text =~ s/<title>.*<\/title>//gis; while ($temp_text =~ /<([^>]*)>/) { $temp_text =~ s/([^<]*)<([^>]*)>(.*)/$1$3/g; } $temp_text =~ s/[\s\r\n\t]*//g; if (!length($temp_text)) { spam("s01384",4.0, "Non-HTML message part appears to be HTML only"); $body_html_only = 1; } } } if ($body_text =~ /(\%[A-Z][A-Z0-9\-\_\.\?]{1,} ){1,}/) { spam("s02737",(int ((length($&) / 25) * 100)) / 100,"Looks like unexpanded auto-spam tags: " . $&); } } } $body_test_text .= $body_text; $body_full_len += $body_len; if (!$hdr_in_hdr) { if (($hdr_type > 0) && ($hdr_type < 4)) { $body_text =~ s/[\r\n\-\s ]//g; if (!length($body_text)) { $body_has_empty_text_part = 1; } } } $body_len = 0; $body_text = ""; if ($body_full_len >= $body_max_len) { body_analyze(); } } sub body_add_text { my $txt = shift(@_); $body_text .= $txt; $body_len += length($txt); if (!$time_exceeded) { body_line_tests($txt); } if ($body_len >= $body_max_len) { body_process_text(); } } sub attach_process_text { $attach_test_text = lc($attach_test_text); $attach_test_text =~ s/[\r\n]//g; if (!length($attach_test_text)) { spam("s01743",2.0,"Empty attachment: " . $attach_filename); if (length($attach_extension) and $attach_extension =~ /(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|$exe_file_types)/) { spam("s01934",2.0, "." . $attach_extension . " attachment is empty: " . $attach_filename); } } else { attach_tests(); } $attach_len = 0; $attach_filename = ""; $attach_test_text = ""; } sub attach_add_text { my $txt = shift(@_); if ($attach_len < $attach_max_len) { $attach_test_text .= $txt; $attach_len += length($txt); if ($attach_len > $attach_max_len) { $attach_test_text = substr($attach_test_text, 0, $attach_max_len); $attach_len = length($attach_test_text); } if ($attach_len >= $body_max_len) { attach_process_text(); } } } sub list_name_test { my $name = shift(@_); if (length($name) && ($list =~ /\n$name\n/i)) { spam("s01388",$list_score, $list_desc . $name); return 1; } if ($name =~ /(.*?)[\s\-\_](.*)/) { while (length($name)) { if ($name =~ /(.*?)[\s\-\_](.*)/) { $tmpname = $1; $name = $2; if (length($tmpname) && ($list =~ /\n$tmpname\n/i)) { spam("s01389",$list_score, $list_desc . $tmpname); return 1; } } else { if (length($name) && ($list =~ /\n$name\n/i)) { spam("s01390",$list_score, $list_desc . $name); return 1; } else { return 0; } } } } return 0; } sub list_addr_test { my $addr = shift(@_); $addr =~ s/\./\\\./g; $addr =~ s/\*/\\\*/g; $addr =~ s/\?/\\\?/g; $addr =~ s/\(/\\\(/g; $addr =~ s/\)/\\\)/g; $addr =~ s/\[/\\\[/g; $addr =~ s/\]/\\\]/g; # # Check for an exact match # if (length($addr) && ($list =~ /\n$addr\n/i)) { spam("s01385",$list_score, $list_desc . $addr); $list_match = $addr; return 1; } # # Check for an exact match on the username only # if ($addr =~ /(.*?)\@/) { $tmpaddr = $1; if (list_name_test($tmpaddr)) { return 1; } # if (length($tmpaddr) && ($list =~ /\n$tmpaddr\n/i)) # { spam("s01386",$list_score, $list_desc . $tmpaddr); return 1; } } # # Check each token in the address # while (length($addr)) { if ($addr =~ /(.*?)([\.\@])(.*)/) { $user = $1; $sep = $2; $addr = $3; # # Check for an entry of the form *[@.]<addr> # if (length($addr) && ($list =~ /\n\*[\.\@]{0,1}$addr\n/i)) { spam("s01387",$list_score, $list_desc . $addr); $list_match = $addr; return 1; } if (length($addr) && length($user)) { $tmp = $user; # # Check for an entry of the form <partialname>*[@.]<addr> # while (length($user)) { if (length($addr) && ($list =~ /\n$user\*[\.\@]{0,1}$addr\n/i)) { spam("s01724",$list_score, $list_desc . $user . "\*\@" . $addr); $list_match = $user . "\*\@" . $addr; return 1; } chop($user); } $user = $tmp; # # Check for an entry of the form *<partialname>[@.]<addr> # while (length($user)) { if (length($addr) && ($list =~ /\n\*$user[\.\@]{0,1}$addr\n/i)) { spam("s01725",$list_score, $list_desc . "\*" . $user . "\@" . $addr); $list_match = $user . "\*\@" . $addr; return 1; } $user = substr($user, 1); } } } else { return 0; } } return 0; } sub list_test { local $_ = shift(@_); my $name; my $addr; while (length($_)) { if (/([^\"]*){0,1}\"([^\"]{1,})\"(\s*){0,1}<([^>]{1,})>(.*){0,1}/) { $name = $2; $addr = $4; $_ = $1 . $5; list_name_test($name); list_addr_test($addr); } elsif (/([^\<]*){0,1}<([^>]{1,})>(.*){0,1}/) { $addr = $2; $_ = $1 . $3; list_addr_test($addr); } elsif (/([^,^;^ ]*)[,; ]{1,}(.*){0,1}/) { $addr = $1; $_ = $2; list_addr_test($addr); } else { $addr = $_; $_ = ""; list_addr_test($addr); } } return 0; } sub hdr_analyze { if ($hdr_type == 0) { $hdr_type = 5; $hdr_type_list .