Revision of mosparo rule package example

1

+

{

2

+

"lastUpdatedAt": "2025-11-11T12:00:00Z",

3

+

"refreshInterval": 3600,

4

+

"rules": [

5

+

{

6

+

"uuid": "550e8400-e29b-41d4-a716-446655440000",

7

+

"name": "Common Spam Words",

8

+

"description": "Detects common spam keywords and phrases",

9

+

"type": "word",

10

+

"spamRatingFactor": 1.2,

11

+

"items": [

12

+

{

13

+

"uuid": "550e8400-e29b-41d4-a716-446655440001",

14

+

"type": "text",

15

+

"value": "viagra",

16

+

"rating": 0.9

17

+

},

18

+

{

19

+

"uuid": "550e8400-e29b-41d4-a716-446655440002",

20

+

"type": "text",

21

+

"value": "cialis",

22

+

"rating": 0.9

23

+

},

24

+

{

25

+

"uuid": "550e8400-e29b-41d4-a716-446655440003",

26

+

"type": "text",

27

+

"value": "free money",

28

+

"rating": 0.8

29

+

},

30

+

{

31

+

"uuid": "550e8400-e29b-41d4-a716-446655440004",

32

+

"type": "text",

33

+

"value": "win now",

34

+

"rating": 0.7

35

+

},

36

+

{

37

+

"uuid": "550e8400-e29b-41d4-a716-446655440005",

38

+

"type": "text",

39

+

"value": "click here",

40

+

"rating": 0.6

41

+

}

42

+

]

43

+

},

44

+

{

45

+

"uuid": "550e8400-e29b-41d4-a716-446655440010",

46

+

"name": "Suspicious Email Patterns",

47

+

"description": "Regex patterns to detect suspicious email formats and content",

48

+

"type": "regex",

49

+

"spamRatingFactor": 1.0,

50

+

"items": [

51

+

{

52

+

"uuid": "550e8400-e29b-41d4-a716-446655440011",

53

+

"type": "regex",

54

+

"value": "\\b[A-Z]{2,}\\s+[A-Z]{2,}\\s+[A-Z]{2,}\\b",

55

+

"rating": 0.7

56

+

},

57

+

{

58

+

"uuid": "550e8400-e29b-41d4-a716-446655440012",

59

+

"type": "regex",

60

+

"value": "\\$\\d+[,.]?\\d*\\s*(million|billion|thousand)",

61

+

"rating": 0.8

62

+

},

63

+

{

64

+

"uuid": "550e8400-e29b-41d4-a716-446655440013",

65

+

"type": "regex",

66

+

"value": "(?i)\\b(urgent|immediate|act\\s+now|limited\\s+time)\\b",

67

+

"rating": 0.6

68

+

},

69

+

{

70

+

"uuid": "550e8400-e29b-41d4-a716-446655440014",

71

+

"type": "regex",

72

+

"value": "\\b\\d{1,2}%\\s+(?:off|discount|savings)\\b",

73

+

"rating": 0.5

74

+

}

75

+

]

76

+

},

77

+

{

78

+

"uuid": "550e8400-e29b-41d4-a716-446655440020",

79

+

"name": "Malicious User Agents",

80

+

"description": "Known malicious or suspicious user agent strings",

81

+

"type": "user-agent",

82

+

"spamRatingFactor": 1.5,

83

+

"items": [

84

+

{

85

+

"uuid": "550e8400-e29b-41d4-a716-446655440021",

86

+

"type": "text",

87

+

"value": "curl/",

88

+

"rating": 0.8

89

+

},

90

+

{

91

+

"uuid": "550e8400-e29b-41d4-a716-446655440022",

92

+

"type": "text",

93

+

"value": "wget/",

94

+

"rating": 0.8

95

+

},

96

+

{

97

+

"uuid": "550e8400-e29b-41d4-a716-446655440023",

98

+

"type": "text",

99

+

"value": "Python-urllib/",

100

+

"rating": 0.7

101

+

},

102

+

{

103

+

"uuid": "550e8400-e29b-41d4-a716-446655440024",

104

+

"type": "regex",

105

+

"value": "bot|crawler|spider",

106

+

"rating": 0.6

107

+

}

108

+

]

