]>
Commit | Line | Data |
---|---|---|
b780ea8d SI |
1 | # SpamAssassin rules file: drug tests |
2 | # | |
3 | # This ruleset is intended to detect common "pill spam" however, it is not | |
4 | # appropriate for all environments. It may not be appropriate for a medical or | |
5 | # pharmaceutical environment. If in doubt, adjust the scores of all the rules | |
6 | # to 0.01 and see if they fire off on your daily nonspam. | |
7 | # | |
8 | # Please don't modify this file as your changes will be overwritten with the | |
9 | # next update. Use /etc/mail/spamassassin/local.cf instead. See 'perldoc | |
10 | # Mail::SpamAssassin::Conf' for details. | |
11 | # | |
12 | # Note: body tests are run with long lines, so be sure to limit the size of | |
13 | # searches; use /.{0,30}/ instead of /.*/ to avoid huge search times. | |
14 | # | |
15 | # <@LICENSE> | |
16 | # Licensed to the Apache Software Foundation (ASF) under one or more | |
17 | # contributor license agreements. See the NOTICE file distributed with | |
18 | # this work for additional information regarding copyright ownership. | |
19 | # The ASF licenses this file to you under the Apache License, Version 2.0 | |
20 | # (the "License"); you may not use this file except in compliance with | |
21 | # the License. You may obtain a copy of the License at: | |
22 | # | |
23 | # http://www.apache.org/licenses/LICENSE-2.0 | |
24 | # | |
25 | # Unless required by applicable law or agreed to in writing, software | |
26 | # distributed under the License is distributed on an "AS IS" BASIS, | |
27 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
28 | # See the License for the specific language governing permissions and | |
29 | # limitations under the License. | |
30 | # </@LICENSE> | |
31 | # | |
32 | ########################################################################### | |
33 | ||
cabe596e | 34 | require_version 3.004006 |
b780ea8d SI |
35 | |
36 | ########################################################################### | |
37 | # header rules | |
38 | # (only use sufficiently long drug name to make name unique) | |
39 | ||
40 | header SUBJECT_DRUG_GAP_C Subject =~ /\bc(?!ialis(?:t|\xc3\xa9|\xe9))[\sc]{0,2}i[\si]{0,2}a[\sa]{0,2}l[\sl]{0,2}i[\si]{0,2}s{1,3}\b/i | |
41 | describe SUBJECT_DRUG_GAP_C Subject contains a gappy version of 'cialis' | |
42 | ||
43 | header SUBJECT_DRUG_GAP_L Subject =~ /l.{0,2}e.{0,2}v.{0,2}i.{0,2}t.{0,2}r.{0,2}a/i | |
44 | describe SUBJECT_DRUG_GAP_L Subject contains a gappy version of 'levitra' | |
45 | ||
46 | ||
47 | header SUBJECT_DRUG_GAP_S Subject =~ /\bs.{0,1}o.{0,1}m.{0,1}a\b/i | |
48 | describe SUBJECT_DRUG_GAP_S Subject contains a gappy version of 'soma' | |
49 | ||
50 | # Bug 5396 - Hits visa and random finnish words | |
51 | #header SUBJECT_DRUG_GAP_VA Subject =~ /v.{0,2}a.{0,2}l.{0,2}i.{0,2}u.{0,2}m/i | |
52 | #describe SUBJECT_DRUG_GAP_VA Subject contains a gappy version of 'valium' | |
53 | ||
54 | ||
55 | header SUBJECT_DRUG_GAP_X Subject =~ /x.{0,2}a.{0,2}n.{0,2}a.{0,2}x/i | |
56 | describe SUBJECT_DRUG_GAP_X Subject contains a gappy version of 'xanax' | |