= "text/none/"; } if ($hdr_enc == 0) { $hdr_type_list .= "unenc/"; } $hdr_type_list .= ","; if ($hdr_in_mainhdr) { if ($hdr_enc == 2) { spam("s01411",2.0,"Base64 encoded body"); } $hdr_subject = trim_ends($hdr_subject); $hdr_smtp_from = lc(trim_ends($hdr_smtp_from)); $hdr_from = lc(trim_ends($hdr_from)); $hdr_raw_from = trim_ends($hdr_raw_from); $hdr_all_to = lc(trim_ends($hdr_all_to)); $hdr_to = lc(trim_ends($hdr_to)); $hdr_to_user = lc(trim_ends($hdr_to_user)); $hdr_cc = lc(trim_ends($hdr_cc)); $hdr_date = lc(trim_ends($hdr_date)); $hdr_recv = lc(trim_ends($hdr_recv)); $hdr_x = lc(trim_ends($hdr_x)); $opt_d and $opt_m and !$opt_q and print $hdr_main . "\n"; $hdr_from = addr_sanitize($hdr_from); $hdr_to = addr_sanitize($hdr_to); $hdr_to_user = addr_sanitize($hdr_to_user); $hdr_all_to = addr_sanitize($hdr_all_to); # # Main header tests # hdr_main_tests(); # # Don't do the whitelist or beigelist tests if the "From:" appears to be forged, # or a returned mail is being returned to somebody we don't know. # If we could validate all the domains that appear in the white/beige lists # in hdr_main_tests(), we would have a very effective block against spammers # who try to use forged addresses that they suspect are in our whitelists. # if (!$forged_from && !$hdr_recv_unknown && !$not_to_us) { # # Whitelist tests # $list = $whitelist; $list_score = $spam_score_whitelist; $list_desc = "whitelist: "; !$whitelist_bypass and $whitelist_bypass = list_test($hdr_from); $opt_d and $whitelist_bypass = 0; !$whitelist_bypass and $whitelist_bypass = list_test($hdr_all_to); $opt_d and $whitelist_bypass = 0; if (!$spam_whitelist_bypass || !$whitelist_bypass) { # # Beigelist tests # $list = $beigelist; $list_score = $spam_score_beigelist; $list_desc = "beigelist: "; list_test($hdr_from) or list_test($hdr_all_to); } } if (!$spam_whitelist_bypass || !$whitelist_bypass) { $opt_d and $opt_m && print "\n---------------------------------------------------------------\n" . "Blacklist/Darklist checking:\nFrom: $hdr_from\nTo/CC: $hdr_all_to" . "\n---------------------------------------------------------------\n"; # # Blacklist tests # $list = $blacklist; $list_score = $spam_score_blacklist; $list_desc = "blacklist: "; list_test($hdr_from) or list_test($hdr_all_to); # # Darklist tests # $list = $darklist; $list_score = $spam_score_darklist; $list_desc = "darklist: "; if (!list_test($hdr_from)) { if (list_test($hdr_all_to)) { $list_match =~ s/\\//g; if (length($mail_domain) && ($list_match =~ /$mail_domain/i)) { spam("s03311",1.0, "To address in darklist, (" . $list_match . "), contains mail domain " . $mail_domain); } } } # # Graylist tests # $list = $graylist; $list_score = $spam_score_graylist; $list_desc = "graylist: "; list_test($hdr_from) or list_test($hdr_all_to); } } else { $opt_d and $opt_m and !$opt_q and print $hdr_part . "\n"; # # Header tests for MIME headers # if (!$stop_on_spam || ($spam_score < $spam_threshold)) { hdr_part_tests(); } } $opt_d and $opt_m and !$opt_q and print "\n---------------------------------------------------\n" . "type = " . $hdr_type . ", enc = " . $hdr_enc . "\n---------------------------------------------------\n"; } sub hdr_parse { local $_ = $hdr_last; $max_header_line_len = 1024; if ($hdr_last =~ /^Received:/i) { $max_header_line_len = 2048; } if (length($hdr_last) > $max_header_line_len) { $_ = substr($hdr_last,0,$max_header_line_len); if ($hdr_last =~ /^(To|Cc|Bcc|From|Received):.*?\@$mail_domain/i && ! /\@$mail_domain/i) { $_ .= "\@$mail_domain"; } spam("s02745",0.4, "Mail Header exceeds $max_header_line_len Characters: " . substr($hdr_last,0,20) . "..."); } if ($hdr_len >= $body_max_len) { return; } if ($hdr_in_mainhdr) { $hdr_main .= lc($_); if (!/^Subject:(.*)/i) { $hdr_main_text .= lc($_); } } else { $hdr_part .= lc($_); $hdr_len += length($hdr_last); } $hdr_len += length($hdr_last); if ($hdr_len >= $body_max_len) { spam("s01391",$spam_score_headers_too_long, "Headers too long"); } s/[\r\n]//g; if ($hdr_in_mainhdr) { if (/^Subject:(.*)/i) { $hdr_no_subject = 0; $tmp = $1; $hdr_subject .= $tmp; # # All body tests are done on the subject line # This means spam that appears in both the subject and text # counts double, which seems like a reasonable way to go. # body_add_text($tmp); if ($body_len) { body_process_text(); if ($body_full_len) { body_analyze(); } $body_has_text = 0; $body_has_rawtext = 0; } } elsif (/^Received:(.