109

+

},

110

+

{

111

+

"uuid": "550e8400-e29b-41d4-a716-446655440030",

112

+

"name": "URL Spam Patterns",

113

+

"description": "Detects suspicious URLs and link patterns",

114

+

"type": "url",

115

+

"spamRatingFactor": 1.1,

116

+

"items": [

117

+

{

118

+

"uuid": "550e8400-e29b-41d4-a716-446655440031",

119

+

"type": "regex",

120

+

"value": "https?://bit\\.ly/[a-zA-Z0-9]+",

121

+

"rating": 0.5

122

+

},

123

+

{

124

+

"uuid": "550e8400-e29b-41d4-a716-446655440032",

125

+

"type": "regex",

126

+

"value": "https?://tinyurl\\.com/[a-zA-Z0-9]+",

127

+

"rating": 0.5

128

+

},

129

+

{

130

+

"uuid": "550e8400-e29b-41d4-a716-446655440033",

131

+

"type": "text",

132

+

"value": ".tk",

133

+

"rating": 0.7

134

+

},

135

+

{

136

+

"uuid": "550e8400-e29b-41d4-a716-446655440034",

137

+

"type": "text",

138

+

"value": ".ml",

139

+

"rating": 0.7

140

+

}

141

+

]

142

+

},

143

+

{

144

+

"uuid": "550e8400-e29b-41d4-a716-446655440040",

145

+

"name": "Phishing Keywords",

146

+

"description": "Common phishing and social engineering terms",

147

+

"type": "word",

148

+

"spamRatingFactor": 1.3,

149

+

"items": [

150

+

{

151

+

"uuid": "550e8400-e29b-41d4-a716-446655440041",

152

+

"type": "text",

153

+

"value": "verify your account",

154

+

"rating": 0.8

155

+

},

156

+

{

157

+

"uuid": "550e8400-e29b-41d4-a716-446655440042",

158

+

"type": "text",

159

+

"value": "suspended account",

160

+

"rating": 0.8

161

+

},

162

+

{

163

+

"uuid": "550e8400-e29b-41d4-a716-446655440043",

164

+

"type": "text",

165

+

"value": "update payment",

166

+

"rating": 0.7

167

+

},

168

+

{

169

+

"uuid": "550e8400-e29b-41d4-a716-446655440044",

170

+

"type": "text",

171

+

"value": "click to confirm",

172

+

"rating": 0.6

173

+

},

174

+

{

175

+

"uuid": "550e8400-e29b-41d4-a716-446655440045",

176

+

"type": "text",

177

+

"value": "security alert",

178

+

"rating": 0.7

179

+

}

180

+

]

181

+

},

182

+

{

183

+

"uuid": "550e8400-e29b-41d4-a716-446655440050",

184

+

"name": "Cryptocurrency Spam",

185

+

"description": "Detects cryptocurrency-related spam and scam content",

186

+

"type": "word",

187

+

"spamRatingFactor": 1.4,

188

+

"items": [

189

+

{

190

+

"uuid": "550e8400-e29b-41d4-a716-446655440051",

191

+

"type": "text",

192

+

"value": "bitcoin investment",

193

+

"rating": 0.8

194

+

},

195

+

{

196

+

"uuid": "550e8400-e29b-41d4-a716-446655440052",

197

+

"type": "text",

198

+

"value": "crypto trading bot",

199

+

"rating": 0.7

200

+

},

201

+

{

202

+

"uuid": "550e8400-e29b-41d4-a716-446655440053",

203

+

"type": "text",

204

+

"value": "guaranteed profits",

205

+

"rating": 0.9

206

+

},

207

+

{

208

+

"uuid": "550e8400-e29b-41d4-a716-446655440054",

209

+

"type": "text",

210

+

"value": "mining software",

211

+

"rating": 0.6

212

+

},

213

+

{

214

+

"uuid": "550e8400-e29b-41d4-a716-446655440055",

215

+

"type": "text",

216

+

"value": "wallet recovery",

217

+

"rating": 0.8

218

+

}

219

+

]

220

+

},

221

+

{

222

+

"uuid": "550e8400-e29b-41d4-a716-446655440060",

223

+

"name": "Code Injection Patterns",

224

+

"description": "Detects common code injection attempts",

225

+

"type": "regex",

226

+

"spamRatingFactor": 2.0,

227

+

"items": [

228

+

{

229

+

"uuid": "550e8400-e29b-41d4-a716-446655440061",

230

+

"type": "regex",

231

+

"value": "<script[^>]*>.*?</script>",

232

+

"rating": 1.0

233

+

},

234

+

{

235

+

"uuid": "550e8400-e29b-41d4-a716-446655440062",

236

+

"type": "regex",

237

+

"value": "javascript:",

238

+

"rating": 0.9

239

+

},

240

+

{

241

+

"uuid": "550e8400-e29b-41d4-a716-446655440063",

242

+

"type": "regex",

243

+

"value": "(?i)\\b(SELECT|UNION|DROP|INSERT)\\b.*\\b(FROM|TABLE)\\b",

244

+

"rating": 1.0

245

+

},

246

+

{

247

+

"uuid": "550e8400-e29b-41d4-a716-446655440064",

248

+

"type": "regex",

249

+

"value": "\\bon\\w+\\s*=",

250

+

"rating": 0.8

251

+

},

252

+

{

253

+

"uuid": "550e8400-e29b-41d4-a716-446655440065",

254

+

"type": "regex",

255

+

"value": "document\\.cookie",

256

+

"rating": 0.9

257

+

}

258

+

]