57 | ||
58 | ########################################################################### | |
59 | # body rules | |
60 | ||
61 | body DRUG_DOSAGE m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i | |
62 | describe DRUG_DOSAGE Talks about price per dose | |
63 | ||
64 | # jm: keep this case-sensitive, otherwise it FP's | |
65 | body DRUG_ED_CAPS /\b(?:CIALIS|LEVITRA|VIAGRA)/ | |
66 | describe DRUG_ED_CAPS Mentions an E.D. drug | |
67 | ||
68 | ||
69 | body DRUG_ED_SILD /\bsildenafil\b/i | |
70 | describe DRUG_ED_SILD Talks about an E.D. drug using its chemical name | |
71 | ||
72 | body DRUG_ED_GENERIC /\bGeneric Viagra\b/ | |
73 | describe DRUG_ED_GENERIC Mentions Generic Viagra | |
74 | ||
75 | body DRUG_ED_ONLINE /\bviagra .{0,25}(?:express|online|overnight)/i | |
76 | describe DRUG_ED_ONLINE Fast Viagra Delivery | |
77 | ||
78 | body ONLINE_PHARMACY /\bonline pharmacy|\b(?:drugs|medications) online/i | |
79 | describe ONLINE_PHARMACY Online Pharmacy | |
80 | ||
81 | # Updated bug 6448 | |
82 | body NO_PRESCRIPTION /N[o0].{1,10}P(?:er|re)scr[i1]pt[i1][o0]n.{1,10}(?:n[e3][e3]d[e3]d|requ[1i]re|n[e3]c[e3]ssary)/i | |
83 | describe NO_PRESCRIPTION No prescription needed | |
84 | ||
85 | # too easy | |
86 | body VIA_GAP_GRA /\bvia.gra\b/i | |
87 | describe VIA_GAP_GRA Attempts to disguise the word 'viagra' | |
88 | ||
89 | ######################################################################## | |
90 | # male sexual dysfunction drugs | |
91 | # | |
92 | # This section is undergoing improvements and I'm trying to track down a | |
93 | # FP case that seems to mostly affect technical emails. | |
94 | # However, all of the test cases so far fail to match when retested. | |
95 | # note: The regex /v.i.a.g.r.a/ was intentionally not used | |
96 | # due to potential false positive cases with PGP signatures | |
97 | # and other base-64ish stuff. | |
98 | # instead other patterns are used catch non alphanumeric gapping patterns | |
99 | # note: \W = "non word character" | |
100 | ||
101 | # Note: many of the drugs named in here are brand-names and are trademarked. | |
102 | # All trademarks are property of the respective owners. | |
103 | #current best char substitutions | |
104 | # i - [i1!|l\xEC-\xEF] | |
105 | # a - [a4\xE0-\xE6@] | |
106 | # e - [e3\xE8-\xEB] | |
107 | # o - [o0\xF2-\xF6] | |
108 | # u - [u\xB5\xF9-\xFC] | |
109 | ||
110 | # v - (?:\\\/|V) | |
111 | # l - [l!|1] | |
112 | # | |
113 | # Also see 25_replace.cf | |
114 | # | |
115 | # If you're adding accented-character exclusions, include the HTML entity tags | |
116 | # as well to cover the case where they appear in plain-text body parts. | |
117 | # | |
118 | #plain Viagra and Cialis (used in obfu detection) | |
119 | body __DRUGS_ERECTILE_V /\bViagra\b/i | |
120 | body __DRUGS_ERECTILE_C /\bCialis(?!\xc3\xa9|\xe9)\b/i | |
121 | body __DRUGS_ERECTILE_L /\bLevitra\b/i | |
122 | # obfu/plain and mis-spelled Viagra variants | |
123 | body __DRUGS_ERECTILE1 /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}[xyz]?[gj][_\W]{0,3}r[_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i | |