*)/i) { $tmp = $1; $hdr_recv .= " " . $tmp; $opt_d and $opt_m and print "\n--------------------------------------------------------\n" . "Received: " . $hdr_recv . "\n--------------------------------------------------------\n"; if (!$hdr_have_first_recv_from && $tmp =~ /from (.*?) \((.*?) by (.*?) with smtp/i) { if (length($smtp_server) && $tmp =~ /from (.*?) \(([^\)]{1,})\)( \([^\)]{1,}\)){0,1}(.*?) by $smtp_server with smtp/i) { $hdr_recv_from_full = lc(trim_ends($tmp)); $hdr_recv_from = lc(trim_ends($1)); $hdr_recv_ip = lc(trim_ends($2)); $tmp_ip = $3; if ($hdr_recv_ip =~ /^(helo|ehlo)/) { $hdr_recv_ip = lc(trim_ends($tmp_ip)); $hdr_recv_ip =~ s/[\(\)]//g; } $hdr_have_recv_from = 1; if ($hdr_recv_from_full =~ /helo\s{0,}(.*?)\)/) { $hdr_helo = $1; } } elsif (length($smtp_server_internal)) { $hdr_recv_from_full = lc(trim_ends($tmp)); if ($tmp =~ /from (.*?) \((.*?) by (.*?) with smtp/i) { $tmp = $3; if (length($tmp) && $tmp =~ /$smtp_server_internal/i) { $hdr_recv_from = lc(trim_ends($&)); $hdr_have_recv_from = 1; $hdr_recv_from_internal = 1; spam("s01637", $spam_score_internal, "Internal mail: Received by: " . $hdr_recv_from); } } } $hdr_have_first_recv_from = 1; } } elsif (/^Return-Path:(.*)/i) { $hdr_return_path .= $1; } elsif (/^From:(.*)/i) { $hdr_no_from = 0; $hdr_raw_from .= $1; $hdr_from .= $hdr_raw_from; } elsif (/^From (.*)/i) { $hdr_smtp_from .= $1; } elsif (/^To:(.*)/i) { $hdr_no_to = 0; $tmp = " " . $1; if (length($hdr_all_to) <= $max_header_line_len) { if (length($hdr_all_to) + length($tmp) > $max_header_line_len) { spam("s02745",0.4, "Mail Header exceeds $max_header_line_len Characters: " . substr($hdr_all_to,0,20) . "..."); } $hdr_to .= $tmp; $hdr_all_to .= $tmp; } else { if (length($mail_domain) && ($tmp =~ /\@$mail_domain/i) && ($hdr_all_to !~ /\@$mail_domain/i)) { $hdr_to .= $tmp; $hdr_all_to .= $tmp; } } $returned_mail_to = $_; if (length($hdr_to_user) == 0) { if ($tmp =~ /\<(.*?)\@/) { $hdr_to_user = $1; } elsif ($tmp =~ / (.*?)\@/) { $hdr_to_user = $1; } } } elsif (/^Cc:(.*)/i) { $hdr_no_to = 0; $tmp = $1; if (length($hdr_all_to) <= $max_header_line_len) { if (length($hdr_all_to) + length($tmp) > $max_header_line_len) { spam("s02745",0.4, "Mail Header exceeds $max_header_line_len Characters: " . substr($hdr_all_to,0,20) . "..."); } $hdr_cc .= $tmp; $hdr_all_to .= $tmp; } else { if (length($mail_domain) && ($tmp =~ /\@$mail_domain/i) && ($hdr_all_to !~ /\@$mail_domain/i)) { $hdr_cc .= $tmp; $hdr_all_to .= $tmp; } } } elsif (/^Bcc:(.*)/i) { $hdr_no_to = 0; $tmp = $1; if (length($hdr_all_to) <= $max_header_line_len) { if (length($hdr_all_to) + length($tmp) > $max_header_line_len) { spam("s02745",0.4, "Mail Header exceeds $max_header_line_len Characters: " . substr($hdr_all_to,0,20) . "..."); } $hdr_cc .= $tmp; $hdr_all_to .= $tmp; } else { if (length($mail_domain) && ($tmp =~ /\@$mail_domain/i) && ($hdr_all_to !~ /\@$mail_domain/i)) { $hdr_cc .= $tmp; $hdr_all_to .= $tmp; } } } elsif (/^X-(.*)/i) { length($hdr_x) and $hdr_x .= " "; $hdr_x .= $_; } elsif (/^Date:(.*)/i) { $hdr_no_date = 0; $hdr_date .= $1; } } if (/^Content-Type\:(.*)/i) { $tmp = $1; $hdr_cont_type .= $tmp; $tmp = trim_ends(lc($tmp)); if ($tmp =~ /name[\s\t ]{0,}?=[\s\"\']{0,}(.*\.)([a-z0-9]{3,}|uu)/) { $attach_extension = $2; $attach_extension_list .= "." . $attach_extension; $attach_filename = $1 . $attach_extension; if ($tmp =~ /name\s{0,}?=.{0,}\.(txt|text|zip|t{0,1}gz|rar|bhx|hqx|uue{0,1}|doc|jpg|jpeg|htm|html|gif|jpg|rtf)(\s{0,}\.)($exe_file_types)/) { spam("s01742",3.0, "Suspicious attachment extension: \." . $1 .$2 .$3); } $opt_d and $opt_m and print "\n--------------------------------------------------------\n" . "Filename: " . $attach_filename . " Extension: " . $attach_extension . "\n--------------------------------------------------------\n"; } else { $attach_extension = ""; } if (($attach_extension !~ /(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|$exe_file_types)/) && ($tmp =~ /application/i)) { if ($tmp =~ /zip-compressed/i) { $attach_extension = "zip"; } else { $attach_extension = "exe"; } } if ($hdr_type != 0) { $hdr_type_err++; } if ($tmp !~ /^[a-z]/) { $opt_d and $opt_m and print "\n----------------------------\n" . "Bad Content-Type: " . $tmp . "\n----------------------------\n"; $hdr_type_err++; $hdr_type = 5; $hdr_type_list .= "text/bad/"; } elsif (/multipart\//i) { $hdr_type = 6; $hdr_type_list .= "multi/unknown"; if (/boundary\s{0,}?=\s{0,}?