259

+

},

260

+

{

261

+

"uuid": "550e8400-e29b-41d4-a716-446655440070",

262

+

"name": "SEO Spam Keywords",

263

+

"description": "Common SEO and marketing spam terms",

264

+

"type": "word",

265

+

"spamRatingFactor": 0.8,

266

+

"items": [

267

+

{

268

+

"uuid": "550e8400-e29b-41d4-a716-446655440071",

269

+

"type": "text",

270

+

"value": "SEO services",

271

+

"rating": 0.6

272

+

},

273

+

{

274

+

"uuid": "550e8400-e29b-41d4-a716-446655440072",

275

+

"type": "text",

276

+

"value": "rank higher",

277

+

"rating": 0.5

278

+

},

279

+

{

280

+

"uuid": "550e8400-e29b-41d4-a716-446655440073",

281

+

"type": "text",

282

+

"value": "backlinks",

283

+

"rating": 0.6

284

+

},

285

+

{

286

+

"uuid": "550e8400-e29b-41d4-a716-446655440074",

287

+

"type": "text",

288

+

"value": "increase traffic",

289

+

"rating": 0.5

290

+

},

291

+

{

292

+

"uuid": "550e8400-e29b-41d4-a716-446655440075",

293

+

"type": "text",

294

+

"value": "link building",

295

+

"rating": 0.6

296

+

}

297

+

]

298

+

},

299

+

{

300

+

"uuid": "550e8400-e29b-41d4-a716-446655440080",

301

+

"name": "Adult Content Keywords",

302

+

"description": "Detects adult content and inappropriate material",

303

+

"type": "word",

304

+

"spamRatingFactor": 1.5,

305

+

"items": [

306

+

{

307

+

"uuid": "550e8400-e29b-41d4-a716-446655440081",

308

+

"type": "text",

309

+

"value": "adult dating",

310

+

"rating": 0.8

311

+

},

312

+

{

313

+

"uuid": "550e8400-e29b-41d4-a716-446655440082",

314

+

"type": "text",

315

+

"value": "cam girls",

316

+

"rating": 0.9

317

+

},

318

+

{

319

+

"uuid": "550e8400-e29b-41d4-a716-446655440083",

320

+

"type": "text",

321

+

"value": "hookup tonight",

322

+

"rating": 0.8

323

+

},

324

+

{

325

+

"uuid": "550e8400-e29b-41d4-a716-446655440084",

326

+

"type": "text",

327

+

"value": "singles near you",

328

+

"rating": 0.7

329

+

},

330

+

{

331

+

"uuid": "550e8400-e29b-41d4-a716-446655440085",

332

+

"type": "text",

333

+

"value": "meet locals",

334

+

"rating": 0.6

335

+

}

336

+

]

337

+

},

338

+

{

339

+

"uuid": "550e8400-e29b-41d4-a716-446655440090",

340

+

"name": "Pharmaceutical Spam",

341

+

"description": "Illegal pharmacy and drug-related spam",

342

+

"type": "word",

343

+

"spamRatingFactor": 1.6,

344

+

"items": [

345

+

{

346

+

"uuid": "550e8400-e29b-41d4-a716-446655440091",

347

+

"type": "text",

348

+

"value": "pharmacy online",

349

+

"rating": 0.8

350

+

},

351

+

{

352

+

"uuid": "550e8400-e29b-41d4-a716-446655440092",

353

+

"type": "text",

354

+

"value": "no prescription",

355

+

"rating": 0.9

356

+

},

357

+

{

358

+

"uuid": "550e8400-e29b-41d4-a716-446655440093",

359

+

"type": "text",

360

+

"value": "weight loss pills",

361

+

"rating": 0.7

362

+

},

363

+

{

364

+

"uuid": "550e8400-e29b-41d4-a716-446655440094",

365

+

"type": "text",

366

+

"value": "enhancement pills",

367

+

"rating": 0.8

368

+

},

369

+

{

370

+

"uuid": "550e8400-e29b-41d4-a716-446655440095",

371

+

"type": "text",

372

+

"value": "discount pharmacy",

373

+

"rating": 0.7

374

+

}

375

+

]

