header DRILLCLUB_SUBJECT Subject =~ /^SEXUALLY-EXPLICIT: /
describe DRILLCLUB_SUBJECT Subject for drillclub.com pr0n spam.
score DRILLCLUB_SUBJECT 2

body DRILLCLUB_URL /http:\/\/www.drillclub.com\/gen_ads\/gen_mail.php/
describe DRILLCLUB_URL URL in drillclub.com pr0n spam.
score DRILLCLUB_URL 2

# We'll ding them on the RO if either of the other two matched.
meta DRILLCLUB_RO (__DRILLCLUB_AND_SIXFIGURE_RO && (DRILLCLUB_SUBJECT + DRILLCLUB_URL) > 0)
describe DRILLCLUB_RO drillclub.com sets Status: RO
score DRILLCLUB_RO 1

# Appears both in the above AND in the below! Same software?
header __DRILLCLUB_AND_SIXFIGURE_RO Status =~ /^RO$/

# "six figure income" work at home spam
#
# Does some anti-bayes stuff (bits of fiction--maybe copyright
# infringement?) so we need to bump the under-Bayes scores way up.
#
# Subject: A Business which Earns Substantial Income
# Subject: Unbelievable 100% Automated System! can earn you 6 Figure Income Online!
#
# Message-ID: <5754DFE7.680D148@mail.bulgaria.com>
# Message-ID: <6FEABD28.4EF47D2@girl-punk.net>
#
# URLs:
# http://aMWP.bgv.yourproductweapon.com/bl/
# http://p.pcsd.productadvancespro.com/bl/
#
# uniform body snippits:
# or to see our address.
# automatic marketing system
#
# Similar text:
# Your financial fitness is in your hands.
# Your financial independence is\nwithin your grasp.
#
# Modeling this off the NIGERIAN stuff

header SIXFIGURE_SUBJECT Subject =~ /\b[eE]arn(s)?\b.*\bIncome\b/
describe SIXFIGURE_SUBJECT 6 Figure Income spam subject
score SIXFIGURE_SUBJECT .5 .5 1.5 1.5
# Being cautious with the scoring since the match is pretty fuzzy.

header SIXFIGURE_MESSAGEID MESSAGEID =~ /<[A-Z0-9]{8}\.[A-Z0-9]{7}@.*>/
describe SIXFIGURE_MESSAGEID 6 Figure Income spam Message-ID
score SIXFIGURE_SUBJECT 1 1 2.5 2.5

body __SIXFIGURE_BODY_1 /or to see our address./
body __SIXFIGURE_BODY_2 /automatic marketing system/
body __SIXFIGURE_BODY_3 /Your financial (fitness|independence) is/
body __SIXFIGURE_BODY_4 /http:\/\/[a-zA-Z]*.[a-zA-Z]*\..*product.*\.com\/bl\//

meta SIXFIGURE_BODY1 (__SIXFIGURE_BODY_1 + __SIXFIGURE_BODY_2 + __SIXFIGURE_BODY_3 + __SIXFIGURE_BODY_4) > 0
meta SIXFIGURE_BODY2 (__SIXFIGURE_BODY_1 + __SIXFIGURE_BODY_2 + __SIXFIGURE_BODY_3 + __SIXFIGURE_BODY_4) > 1
meta SIXFIGURE_BODY3 (__SIXFIGURE_BODY_1 + __SIXFIGURE_BODY_2 + __SIXFIGURE_BODY_3 + __SIXFIGURE_BODY_4) > 2
meta SIXFIGURE_BODY4 (__SIXFIGURE_BODY_1 + __SIXFIGURE_BODY_2 + __SIXFIGURE_BODY_3 + __SIXFIGURE_BODY_4) > 3

describe SIXFIGURE_BODY1 6 Figure Income spam, 1+ body hits
describe SIXFIGURE_BODY2 6 Figure Income spam, 2+ body hits
describe SIXFIGURE_BODY3 6 Figure Income spam, 3+ body hits
describe SIXFIGURE_BODY4 6 Figure Income spam, 4+ body hits

score SIXFIGURE_BODY1 1.5 1 3 2.5
score SIXFIGURE_BODY2 .5 .4 1.5 1.25
score SIXFIGURE_BODY3 .5 .4 1.5 1.25
score SIXFIGURE_BODY4 .5 .4 1.5 1.25

# We'll ding them on the RO if there are any two of:
# - two or more body matches
# - subject
# - message-id
meta SIXFIGURE_RO (__DRILLCLUB_AND_SIXFIGURE_RO && (SIXFIGURE_BODY2 + SIXFIGURE_SUBJECT + SIXFIGURE_MESSAGEID) > 1)
describe SIXFIGURE_RO 6 Figure Income sets Status: RO
score SIXFIGURE_RO .25 .25 .75 .75