124 | body __DRUGS_ERECTILE2 /\bV(?:agira|igara|iaggra|iaegra)\b/i | |
125 | # cialis variants (spelling correct now) | |
126 | # note: the rather strange pre-amble is to avoid FPs on french words containing high-ascii chars surrounding | |
127 | # "cialis". | |
128 | # try to avoid FPs on "specialist" and FR "spécialisé" | |
129 | body __DRUGS_ERECTILE3 /(?:\A|[\s\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])[_\W]{0,3}(?!cialis(?:t|\xc3\xa9|\xe9|\&\#xe9\;|\é\;)|c i a l i s (?:t|\xc3\xa9|\xe9|\&\#xe9\;|\é\;))C[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}l?[l!|1][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}s[_\W]{0,3}(?:\b|\s)/i | |
130 | body __DRUGS_ERECTILE4 /\bC(?:alis|ilias|ilais)\b/i | |
131 | # generic names | |
132 | #sildenafil citrate | |
133 | body __DRUGS_ERECTILE5 /\b_{0,3}s[_\W]?[i1!|l\xEC-\xEF][_\W]?l[_\W]?d[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?f[_\W]?[i1!|l\xEC-\xEF][_\W]?l c[_\W]?[i1!|l\xEC-\xEF][_\W]?t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?t[_\W]?[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i | |
134 | #Levitra | |
135 | body __DRUGS_ERECTILE6 /\b_{0,3}L[_\W]?[e3\xE8-\xEB][_\W]?(?:\\\/|V)[_\W]?[i1!|l\xEC-\xEF][_\W]?t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?(?:\b|\s)/i | |
136 | #tadalafil | |
137 | body __DRUGS_ERECTILE8 /\b_{0,3}T[_\W]?[a4\xE0-\xE6@][_\W]?d[_\W]?[a4\xE0-\xE6@][_\W]?l[_\W]?[a4\xE0-\xE6@][_\W]?f[_\W]?[i1!|l\xEC-\xEF][_\W]?l_{0,3}\b/i | |
138 | # gapped/obfu viagra variants using funky html-style character codes | |
139 | rawbody __DRUGS_ERECTILE10 /\b_{0,3}V[_\W]?(?:i|\ï\;)[_\W]?(?:a|\à|\å)\;?[_\W]?g[_\W]?r[_\W]?(?:a|\à|\å)\b/i | |
140 | #apcalis - a generic of cialis | |
141 | body __DRUGS_ERECTILE11 /(?:\b|\s)_{0,3}[a4\xE0-\xE6@][_\W]{0,3}p[_\W]{0,3}c[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}[l!|1][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}s_{0,3}\b/i | |
142 | meta DRUGS_ERECTILE (__DRUGS_ERECTILE1 || __DRUGS_ERECTILE2 || __DRUGS_ERECTILE3 || __DRUGS_ERECTILE4 || __DRUGS_ERECTILE5 || __DRUGS_ERECTILE6 || __DRUGS_ERECTILE8 || __DRUGS_ERECTILE10 || __DRUGS_ERECTILE11 ) | |
143 | describe DRUGS_ERECTILE Refers to an erectile drug | |
144 | meta DRUGS_ERECTILE_OBFU ( (__DRUGS_ERECTILE1 &&!__DRUGS_ERECTILE_V) || (__DRUGS_ERECTILE3 && !__DRUGS_ERECTILE_C) ||__DRUGS_ERECTILE2 || (__DRUGS_ERECTILE10 &&!__DRUGS_ERECTILE_V) || (__DRUGS_ERECTILE6 &&!__DRUGS_ERECTILE_L)) | |
145 | describe DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug | |
146 | ||
147 | ||
148 | ||
149 | #diet | |
150 | body __DRUGS_DIET_PHEN /\bphentermine\b/i | |
151 | #phentermine | |
152 | body __DRUGS_DIET1 /(?:\b|\s)[_\W]{0,3}p[_\W]{0,3}h[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}n[_\W]{0,3}t[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}r[_\W]{0,3}m[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}n[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}(?:\b|\s)/i | |
153 | #ionamin | |
154 | body __DRUGS_DIET2 /(?:\b|\s)_{0,3}[i1!|l\xEC-\xEF][_\W]?o[_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?m[_\W]?[i1!|l\xEC-\xEF][_\W]?n_{0,3}\b/i | |