376

+

},

377

+

{

378

+

"uuid": "550e8400-e29b-41d4-a716-446655440100",

379

+

"name": "Suspicious Email Patterns",

380

+

"description": "Detects suspicious email address patterns",

381

+

"type": "regex",

382

+

"spamRatingFactor": 1.2,

383

+

"items": [

384

+

{

385

+

"uuid": "550e8400-e29b-41d4-a716-446655440101",

386

+

"type": "regex",

387

+

"value": "\\b[a-z]{1,3}\\d{3,}@[a-z]+\\.[a-z]{2,}\\b",

388

+

"rating": 0.7

389

+

},

390

+

{

391

+

"uuid": "550e8400-e29b-41d4-a716-446655440102",

392

+

"type": "regex",

393

+

"value": "\\bnoreply\\d+@[a-z]+\\.[a-z]{2,}\\b",

394

+

"rating": 0.6

395

+

},

396

+

{

397

+

"uuid": "550e8400-e29b-41d4-a716-446655440103",

398

+

"type": "regex",

399

+

"value": "\\btest\\d*@[a-z]+\\.[a-z]{2,}\\b",

400

+

"rating": 0.5

401

+

},

402

+

{

403

+

"uuid": "550e8400-e29b-41d4-a716-446655440104",

404

+

"type": "regex",

405

+

"value": "\\b\\w+\\.\\w+\\.\\w+@[a-z]+\\.[a-z]{2,}\\b",

406

+

"rating": 0.6

407

+

}

408

+

]

409

+

},

410

+

{

411

+

"uuid": "550e8400-e29b-41d4-a716-446655440110",

412

+

"name": "International Spam Terms",

413

+

"description": "Spam terms in multiple languages",

414

+

"type": "word",

415

+

"spamRatingFactor": 1.0,

416

+

"items": [

417

+

{

418

+

"uuid": "550e8400-e29b-41d4-a716-446655440111",

419

+

"type": "text",

420

+

"value": "kostenlos",

421

+

"rating": 0.6

422

+

},

423

+

{

424

+

"uuid": "550e8400-e29b-41d4-a716-446655440112",

425

+

"type": "text",

426

+

"value": "gratis",

427

+

"rating": 0.6

428

+

},

429

+

{

430

+

"uuid": "550e8400-e29b-41d4-a716-446655440113",

431

+

"type": "text",

432

+

"value": "casino",

433

+

"rating": 0.7

434

+

},

435

+

{

436

+

"uuid": "550e8400-e29b-41d4-a716-446655440114",

437

+

"type": "text",

438

+

"value": "lottery winner",

439

+

"rating": 0.8

440

+

},

441

+

{

442

+

"uuid": "550e8400-e29b-41d4-a716-446655440115",

443

+

"type": "text",

444

+

"value": "inheritance claim",

445

+

"rating": 0.9

446

+

}

447

+

]

448

+

},

449

+

{

450

+

"uuid": "550e8400-e29b-41d4-a716-446655440120",

451

+

"name": "Suspicious Text Patterns",

452

+

"description": "Various suspicious formatting and text patterns",

453

+

"type": "regex",

454

+

"spamRatingFactor": 1.1,

455

+

"items": [

456

+

{

457

+

"uuid": "550e8400-e29b-41d4-a716-446655440121",

458

+

"type": "regex",

459

+

"value": "\\b[A-Z]{4,}\\s+[A-Z]{4,}\\s+[A-Z]{4,}",

460

+

"rating": 0.7

461

+

},

462

+

{

463

+

"uuid": "550e8400-e29b-41d4-a716-446655440122",

464

+

"type": "regex",

465

+

"value": "\\b\\w*(.)\\1{4,}\\w*\\b",

466

+

"rating": 0.6

467

+

},

468

+

{

469

+

"uuid": "550e8400-e29b-41d4-a716-446655440123",

470

+

"type": "regex",

471

+

"value": "[!@#$%^&*]{4,}",

472

+

"rating": 0.5

473

+

},

474

+

{

475

+

"uuid": "550e8400-e29b-41d4-a716-446655440124",

476

+

"type": "regex",

477

+

"value": "\\d+\\.\\d+\\.\\d+\\.\\d+",

478

+

"rating": 0.8

479

+

},

480

+

{

481

+

"uuid": "550e8400-e29b-41d4-a716-446655440125",

482

+

"type": "regex",

483

+

"value": "\\b(URGENT|IMPORTANT|IMMEDIATE).*\\b(ACTION|RESPONSE)\\b",

484

+

"rating": 0.8

485

+

}

486

+

]

487

+

}

488

+

]