\"([^\"]*)\"/i) { $hdr_tmp_boundary = $1; $hdr_have_boundary = 1; } elsif (/boundary\s{0,}?=\s{0,}?(.*)/i) { $hdr_tmp_boundary = $1; $hdr_have_boundary = 1; } $hdr_tmp_boundary =~ s/([^A-Z^a-z^0-9^ ])/\\$1/g; if (!length($hdr_boundary)) { $hdr_boundary = "(" . $hdr_tmp_boundary . ")"; } else { chop($hdr_boundary); $hdr_boundary .= "|" . $hdr_tmp_boundary . ")"; } $opt_d and $opt_m and print "\n---------------------------------------------------------------\n" . "Boundary: " . $hdr_boundary . "\n---------------------------------------------------------------\n"; } elsif (/(application|audio|video)\//i) { $hdr_type = 7; $hdr_type_list .= "app/unknown/"; if (/zip-compressed/i) { if (!length($attach_filename)) { $attach_filename = "body.zip"; $attach_extension = "zip"; $attach_extension_list .= "." . $attach_extension; } } $body_has_possible_attachment = 1; } elsif (/image\/([a-z]{0,4})/i) { $hdr_type = 7; $hdr_type_list .= "image/$1/"; $body_has_possible_attachment = 1; } elsif (/message\/rfc822/i) { $hdr_type = 4; $hdr_type_list .= "msg/rfc822/"; $body_has_possible_attachment = 1; $returned_mail = 1; } elsif (/text\/plain/i) { $hdr_type = 1; $hdr_type_list .= "text/plain/"; } elsif (/text\/html/i) { $hdr_type = 2; $hdr_type_list .= "text/html/"; } elsif (/text\/xml/i) { $hdr_type = 3; $hdr_type_list .= "text/xml/"; } elsif (/text\/rfc822/i) { $hdr_type = 3; $hdr_type_list .= "text/rfc822/"; $returned_mail = 1; } elsif (/text\/x-vcard/i) { $hdr_type = 7; $hdr_type_list .= "text/vcard/"; } elsif (/message\//i) { $hdr_type = 4; $hdr_type_list .= "msg/unknown/"; $body_has_possible_attachment = 1; } elsif (/text[\/\;\.]/i) { $hdr_type = 3; $hdr_type_list .= "text/unknown/"; } else { $hdr_type = 5; $hdr_type_list .= "other/unknown/"; $opt_d and $opt_m and print "\n-------------------------------------------------------\n" . "Bad Content-Type: " . $_ . "\n-------------------------------------------------------\n"; $body_has_possible_attachment = 1; } if ($tmp =~ /charset=(.*)/i) { $hdr_charset = $1; $hdr_charset = lc(trim_ends($hdr_charset)); $hdr_charset =~ s/[^a-z0-9]//g; $hdr_charset =~ s/^3d//gs; $hdr_charset =~ s/:.*$//gs; $hdr_charset =~ s/[\r\n]//gs; if (!length($hdr_charset)) { if (!$hdr_has_empty_charset) { $hdr_has_empty_charset = 1; spam("s01392",1.0, "Emtpy charset in header"); } } } else { $hdr_charset = ""; } } elsif (/^Content-Transfer-Encoding\:(.*)/i) { $hdr_cont_enc .= $1; if ($hdr_enc != 0) { $hdr_enc_err++; } if (/quoted-printable/i) { $hdr_type_list .= "qp/"; $hdr_enc = 1; } if (/base64/i) { $hdr_type_list .= "base64/"; $hdr_enc = 2; } } elsif (/^Content-Disposition\:(.*)/i) { $tmp = $1; $hdr_cont_disp .= $tmp; $tmp = trim_ends(lc($tmp)); if ($tmp =~ /name\s{0,}?=[\s\"\']{0,}(.{0,}\.)([a-z0-9]{3,})/) { $attach_extension = $2; $attach_extension_list .= "." . $attach_extension; $attach_filename = $1 . $attach_extension; $opt_d and $opt_m and print "\n--------------------------------------------------------\n" . "Filename: " . $attach_filename . " Extension: " . $attach_extension . "\n--------------------------------------------------------\n"; if ($attach_extension =~ /(zip|rar|t{0,1}gz|bhx|hqx|uue{0,1}|$exe_file_types)/) { $hdr_type = 7; $hdr_type_list .= "app/unknown/"; $body_has_possible_attachment = 1; } } # else # { # $attach_extension = ""; # } } } sub hdr_reset { $hdr_type = 0; $hdr_enc = 0; $hdr_in_mainhdr = 0; $hdr_last = ""; $hdr_part = ""; } # # Include syslog style logging # use Sys::Syslog qw(:DEFAULT setlogsock); # # Command line processor # use Getopt::Std; use MIME::QuotedPrint; use MIME::Base64; use IO::File; use File::Temp qw/ tempfile tempdir /; # # Handle the command line... # my %resphash = ( EX_OK => 0, # no problems EX_USAGE => 64, # command line usage error ); sub usage { warn <<EOUSAGE; Usage: qmail-localfilter.pl [options] Options: -h Displays this help text -n No syslog -s facility Specify the syslog facility (default: mail) -d Debug mode -f Full check, even if stop_on_spam is set -m In debug mode, display mail headers -q (Quiet mode), In debug mode, display result only, (ignore -m -t -r) -r In debug mode, display raw text -t In debug mode, display processed text -u user In debug mode, override the user to use for the mail to EOUSAGE exit $resphash{EX_USAGE}; } use vars qw{ $opt_d $opt_f $opt_h $opt_m $opt_n $opt_q $opt_r $opt_s $opt_t $opt_u }; getopts('dfhmnqrs:tu:') or usage(); $opt_h and usage(); $mail_to = ""; $opt_d and $opt_u and $mail_to = $opt_u; $returned_mail = 