155 | #bontril | |
156 | body __DRUGS_DIET3 /\bbontril\b/i | |
157 | #phendimetrazine | |
158 | body __DRUGS_DIET4 /\bphendimetrazine\b/i | |
159 | #diethylpropion, generic of Tenuate, uncommon in spam | |
160 | body __DRUGS_DIET5 /\bdiethylpropion\b/i | |
161 | #Meridia | |
162 | body __DRUGS_DIET6 /(?:\b|\s)[_\W]{0,3}M[_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}r[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}d[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}(?:\b|\s)/i | |
163 | #tenuate | |
164 | body __DRUGS_DIET7 /\b_{0,3}t[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?u[_\W]?a[_\W]?t[_\W]?[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i | |
165 | #didrex | |
166 | body __DRUGS_DIET8 /\b_{0,3}d[_\W]?[i1!|l\xEC-\xEF][_\W]?d[_\W]?r[_\W][e3\xE8-\xEB[_\W]?xx?_{0,3}\b/i | |
167 | #adipex | |
168 | body __DRUGS_DIET9 /\b_{0,3}a[_\W]?d[_\W]?[i1!|l\xEC-\xEF][_\W]?p[_\W]?[e3\xE8-\xEB][_\W]?x_{0,3}\b/i | |
169 | #xenical | |
170 | body __DRUGS_DIET10 /\b_{0,3}x?x[_\W]?[e3\xE8-\xEB][_\W]?n[_\W]?[i1!|l\xEC-\xEF][_\W]?c[_\W]?[a4\xE0-\xE6@][_\W]?l_{0,3}\b/i | |
171 | meta DRUGS_DIET (__DRUGS_DIET1 || __DRUGS_DIET2 || __DRUGS_DIET3 || __DRUGS_DIET4 ||__DRUGS_DIET5 ||__DRUGS_DIET6 ||__DRUGS_DIET7 ||__DRUGS_DIET8 || __DRUGS_DIET9 || __DRUGS_DIET10 ) | |
172 | describe DRUGS_DIET Refers to a diet drug | |
173 | meta DRUGS_DIET_OBFU (__DRUGS_DIET1 && !__DRUGS_DIET_PHEN) | |
174 | describe DRUGS_DIET_OBFU Obfuscated reference to a diet drug | |
175 | ||
176 | # pain relief drugs | |
177 | body __DRUGS_PAIN_VICO /vicodin/i | |
178 | body __DRUGS_PAIN_VIOXX /vioxx/i | |
179 | body __DRUGS_PAIN_FIO /fioricet/i | |
180 | body __DRUGS_PAIN1 /\b_{0,3}h[_\W]?y[_\W]?d[_\W]?r[_\W]?[o0\xF2-\xF6][_\W]?c[_\W]?[o0\xF2-\xF6][_\W]?d[_\W]?[o0\xF2-\xF6][_\W]?n[_\W]?e_{0,3}\b/i | |
181 | body __DRUGS_PAIN2 /\b_{0,3}c[o0\xF2-\xF6]deine_{0,3}\b/i | |
182 | #ultram | |
183 | body __DRUGS_PAIN3 /(?:\b|\s)[_\W]{0,3}[u\xB5\xF9-\xFC][_\W]{0,3}l[_\W]{0,3}t[_\W]{0,3}r[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}m_{0,3}\b/i | |
184 | #vicodin | |
185 | body __DRUGS_PAIN4 /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}c[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}d[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}ns?[_\W]{0,3}(?:\b|\s)/i | |
186 | #tramadol | |
187 | body __DRUGS_PAIN5 /\b_{0,3}t[_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?m[_\W]?[a4\xE0-\xE6@][_\W]?d[_\W]?[o0\xF2-\xF6][_\W]?[l!|1]_{0,3}\b/i | |
188 | # ultracet, uncommon in spam. | |
189 | body __DRUGS_PAIN6 /\b_{0,3}u[_\W]?l[_\W]?t[_\W]?r[_\W]?a[_\W]?c[_\W]?e[_\W]?t_{0,3}\b/i | |
190 | #fioricet | |
191 | body __DRUGS_PAIN7 /\b_{0,3}f[_\W]?[i1!|l\xEC-\xEF][_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?[i1!|l\xEC-\xEF][_\W]?c[_\W]?[e3\xE8-\xEB][_\W]?[t7]_{0,3}\b/i | |
192 | #celebrex | |
193 | body __DRUGS_PAIN8 /\b_{0,3}c[_\W]?[e3\xE8-\xEB][_\W]?l[_\W]?[e3\xE8-\xEB][_\W]?b[_\W]?r[_\W]?[e3\xE8-\xEB][_\W]?x_{0,3}\b/i | |
194 | #imitrex | |