489

+

}

portalzine / mosparo rule package example

portalzine revised this gist 1 month ago. Go to revision

		@@ -0,0 +1,489 @@
1	+	{
2	+	"lastUpdatedAt": "2025-11-11T12:00:00Z",
3	+	"refreshInterval": 3600,
4	+	"rules": [
5	+	{
6	+	"uuid": "550e8400-e29b-41d4-a716-446655440000",
7	+	"name": "Common Spam Words",
8	+	"description": "Detects common spam keywords and phrases",
9	+	"type": "word",
10	+	"spamRatingFactor": 1.2,
11	+	"items": [
12	+	{
13	+	"uuid": "550e8400-e29b-41d4-a716-446655440001",
14	+	"type": "text",
15	+	"value": "viagra",
16	+	"rating": 0.9
17	+	},
18	+	{
19	+	"uuid": "550e8400-e29b-41d4-a716-446655440002",
20	+	"type": "text",
21	+	"value": "cialis",
22	+	"rating": 0.9
23	+	},
24	+	{
25	+	"uuid": "550e8400-e29b-41d4-a716-446655440003",
26	+	"type": "text",
27	+	"value": "free money",
28	+	"rating": 0.8
29	+	},
30	+	{
31	+	"uuid": "550e8400-e29b-41d4-a716-446655440004",
32	+	"type": "text",
33	+	"value": "win now",
34	+	"rating": 0.7
35	+	},
36	+	{
37	+	"uuid": "550e8400-e29b-41d4-a716-446655440005",
38	+	"type": "text",
39	+	"value": "click here",
40	+	"rating": 0.6
41	+	}
42	+	]
43	+	},
44	+	{
45	+	"uuid": "550e8400-e29b-41d4-a716-446655440010",
46	+	"name": "Suspicious Email Patterns",
47	+	"description": "Regex patterns to detect suspicious email formats and content",
48	+	"type": "regex",
49	+	"spamRatingFactor": 1.0,
50	+	"items": [
51	+	{
52	+	"uuid": "550e8400-e29b-41d4-a716-446655440011",
53	+	"type": "regex",
54	+	"value": "\\b[A-Z]{2,}\\s+[A-Z]{2,}\\s+[A-Z]{2,}\\b",
55	+	"rating": 0.7
56	+	},
57	+	{
58	+	"uuid": "550e8400-e29b-41d4-a716-446655440012",
59	+	"type": "regex",
60	+	"value": "\\$\\d+[,.]?\\d\\s(million\|billion\|thousand)",
61	+	"rating": 0.8
62	+	},
63	+	{
64	+	"uuid": "550e8400-e29b-41d4-a716-446655440013",
65	+	"type": "regex",
66	+	"value": "(?i)\\b(urgent\|immediate\|act\\s+now\|limited\\s+time)\\b",
67	+	"rating": 0.6
68	+	},
69	+	{
70	+	"uuid": "550e8400-e29b-41d4-a716-446655440014",
71	+	"type": "regex",
72	+	"value": "\\b\\d{1,2}%\\s+(?:off\|discount\|savings)\\b",
73	+	"rating": 0.5
74	+	}
75	+	]
76	+	},
77	+	{
78	+	"uuid": "550e8400-e29b-41d4-a716-446655440020",
79	+	"name": "Malicious User Agents",
80	+	"description": "Known malicious or suspicious user agent strings",
81	+	"type": "user-agent",
82	+	"spamRatingFactor": 1.5,
83	+	"items": [
84	+	{
85	+	"uuid": "550e8400-e29b-41d4-a716-446655440021",
86	+	"type": "text",
87	+	"value": "curl/",
88	+	"rating": 0.8
89	+	},
90	+	{
91	+	"uuid": "550e8400-e29b-41d4-a716-446655440022",
92	+	"type": "text",
93	+	"value": "wget/",
94	+	"rating": 0.8
95	+	},
96	+	{
97	+	"uuid": "550e8400-e29b-41d4-a716-446655440023",
98	+	"type": "text",
99	+	"value": "Python-urllib/",
100	+	"rating": 0.7
101	+	},
102	+	{
103	+	"uuid": "550e8400-e29b-41d4-a716-446655440024",
104	+	"type": "regex",
105	+	"value": "bot\|crawler\|spider",
106	+	"rating": 0.6
107	+	}
108	+	]
109	+	},
110	+	{
111	+	"uuid": "550e8400-e29b-41d4-a716-446655440030",
112	+	"name": "URL Spam Patterns",
113	+	"description": "Detects suspicious URLs and link patterns",
114	+	"type": "url",
115	+	"spamRatingFactor": 1.1,
116	+	"items": [
117	+	{
118	+	"uuid": "550e8400-e29b-41d4-a716-446655440031",