0; $returned_mail_recv_from = 0; $returned_mail_from = 0; $returned_mail_to = ""; $the_following_message = 0; # # The following is a specialized test that is done line-by-line. It is only effective # if $mail_domain and $localmailuserlist are defined. # # This test checks for typical "returned mail" subject lines and content. If it finds # a returned mail, it then looks through for a line of the form: # "From: somebody@$mail_domain". If it finds one, it checks "somebody" against # $localmailuserlist, and flags the mail as returned mail but from an unknown user, if # "somebody" is not in the list. If also checks for a line of the form: # "Received: from ..." following the returned mail text. The assumption is that this # will be part of the original headers. It uses the "Received from" to check that # the mail was originally sent from $smtp_server or $smtp_server_ip. If not, then this # is probably a bounce resulting from an address that was forged. # # This helps block bounces from servers that are not equipped to ignore forged "From:" # addresses. The first test is of no use if the forged address is a legitimate local # address at your domain, and the second will only work if the bounce includes the # original headers. # sub returned_mail_check { if (!$returned_mail) { if (!$the_following_message) { if (/(the |your |following )(message|mail)/i) { $the_following_message = 1; } } if (( /^Subject:/i && /(((virus|alert( from|to |)|interscan( nt| mss|)|(potentially |)(unsafe|harmful)|suppression|attachment|violation|content|esafe|(remov|block|disallow|detect|quarantin)ed( due| because|)( of| to|)( a|)).{0,10}){2}|Mail.{0,3}?delivery.{0,3}?(fail(ed|ure)|problem|system)|returned.{0,50}virus|((delivery|report|failure).{0,3}){3}|mail bloqueado|Returned mail|failure notice|Delivery (notification|fail(ure|ed))|mail revenu en erreur|(un|non).{0,1}deliver(ed|able)|re(turned|port) to sender|(Executable|Attachment|File).{0,4}(Stripp|Remov|Quarantin|Block)ed|could not (send|deliver) message|virus (was |has been |)(detect|found)|mail transaction failed| scan report|user unknown|unknown user|m(essage|ail).{0,50}delayed.{0,10}hours|^Subject: NDN: |virus in verschickter|m(essage|ail).{0,50}([wh]as |)(been |)(block|reject)ed|Subject: MMS.{0,4}notification|possible virus infection|please resubmit to|deleted by a security rule|devuelto por virus|unavailable|aviso.{0,50}rejeitado|detected|majordomo.{0,3}results|(mail |network |delivery ){1,}(status |)(report|notification)|error sending message)/i ) or /(auto(mat(ed|ic)){0,1}.{0,1}(e{0,1}.{0,1}mail ){0,1}(re(spon(se|d[oe]r)|ply)|notif(y|ication))|(away from|out of) (the|my) (desk|office))/i or /(below this line is a copy|bo(î|=EE)te n\'existe)/i or /^.{0,10}headers from (your |the |)(original |)message.{0,30}$/i or ($the_following_message and /((was sent with |had )the following (envelope|headers)|[hw]as (been |)(block|reject)ed|could not be delivered)/i) or /mail (transaction|delivery) fail(ed|ure)/i or /infecteerd met een virus/i or /delivery failed for the following recipient/i or /your (spam |mail |message ){1,}(has been (forwarded|rejected|blocked)|was not (accepted|delivered))/i or /-- .{0,50}MAIL HEADERS.{0,50} --/i or /(block|reject)ed (because|as|due) (it|to).{0,50}(virus|breaches.{0,20}co(mpany|rporate) polic(y|ies))/i ) { $opt_d and print "\n---------------------------------------------------\n" . "Returned Mail: " . $& . "\n" . $_ . "---------------------------------------------------\n"; $returned_mail = 1; } } else { if (length($returned_mail_to) && length($mail_domain)) { if ($returned_mail_to =~ /To:.*?([a-z0-9\_\.\-]{1,})\@$mail_domain/i) { $returned_to = $1; $localmailuserlist =~ s/\n/\|/g; $localmailuserlist =~ s/\r//g; $localmailuserlist =~ s/^\|//; $localmailuserlist =~ s/\|$//; if ($returned_to !~ /($localmailuserlist)$/si && $localmailuserlist =~ /[a-z0-9]/si) { spam("s01499",5.0,"Returned mail, but not to anyone we know: " . $returned_to . "\@$mail_domain"); $returned_mail = 0; $not_to_us = 1; } } elsif ($returned_mail_to =~ /To:.*?([a-z0-9\_\.\-]{1,})\@([a-z0-9\_\.\-]{0,})/) { $returned_to = $1 . "\@" . $2; spam("s01494",5.5,"Returned mail, but not to anyone we know: " . $returned_to); $not_to_us = 1; } $returned_mail_to = ""; } if (!($returned_mail_from) && /From:.*?([a-z0-9\_\.\-]{1,})\@$mail_domain/ && length($mail_domain)) { $returned_from = $1; $localmailuserlist =~ s/\n/\|/g; $localmailuserlist =~ s/\r//g; $localmailuserlist =~ s/^\|//; $localmailuserlist =~ s/\|$//; if ($returned_from !