195 | body __DRUGS_PAIN9 /(?:\b|\s)_{0,3}[i1!|l\xEC-\xEF]m[i1!|l\xEC-\xEF]tr[e3\xE8-\xEB]x_{0,3}\b/i | |
196 | #vioxx | |
197 | body __DRUGS_PAIN10 /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}x[_\W]{0,3}xx?_{0,3}\b/i | |
198 | #zebutal, uncommon in spam. | |
199 | body __DRUGS_PAIN11 /\bzebutal\b/i | |
200 | #esgic plus, uncommon in spam. | |
201 | body __DRUGS_PAIN12 /\besgic plus\b/i | |
202 | #Darvon - a prescription narcotic | |
203 | body __DRUGS_PAIN13 /\bD[_\W]?[a4\xE0-\xE6@][_\W]?r[_\W]?v[_\W]?[o0\xF2-\xF6][_\W]?n\b/i | |
204 | body __DRUGS_PAIN14 /N[o0\xF2-\xF6]rc[o0\xF2-\xF6]/i | |
205 | meta __DRUGS_PAIN (__DRUGS_PAIN1 || __DRUGS_PAIN2 || __DRUGS_PAIN3 || __DRUGS_PAIN4 ||__DRUGS_PAIN5 ||__DRUGS_PAIN6 ||__DRUGS_PAIN7 ||__DRUGS_PAIN8 || __DRUGS_PAIN9 || __DRUGS_PAIN10|| __DRUGS_PAIN11 || __DRUGS_PAIN12 || __DRUGS_PAIN13 ||__DRUGS_PAIN14) | |
206 | #sleep aids | |
207 | #ativan and lorazepam already under anxiety | |
208 | #Ambien, brand of zolpidem tartrate | |
209 | body __DRUGS_SLEEP1 /(?:\b|\s)[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}m[_\W]{0,3}b[_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[e3\xE8-\xEB][_\W]{0,3}n[_\W]{0,3}(?:\b|\s)/i | |
210 | #sonata, brand of zaleplon | |
211 | body __DRUGS_SLEEP2 /(?:\b|\s)[_\W]{0,3}S[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}n[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}t[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}(?:\b|\s)/i | |
212 | #Restoril, brand of temazepam, uncommon in spam | |
213 | body __DRUGS_SLEEP3 /\b_{0,3}R[_\W]?[e3\xE8-\xEB][_\W]?s[_\W]?t[_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?i[_\W]?l_{0,3}\b/i | |
214 | #Halcion, brand of triazolam | |
215 | body __DRUGS_SLEEP4 /\b_{0,3}H[_\W]?[a4\xE0-\xE6@][_\W]?l[_\W]?c[_\W]?i[_\W]?[o0\xF2-\xF6][_\W]?n_{0,3}\b/i | |
216 | ||
217 | meta __DRUGS_SLEEP (__DRUGS_SLEEP1 || __DRUGS_SLEEP2 || __DRUGS_SLEEP3 ||__DRUGS_SLEEP4) | |
218 | ||
219 | #muscle relaxants | |
220 | #soma - removed due to Bug 7612 | |
221 | #body __DRUGS_MUSCLE1 /(?:\b|\s)[_\W]{0,3}s[_\W]{0,3}[o0\xF2-\xF6][_\W]{0,3}m[_\W]{0,3}[a4\xE0-\xE3\xE5\xE6@][_\W]{0,3}(?:\b|\s)/i | |
222 | #cyclobenzaprine | |
223 | body __DRUGS_MUSCLE2 /\b_{0,3}cycl[o0\xF2-\xF6]b[e3\xE8-\xEB]nz[a4\xE0-\xE6@]pr[i1!|l\xEC-\xEF]n[e3\xE8-\xEB]_{0,3}(?:\b|\s)/i | |
224 | #flexeril | |
225 | body __DRUGS_MUSCLE3 /\b_{0,3}f[_\W]?l[_\W]?[e3\xE8-\xEB][_\W]?x[_\W]?[e3\xE8-\xEB][_\W]?r[_\W]?[i1!|l\xEC-\xEF]_{0,3}[_\W]?l_{0,3}\b/i | |
226 | #zanaflex | |
227 | body __DRUGS_MUSCLE4 /\b_{0,3}z[_\W]?a[_\W]?n[_\W]?a[_\W]?f[_\W]?l[_\W]?e[_\W]?x_{0,3}\b/i | |
228 | #skelaxin | |
229 | body __DRUGS_MUSCLE5 /\bskelaxin\b/i | |
230 | meta DRUGS_MUSCLE (__DRUGS_MUSCLE2 || __DRUGS_MUSCLE3 || __DRUGS_MUSCLE4 ||__DRUGS_MUSCLE5 ) | |
231 | describe DRUGS_MUSCLE Refers to a muscle relaxant | |
232 | #anti-anxiety | |
233 | #these two rules are used to differentiate between obfu and non-obfu spellings | |
234 | body __DRUGS_ANXIETY_XAN /xan[ae]x/i | |
235 | body __DRUGS_ANXIETY_VAL /valium/i | |
236 | #xanax - note: second a sometimes done as e. | |