119	+	"type": "regex",
120	+	"value": "https?://bit\\.ly/[a-zA-Z0-9]+",
121	+	"rating": 0.5
122	+	},
123	+	{
124	+	"uuid": "550e8400-e29b-41d4-a716-446655440032",
125	+	"type": "regex",
126	+	"value": "https?://tinyurl\\.com/[a-zA-Z0-9]+",
127	+	"rating": 0.5
128	+	},
129	+	{
130	+	"uuid": "550e8400-e29b-41d4-a716-446655440033",
131	+	"type": "text",
132	+	"value": ".tk",
133	+	"rating": 0.7
134	+	},
135	+	{
136	+	"uuid": "550e8400-e29b-41d4-a716-446655440034",
137	+	"type": "text",
138	+	"value": ".ml",
139	+	"rating": 0.7
140	+	}
141	+	]
142	+	},
143	+	{
144	+	"uuid": "550e8400-e29b-41d4-a716-446655440040",
145	+	"name": "Phishing Keywords",
146	+	"description": "Common phishing and social engineering terms",
147	+	"type": "word",
148	+	"spamRatingFactor": 1.3,
149	+	"items": [
150	+	{
151	+	"uuid": "550e8400-e29b-41d4-a716-446655440041",
152	+	"type": "text",
153	+	"value": "verify your account",
154	+	"rating": 0.8
155	+	},
156	+	{
157	+	"uuid": "550e8400-e29b-41d4-a716-446655440042",
158	+	"type": "text",
159	+	"value": "suspended account",
160	+	"rating": 0.8
161	+	},
162	+	{
163	+	"uuid": "550e8400-e29b-41d4-a716-446655440043",
164	+	"type": "text",
165	+	"value": "update payment",
166	+	"rating": 0.7
167	+	},
168	+	{
169	+	"uuid": "550e8400-e29b-41d4-a716-446655440044",
170	+	"type": "text",
171	+	"value": "click to confirm",
172	+	"rating": 0.6
173	+	},
174	+	{
175	+	"uuid": "550e8400-e29b-41d4-a716-446655440045",
176	+	"type": "text",
177	+	"value": "security alert",
178	+	"rating": 0.7
179	+	}
180	+	]
181	+	},
182	+	{
183	+	"uuid": "550e8400-e29b-41d4-a716-446655440050",
184	+	"name": "Cryptocurrency Spam",
185	+	"description": "Detects cryptocurrency-related spam and scam content",
186	+	"type": "word",
187	+	"spamRatingFactor": 1.4,
188	+	"items": [
189	+	{
190	+	"uuid": "550e8400-e29b-41d4-a716-446655440051",
191	+	"type": "text",
192	+	"value": "bitcoin investment",
193	+	"rating": 0.8
194	+	},
195	+	{
196	+	"uuid": "550e8400-e29b-41d4-a716-446655440052",
197	+	"type": "text",
198	+	"value": "crypto trading bot",
199	+	"rating": 0.7
200	+	},
201	+	{
202	+	"uuid": "550e8400-e29b-41d4-a716-446655440053",
203	+	"type": "text",
204	+	"value": "guaranteed profits",
205	+	"rating": 0.9
206	+	},
207	+	{
208	+	"uuid": "550e8400-e29b-41d4-a716-446655440054",
209	+	"type": "text",
210	+	"value": "mining software",
211	+	"rating": 0.6
212	+	},
213	+	{
214	+	"uuid": "550e8400-e29b-41d4-a716-446655440055",
215	+	"type": "text",
216	+	"value": "wallet recovery",
217	+	"rating": 0.8
218	+	}
219	+	]
220	+	},
221	+	{
222	+	"uuid": "550e8400-e29b-41d4-a716-446655440060",
223	+	"name": "Code Injection Patterns",
224	+	"description": "Detects common code injection attempts",
225	+	"type": "regex",
226	+	"spamRatingFactor": 2.0,
227	+	"items": [
228	+	{
229	+	"uuid": "550e8400-e29b-41d4-a716-446655440061",
230	+	"type": "regex",
231	+	"value": "<script[^>]>.?</script>",
232	+	"rating": 1.0
233	+	},
234	+	{
235	+	"uuid": "550e8400-e29b-41d4-a716-446655440062",
236	+	"type": "regex",
237	+	"value": "javascript:",
238	+	"rating": 0.9
239	+	},
240	+	{
241	+	"uuid": "550e8400-e29b-41d4-a716-446655440063",
242	+	"type": "regex",
243	+	"value": "(?i)\\b(SELECT\|UNION\|DROP\|INSERT)\\b.*\\b(FROM\|TABLE)\\b",