~ /($localmailuserlist)$/si && $localmailuserlist =~ /[a-z0-9]/si) { spam("s01499",5.0,"Returned mail, but not from anyone we know: " . $returned_from . "\@$mail_domain"); $returned_mail = 0; } $returned_mail_from = 1; } if (!($returned_mail_recv_from) && /Received: from (.*)/) { $tmp = $1; $opt_d and print "\n---------------------------------------------------\n" . "Received: from: \n" . $tmp . "\n---------------------------------------------------\n"; if (length($smtp_server_ip) && $tmp !~ /$smtp_server_ip/i) { spam("s01499",5.0,"Returned mail, but not received from us: " . $tmp); $returned_mail = 0; } $returned_mail_recv_from = 1; } if (/not (to |)(allow|permit|accept) .{0,50}\.($exe_file_types) (file|attachment|extension)s{0,1}/i) { spam("s01706",4.5,"Returned mail: " . $&); } if (/(file|message|mail).{0,20}?(reject|block|deni|infect|quarantin|remov|delet)ed.{0,50}\.($exe_file_types)/i) { spam("s01839",4.5,"Returned mail: " . $&); } if (/no action is required on your part/i) { spam("s01733",5.0,"Returned mail: " . $&); } if (/no message body/i) { spam("s01865",5.0,"Returned mail: " . $&); } } } sub do_main_loop { $reply_str = ""; while(<>) { $save_spam_fh and print $save_spam_fh $_; if ($opt_print_mail) { $line = $_; if ($neuter_bad_tags) { # # "Neuter" certain tags. 99.9% of the time they are virus related. # $line =~ s/<object/<spamob/iog; $line =~ s/<iframe/<spamif/iog; $line =~ s/<t:video/<spamt:v/iog; $line =~ s/<t:audio/<spamt:a/iog; } if ($neuter_img_tags) { # # "Neuter" the src portion of image tags # so that no external images are loaded. # $line =~ s/src=(.{0,3})http.{0,1}:\/\//src=$1spam/ig; } print $line; } returned_mail_check(); if (!$hdr_in_hdr && /^(>\s{0,}){0,}Content-Type\:/i) { $reply_str = $1; $opt_d and $opt_m and print "\n---------------------------------------------------------------\n" . "Found Content-Type in non-header section: " . $_ . "Reply string: " . $reply_str . "\n---------------------------------------------------------------\n"; if ($body_len) { body_process_text(); if ($stop_on_spam && ($spam_score >= $spam_threshold)) { return; } } if ($attach_len && length($attach_filename)) { attach_process_text(); if ($stop_on_spam && ($spam_score >= $spam_threshold)) { return; } } hdr_reset(); $hdr_in_hdr = 1; } if (length($reply_str)) { s/^$reply_str//; } if ($hdr_in_hdr && /(^\r\n$|^\n$)/) { if (length($hdr_last)) { hdr_parse(); hdr_analyze(); $attach_linecount = 0; if ($hdr_type != 8) { $hdr_in_hdr = 0; } $hdr_last = ""; if ($stop_on_spam && ($spam_score >= $spam_threshold)) { return; } } else { $attach_linecount = 0; if ($hdr_type != 8) { $hdr_in_hdr = 0; } } } if ($hdr_in_hdr && (!/(^\r\n$|^\n$)/ || ($hdr_type != 8))) { if (/^[ \t]/) { $hdr_last =~ s/[\r\n]//g; $hdr_last .= $_; } else { hdr_parse(); $hdr_last = $_; } } else { if ($hdr_have_boundary && /^--$hdr_boundary/) { $opt_d and $opt_m and print "\n---------------------------------------------------------------\n" . "Found boundary: (body len=" . $body_len . ", attach_len=" . $attach_len . ") " . $_ . "---------------------------------------------------------------\n"; if ($body_len) { body_process_text(); if ($stop_on_spam && ($spam_score >= $spam_threshold)) { return; } } if ($attach_len && length($attach_filename)) { attach_process_text(); if ($stop_on_spam && ($spam_score >= $spam_threshold)) { return; } } hdr_reset(); $hdr_in_hdr = 1; $hdr_found_boundary = 1; } else { if ((($hdr_type > 0) && ($hdr_type < 6)) || (($hdr_type == 6) && $hdr_have_boundary && !$hdr_found_boundary && !/^This is a (multi-{0,1}part ){0,1}(MIME([ -]{0,1}((enc(od|apsulat)|formatt)ed)){0,1} message|message in MIME format)\.{0,3}$/i)) { if ($hdr_enc == 0) { body_add_text($_); } elsif ($hdr_enc == 1) { if (!$body_has_lots_of_qp && /(\=[A-Z0-9]{2}[^\=]{0,1}){6}/) { $body_has_lots_of_qp = spam("s01393",2.2,"Lots of QP encoded text: " . $&); } body_add_text(MIME::QuotedPrint::decode($_)); } elsif ($hdr_enc == 2) { body_add_text(MIME::Base64::decode_base64($_)); } } else { if (($attach_linecount < $attach_lines_to_check) || ($attach_extension =~ /^te{0,1}xt/)) { $attach_linecount++; if ($hdr_enc == 0) { $attach_line = $_; } elsif ($hdr_enc == 1) { $attach_line = MIME::QuotedPrint::decode($_); } elsif ($hdr_enc == 2) { $attach_line = MIME::Base64::decode_base64($_); } if ((($attach_line =~ /<\!DOCTYPE\s{1,}(HT|X)ML/i) or ($attach_line =~ /<(HT|X)ML/i)) and ($attach_extension !