237 | body __DRUGS_ANXIETY1 /(?:\b|\s)[_\W]{0,3}x?x[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}n[_\W]{0,3}[ea4\xE1\xE2\xE3@][_\W]{0,3}xx?_{0,3}\b/i | |
238 | #alprazolam | |
239 | body __DRUGS_ANXIETY2 /\bAlprazolam\b/i | |
240 | #valium | |
241 | body __DRUGS_ANXIETY3 /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4\xE0-\xE6@][_\W]{0,3}[l|][_\W]{0,3}[i1!|l\xEC-\xEF][_\W]{0,3}[u\xB5\xF9-\xFC][_\W]{0,3}m\b/i | |
242 | #diazepam, generic of valium | |
243 | body __DRUGS_ANXIETY4 /\b_{0,3}D[_\W]?[i1!|l\xEC-\xEF][_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?[ea3\xE9\xEA\xEB][_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m_{0,3}\b/i | |
244 | #ativan | |
245 | body __DRUGS_ANXIETY5 /(?:\b|\s)[a4\xE0-\xE6@][_\W]?t[_\W]?[i1!|l\xEC-\xEF][_\W]?v[_\W]?[a4\xE0-\xE6@][_\W]?n_{0,3}\b/i | |
246 | #lorazepam - generic of ativan, uncommon in spam | |
247 | body __DRUGS_ANXIETY6 /\b_{0,3}l[_\W]?[o0\xF2-\xF6][_\W]?r[_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?[e3\xE8-\xEB][_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m_{0,3}\b/i | |
248 | #clonazepam, generic. | |
249 | body __DRUGS_ANXIETY7 /\b_{0,3}c[_\W]?l[_\W]?[o0\xF2-\xF6][_\W]?n[_\W]?[a4\xE0-\xE6@][_\W]?z[_\W]?e[_\W]?p[_\W]?[a4\xE0-\xE6@][_\W]?m\b/i | |
250 | #klonopin, brand of clonazepam, uncommon in spam | |
251 | body __DRUGS_ANXIETY8 /\bklonopin\b/i | |
252 | #rivotril, brand of clonazepam, uncommon in spam | |
253 | body __DRUGS_ANXIETY9 /\brivotril\b/i | |
254 | meta DRUGS_ANXIETY (__DRUGS_ANXIETY1 || __DRUGS_ANXIETY2 || __DRUGS_ANXIETY3 || __DRUGS_ANXIETY4 ||__DRUGS_ANXIETY5 ||__DRUGS_ANXIETY6 ||__DRUGS_ANXIETY7 ||__DRUGS_ANXIETY8 || __DRUGS_ANXIETY9 ) | |
255 | describe DRUGS_ANXIETY Refers to an anxiety control drug | |
256 | meta DRUGS_ANXIETY_OBFU ( (__DRUGS_ANXIETY1 &&! __DRUGS_ANXIETY_XAN) || (__DRUGS_ANXIETY3 && !__DRUGS_ANXIETY_VAL)) | |
257 | describe DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug | |
258 | ||
259 | body DRUGS_SMEAR1 /(?:Viagra|Valium|Xanax|Soma|Cialis){2}/i | |
260 | describe DRUGS_SMEAR1 Two or more drugs crammed together into one word | |
261 | ||
262 | #search for "weird" combinations that are unlikely to | |
263 | #be prescribed together for a single event, thus unlikely to be | |
264 | #mentioned in the same email, except an online pharmacy ad. | |
265 | meta DRUGS_ANXIETY_EREC (DRUGS_ERECTILE && DRUGS_ANXIETY) | |
266 | describe DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug | |
267 | meta DRUGS_SLEEP_EREC (DRUGS_ERECTILE && __DRUGS_SLEEP) | |
268 | describe DRUGS_SLEEP_EREC Refers to both an erectile and a sleep aid drug | |
269 | ||
270 | # note: some 3 item combos are "normal" ie: a patient might legitimately | |
271 | # be prescribed depression, anxiety and sleep aid drugs all at once. | |
272 | # however, I know of no "normal" 4-item combinations. | |
273 | meta DRUGS_MANYKINDS (DRUGS_ERECTILE + DRUGS_DIET + __DRUGS_PAIN + __DRUGS_SLEEP + DRUGS_MUSCLE + DRUGS_ANXIETY > 3) | |
274 | describe DRUGS_MANYKINDS Refers to at least four kinds of drugs | |
275 | ||
276 | ######################################################################## | |
277 |