244	+	"rating": 1.0
245	+	},
246	+	{
247	+	"uuid": "550e8400-e29b-41d4-a716-446655440064",
248	+	"type": "regex",
249	+	"value": "\\bon\\w+\\s*=",
250	+	"rating": 0.8
251	+	},
252	+	{
253	+	"uuid": "550e8400-e29b-41d4-a716-446655440065",
254	+	"type": "regex",
255	+	"value": "document\\.cookie",
256	+	"rating": 0.9
257	+	}
258	+	]
259	+	},
260	+	{
261	+	"uuid": "550e8400-e29b-41d4-a716-446655440070",
262	+	"name": "SEO Spam Keywords",
263	+	"description": "Common SEO and marketing spam terms",
264	+	"type": "word",
265	+	"spamRatingFactor": 0.8,
266	+	"items": [
267	+	{
268	+	"uuid": "550e8400-e29b-41d4-a716-446655440071",
269	+	"type": "text",
270	+	"value": "SEO services",
271	+	"rating": 0.6
272	+	},
273	+	{
274	+	"uuid": "550e8400-e29b-41d4-a716-446655440072",
275	+	"type": "text",
276	+	"value": "rank higher",
277	+	"rating": 0.5
278	+	},
279	+	{
280	+	"uuid": "550e8400-e29b-41d4-a716-446655440073",
281	+	"type": "text",
282	+	"value": "backlinks",
283	+	"rating": 0.6
284	+	},
285	+	{
286	+	"uuid": "550e8400-e29b-41d4-a716-446655440074",
287	+	"type": "text",
288	+	"value": "increase traffic",
289	+	"rating": 0.5
290	+	},
291	+	{
292	+	"uuid": "550e8400-e29b-41d4-a716-446655440075",
293	+	"type": "text",
294	+	"value": "link building",
295	+	"rating": 0.6
296	+	}
297	+	]
298	+	},
299	+	{
300	+	"uuid": "550e8400-e29b-41d4-a716-446655440080",
301	+	"name": "Adult Content Keywords",
302	+	"description": "Detects adult content and inappropriate material",
303	+	"type": "word",
304	+	"spamRatingFactor": 1.5,
305	+	"items": [
306	+	{
307	+	"uuid": "550e8400-e29b-41d4-a716-446655440081",
308	+	"type": "text",
309	+	"value": "adult dating",
310	+	"rating": 0.8
311	+	},
312	+	{
313	+	"uuid": "550e8400-e29b-41d4-a716-446655440082",
314	+	"type": "text",
315	+	"value": "cam girls",
316	+	"rating": 0.9
317	+	},
318	+	{
319	+	"uuid": "550e8400-e29b-41d4-a716-446655440083",
320	+	"type": "text",
321	+	"value": "hookup tonight",
322	+	"rating": 0.8
323	+	},
324	+	{
325	+	"uuid": "550e8400-e29b-41d4-a716-446655440084",
326	+	"type": "text",
327	+	"value": "singles near you",
328	+	"rating": 0.7
329	+	},
330	+	{
331	+	"uuid": "550e8400-e29b-41d4-a716-446655440085",
332	+	"type": "text",
333	+	"value": "meet locals",
334	+	"rating": 0.6
335	+	}
336	+	]
337	+	},
338	+	{
339	+	"uuid": "550e8400-e29b-41d4-a716-446655440090",
340	+	"name": "Pharmaceutical Spam",
341	+	"description": "Illegal pharmacy and drug-related spam",
342	+	"type": "word",
343	+	"spamRatingFactor": 1.6,
344	+	"items": [
345	+	{
346	+	"uuid": "550e8400-e29b-41d4-a716-446655440091",
347	+	"type": "text",
348	+	"value": "pharmacy online",
349	+	"rating": 0.8
350	+	},
351	+	{
352	+	"uuid": "550e8400-e29b-41d4-a716-446655440092",
353	+	"type": "text",
354	+	"value": "no prescription",
355	+	"rating": 0.9
356	+	},
357	+	{
358	+	"uuid": "550e8400-e29b-41d4-a716-446655440093",
359	+	"type": "text",
360	+	"value": "weight loss pills",
361	+	"rating": 0.7
362	+	},
363	+	{
364	+	"uuid": "550e8400-e29b-41d4-a716-446655440094",
365	+	"type": "text",
366	+	"value": "enhancement pills",
367	+	"rating": 0.8
368	+	},
369	+	{
370	+	"uuid": "550e8400-e29b-41d4-a716-446655440095",