~ /($exe_file_types)/)) { spam("s01736",2.5,"HTML in non-HTML attachment"); $opt_d and $opt_m and print "\n---------------------------------------------------------------\n" . "HTML in non-HTML attachment\n" . "---------------------------------------------------------------\n"; if ($attach_linecount < $attach_lines_to_check) { attach_add_text($attach_line); } $hdr_type = 2; body_add_text($attach_line); } else { if ($attach_linecount < $attach_lines_to_check) { attach_add_text($attach_line); } if ($attach_extension =~ /^te{0,1}xt/) { body_add_text($attach_line); } } } } } } } } sub do_logging { if ($spam_score >= $spam_threshold) { $exit_code = $spam_exit_code; } else { $exit_code = 0; } # verifyMX(); $time_end = time(); $time_elapsed = $time_end - $time_start; $spam_desc =~ s/[\r\n ]{1,}/ /g; $spam_desc =~ s/, $//g; $hdr_from =~ s/[\r\n ]{1,}/ /g; $hdr_to =~ s/[\r\n ]{1,}/ /g; if ($html_safe_logging) { use HTML::Entities; $spam_desc = HTML::Entities::encode_entities($spam_desc); $hdr_from = HTML::Entities::encode_entities($hdr_from); $hdr_to = HTML::Entities::encode_entities($hdr_to); $spam_desc =~ s/=//g; $hdr_from =~ s/=//g; $hdr_to =~ s/=//g; } # # Note: spam is logged in a format that looks vaguely like a SpamAssassin "X-Spam-Status:" # header. This makes logging consistent with a previous incarnation of this program that # actually did write SpamAssassin "X-Spam-Status:" headers to the log. Feel free to change # this is you would prefer a different logging format. # if ($spam_score >= $spam_threshold) { if ($save_spam_fh) { close $save_spam_fh; if ($save_spam_file_permission_mask) { chmod ($save_spam_file_permission_mask, $save_spam_file) } } if (!length($hdr_recv_ip)) { $hdr_recv_ip = "unknown"; } $reject_msg = $$ . " Rejected spam in " . $time_elapsed . " seconds from " . $hdr_from . " to " . $hdr_to . "\n"; $reason = "X-Spam-Status: Yes, ip=" . $hdr_recv_ip . " hits=" . $spam_score . " required=" . $spam_threshold . " tests=" . $spam_desc . " version=" . $version . "\n"; if (!$opt_n && !$opt_d) { setlogsock('unix'); openlog('qmail-localfilter.pl','0',$log_facility); syslog('info', $reject_msg); syslog('info', $reason); $log_open = 1; } else { print "\n---------------------------------------------------\n" . $reject_msg . $reason . "---------------------------------------------------\n"; } if (($time_elapsed < $delay_spammers_time) && $delay_spammers && !opt_d) { # # Try to free up some memory by resetting all the global strings we used. # reset_global_strings(); sleep $delay_spammers_time - $time_elapsed; } } else { $save_spam_fh and unlink($save_spam_fh, $save_spam_file); $reject_msg = $$ . " Passed mail in " . $time_elapsed . " seconds from " . $hdr_from . " to " . $hdr_to . "\n"; $reason = "X-Spam-Status: No, ip=" . $hdr_recv_ip . " hits=" . $spam_score . " required=" . $spam_threshold . " tests=" . $spam_desc . "\n"; if ($log_passed_score && !$opt_d) { setlogsock('unix'); openlog('qmail-localfilter.pl','0',$log_facility); syslog('info', $reject_msg); syslog('info', $reason); $log_open = 1; } elsif ($opt_d) { print "\n---------------------------------------------------\n" . $reject_msg . $reason . "---------------------------------------------------\n"; } } } sub do_filter { if (!length($mail_to)) { $mail_to = $ENV{'QMAILRCPTS'} }; $mail_to = lc($mail_to); if (length($mail_to) && $mail_to =~ /(.*?)\@/) { $mail_to = $1; }; $custom_path = ""; do $settings_file; if (!$settings_found) { do $settings_path . $settings_file; if (!$settings_found) { spam("s01394",0.0,"Warning: Using default settings - " . $settings_path . $settings_file . " not found"); } } else { spam("s01395",0.0,"Using local settings file"); } do $settings_custom_file; if (!$settings_custom_found) { do $settings_path . $settings_custom_file; } $save_spam_file_permission_mask = 0; if (!$opt_d && $save_spam && length($save_spam_path) && (!$save_spam_to_user_home || !length($mail_to))) { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $save_spam_template = $save_spam_prefix; $save_spam_template .= sprintf("%4.4d%2.2d%2.2d_%2.2d%2.2d%2.2d_%6.6d_XXXXXX", $year+1900, $mon+1, $mday, $hour, $min, $sec, $$); ($save_spam_fh, $save_spam_file) = tempfile($save_spam_template, DIR => $save_spam_path, SUFFIX => $save_spam_ext); $save_spam_file_permission_mask = $save_spam_global_file_permission_mask; } if ($allow_user_configuration && length($mail_to)) { if (exists $mail_alias_list{$mail_to}) { $actual_mail_to = $mail_alias_list{$mail_to}; } else { $actual_mail_to = $mail_to; } $actual_mail_to =~ s/\.