371	+	"type": "text",
372	+	"value": "discount pharmacy",
373	+	"rating": 0.7
374	+	}
375	+	]
376	+	},
377	+	{
378	+	"uuid": "550e8400-e29b-41d4-a716-446655440100",
379	+	"name": "Suspicious Email Patterns",
380	+	"description": "Detects suspicious email address patterns",
381	+	"type": "regex",
382	+	"spamRatingFactor": 1.2,
383	+	"items": [
384	+	{
385	+	"uuid": "550e8400-e29b-41d4-a716-446655440101",
386	+	"type": "regex",
387	+	"value": "\\b[a-z]{1,3}\\d{3,}@[a-z]+\\.[a-z]{2,}\\b",
388	+	"rating": 0.7
389	+	},
390	+	{
391	+	"uuid": "550e8400-e29b-41d4-a716-446655440102",
392	+	"type": "regex",
393	+	"value": "\\bnoreply\\d+@[a-z]+\\.[a-z]{2,}\\b",
394	+	"rating": 0.6
395	+	},
396	+	{
397	+	"uuid": "550e8400-e29b-41d4-a716-446655440103",
398	+	"type": "regex",
399	+	"value": "\\btest\\d*@[a-z]+\\.[a-z]{2,}\\b",
400	+	"rating": 0.5
401	+	},
402	+	{
403	+	"uuid": "550e8400-e29b-41d4-a716-446655440104",
404	+	"type": "regex",
405	+	"value": "\\b\\w+\\.\\w+\\.\\w+@[a-z]+\\.[a-z]{2,}\\b",
406	+	"rating": 0.6
407	+	}
408	+	]
409	+	},
410	+	{
411	+	"uuid": "550e8400-e29b-41d4-a716-446655440110",
412	+	"name": "International Spam Terms",
413	+	"description": "Spam terms in multiple languages",
414	+	"type": "word",
415	+	"spamRatingFactor": 1.0,
416	+	"items": [
417	+	{
418	+	"uuid": "550e8400-e29b-41d4-a716-446655440111",
419	+	"type": "text",
420	+	"value": "kostenlos",
421	+	"rating": 0.6
422	+	},
423	+	{
424	+	"uuid": "550e8400-e29b-41d4-a716-446655440112",
425	+	"type": "text",
426	+	"value": "gratis",
427	+	"rating": 0.6
428	+	},
429	+	{
430	+	"uuid": "550e8400-e29b-41d4-a716-446655440113",
431	+	"type": "text",
432	+	"value": "casino",
433	+	"rating": 0.7
434	+	},
435	+	{
436	+	"uuid": "550e8400-e29b-41d4-a716-446655440114",
437	+	"type": "text",
438	+	"value": "lottery winner",
439	+	"rating": 0.8
440	+	},
441	+	{
442	+	"uuid": "550e8400-e29b-41d4-a716-446655440115",
443	+	"type": "text",
444	+	"value": "inheritance claim",
445	+	"rating": 0.9
446	+	}
447	+	]
448	+	},
449	+	{
450	+	"uuid": "550e8400-e29b-41d4-a716-446655440120",
451	+	"name": "Suspicious Text Patterns",
452	+	"description": "Various suspicious formatting and text patterns",
453	+	"type": "regex",
454	+	"spamRatingFactor": 1.1,
455	+	"items": [
456	+	{
457	+	"uuid": "550e8400-e29b-41d4-a716-446655440121",
458	+	"type": "regex",
459	+	"value": "\\b[A-Z]{4,}\\s+[A-Z]{4,}\\s+[A-Z]{4,}",
460	+	"rating": 0.7
461	+	},
462	+	{
463	+	"uuid": "550e8400-e29b-41d4-a716-446655440122",
464	+	"type": "regex",
465	+	"value": "\\b\\w(.)\\1{4,}\\w\\b",
466	+	"rating": 0.6
467	+	},
468	+	{
469	+	"uuid": "550e8400-e29b-41d4-a716-446655440123",
470	+	"type": "regex",
471	+	"value": "[!@#$%^&*]{4,}",
472	+	"rating": 0.5
473	+	},
474	+	{
475	+	"uuid": "550e8400-e29b-41d4-a716-446655440124",
476	+	"type": "regex",
477	+	"value": "\\d+\\.\\d+\\.\\d+\\.\\d+",
478	+	"rating": 0.8
479	+	},
480	+	{
481	+	"uuid": "550e8400-e29b-41d4-a716-446655440125",
482	+	"type": "regex",
483	+	"value": "\\b(URGENT\|IMPORTANT\|IMMEDIATE).*\\b(ACTION\|RESPONSE)\\b",
484	+	"rating": 0.8
485	+	}
486	+	]
487	+	}
488	+	]
489	+	}

			@@ -0,0 +1 @@
	1	+	07be17de35d734cdd01481f3339ac1baafae897d958a5a863edc53a90e43d83b rulepackage.json