\.//g; $custom_path = $users_home_path . "/" . $actual_mail_to . "/\.qmail-localfilter/"; if (! -d $custom_path) { $custom_path = ""; } else { do $custom_path . $settings_file; } } if ($save_spam && $save_spam_to_user_home && length($mail_to) && length($save_spam_user_path) && !$save_spam_fh) { if (exists $mail_alias_list{$mail_to}) { $actual_mail_to = $mail_alias_list{$mail_to}; } else { $actual_mail_to = $mail_to; } $actual_mail_to =~ s/\.\.//g; if (!length($save_spam_users_home_path)) { $save_spam_users_home_path = $users_home_path; } $custom_save_spam_path = $save_spam_users_home_path . "/" . $actual_mail_to . $save_spam_user_path; if (-d $custom_save_spam_path) { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $save_spam_template = $save_spam_prefix; $save_spam_template .= sprintf("%4.4d%2.2d%2.2d_%2.2d%2.2d%2.2d_%6.6d_XXXXXX", $year+1900, $mon+1, $mday, $hour, $min, $sec, $$); ($save_spam_fh, $save_spam_file) = tempfile($save_spam_template, DIR => $custom_save_spam_path, SUFFIX => $save_spam_ext); $save_spam_file_permission_mask = $save_spam_user_file_permission_mask; } else { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $save_spam_template = $save_spam_prefix; $save_spam_template .= sprintf("%4.4d%2.2d%2.2d_%2.2d%2.2d%2.2d_%6.6d_XXXXXX", $year+1900, $mon+1, $mday, $hour, $min, $sec, $$); ($save_spam_fh, $save_spam_file) = tempfile($save_spam_template, DIR => $save_spam_path, SUFFIX => $save_spam_ext); $save_spam_file_permission_mask = $save_spam_global_file_permission_mask; } } # # Some tests allow .exe files but not other executable types. # Also, some general tests for executable files can be confused by # .com addresses. To avoid these problems we prepare 2 special # versions of the exe file type list, without "exe" and "com". # $exe_file_types_no_exe = $exe_file_types; $exe_file_types_no_exe =~ s/exe\|//g; $exe_file_types_no_exe =~ s/\|exe//g; $exe_file_types_no_exe =~ s/exe//g; $exe_file_types_no_com = $exe_file_types; $exe_file_types_no_com =~ s/com\|//g; $exe_file_types_no_com =~ s/\|com//g; $exe_file_types_no_com =~ s/com//g; $log_facility = "mail"; if($opt_s) { $log_facility = $opt_s; } if ($opt_d && ($opt_q || $opt_t || $opt_r || $opt_m)) { $opt_print_mail = 0; } else { $opt_print_mail = 1; } $opt_f and $stop_on_spam = 0; local $SIG{ALRM} = sub { $timed_out = 1; spam("s01766",0.5,"Timed Out"); die 'Timed Out'; }; alarm $time_max_allowed; do_main_loop(); if (!$stop_on_spam || ($spam_score < $spam_threshold)) { if ($hdr_in_hdr) { hdr_parse(); hdr_analyze(); } if (!$stop_on_spam || ($spam_score < $spam_threshold)) { if ($body_len) { body_process_text(); } if ($body_full_len) { body_analyze(); } if ($attach_len && length($attach_filename)) { attach_process_text(); } if (length($hdr_main_text)) { $body_test_text = $hdr_main_text; $hdr_in_hdr_test = 1; body_analyze(); } if (!$stop_on_spam || ($spam_score < $spam_threshold)) { final_tests(); } else { spam("s01396",0.0,"Skipped final tests - already spam"); } } else { spam("s01397",0.0,"Skipped body tests - already spam"); } } else { spam("s01398",0.0,"Skipped tests - already spam"); } alarm 0; do_logging(); } sub fatal_error { my $msg = shift(@_); # # Print the rest of the email "as-is" # while(<>) { print; $save_spam_fh and print $save_spam_fh $_; } if ($timed_out) { if (!$done_body_raw_tests) { body_raw_tests(); } if (length($body_test_text) > 10000) { $body_test_text = substr($body_test_text,0,2000); body_tests(); } elsif (!$done_body_tests) { body_tests(); } if ($attach_len && length($attach_filename)) { if (length($attach_test_text) > 2000) { $attach_test_text = substr($attach_test_text,0,2000); } attach_process_text(); } if (($spam_score < $spam_threshold) && !$done_final_tests) { final_tests(); } eval { do_logging(); } } if ($exit_code == -1) { # # Set the exit code # $exit_code = 0; # # Try to log a generic error message # if (!$opt_n && !$opt_d && !$log_open) { setlogsock('unix'); openlog('qmail-localfilter.pl','0',$log_facility); } $fatal_msg = "Error filtering mail: " . $msg; if (!$opt_n && !$opt_d) { syslog('info', $fatal_msg); } else { print $fatal_msg; } } } # # Use "eval" to do everything, (to catch errors) # eval { do_filter(); }; # # Take emergency action if an error occurred during processing # if ($exit_code == -1) { $msg = $@; eval { fatal_error($msg); }; } $opt_d and print "\nDebug done. Exiting with code " . $exit_code . "\n"; exit $exit_code;