# don't bother checking attachment bodies.  this will greatly speed
# up processing of large messages.
/^[0-9a-z+\/=]{60,}\s*$/		OK

# whitelist false-positive match for cialis
/commercialis|provincialis|socialis|Catalys|alias|clear/    OK

# whitelist multiple quoting levels
/^\s*(?:[>|:_*#-]\s*){3,}/	OK


/<\s*iframe\s+src\s*=(3D)?\s*"?cid:.*"?\s+height\s*=(3D)?\s*"?0"?\s+width\s*=(3D)?\s*"?0"?\s*>/	REJECT virus rejected.
/<\s*embed\s+src\s*=(3D)?\s*"?cid:.*"?\s+style\s*=(3D)?\s*"?display:none"?\s*>/	REJECT virus rejected.

/^(Content-(Disposition: (?:attachment|inline);|Type:).*|\s+)(file)?name\s*=\s*"?.*\.(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|ocx|pcd|pif|reg|sc[rt]|sh[bs]|url|vb[esx]?|vxd|ws[cfh])"?\s*$/	REJECT executable file type rejected, please compress with zip and resend


/^begin [0-9]{1,4} .*\.(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|ocx|pcd|pif|reg|sc[rt]|sh[bs]|url|vb[esx]?|vxd|ws[cfh])$/	REJECT executable file type rejected, please compress with zip and resend

# corrupt gifs.  probably virus.  filename always seems to be someword.[0-9].gif
/^(Content-(Disposition: (?:attachment|inline);|Type:).*|\s+)(file)?name\s*=\s*"\w*\.[0-9]*\.gif"?\s*$/       REJECT virus rejected

#PILLSdoc.uS
# toner cartridges
/1.888.288.9043|1.888.977.1577|1.888.248.4930/	REJECT

# reject multiple html comments on a line
/(?:<!(?:--|[^>]*>).*){4}/              REJECT

# .EXE attachments
/^TV[nopqr]....[AB]..A.A/i  REJECT Email with EXE files attached denied
/^M35[GHIJK].`..`..*````/i  REJECT Email with EXE files attached denied

# diploma spam
/203-286-2187|44-207-681-2635|206-338-6061/  REJECT
/U\s*.?N\s*.?I\s*.?V\s*.?E\s*.?R\s*.?S\s*.?I\s*.?T\s*.?Y\s*.?D\s*.?I\s*.?P\s*.?L\s*.?O\s*.?M\s*.?A/	REJECT
/d\s*.?i\s*.?p\s*.?l\s*.?o\s*.?m\s*.?a(?:\s*.?s)?\s*.?a\s*.?v\s*.?a\s*.?i\s*.?l\s*.?a\s*.?b\s*.?l\s*.?e/	REJECT
/GET YOUR UNIVERSITY DIPLOMA/				REJECT
/U N IVERSI T Y|D I PL0 M A/				REJECT
/Contact us NOW to receive your diploma/	REJECT
/G.?e.?n.?u.?i.?n.?e.? .?C.?o.?l.?l.?e.?g.?e.? .?D.?e.?g.?r.?e.?e|No Study Required/	REJECT
/Our University Enroll?ment department has been trying to contact you|you may be eligble for a degree|If you enroll? by the due date then your degree/	REJECT
/Bachel0rs|D0ctorate|rec0rds|opp0rtunity|all0wing|c0llege/	REJECT

# Business Seminars Australia
/60\s+106\s+529\s+604|Business\s+Seminars\s+Australia|P\.?O\.?\s*Box\s+6099,?\s+East\s+Perth|ausremove\@china.com/      REJECT

# a common almost-empty spam contains only a html image link 
/<center><!--[^>]+--><a href="[^"]+">(?:<!--[^>]+-->)?<img src="[^"]+" [^>]*border=(?:0|"")>(?:<!--[^>]+-->)?<\/a>(?:<!--[^>]+-->)?<\/center>/          REJECT  


# embedded images
/\bsrc\s*=(?:3D)?\s*"?cid:/	REJECT

/\.(net|com|org|us|biz)\?rid=/  REJECT

#/(?:Password\s*is\s*|Note: Use  password|use the  following password:|Password - |Archive password:|)<img\s*src="cid:/		REJECT VIRUS
/password.{1,30}<img\s*src="cid:/		REJECT VIRUS

# bogus virus notifications (backscatter)
/^NOTE: An attachment named .* was deleted from/	REJECT unwanted virus notification.
/^ScanMail has detected a virus during a real-time scan of the mail traffic/	REJECT unwanted virus notification.
/^has not been delivered, because contains an infected object/	REJECT unwanted virus notification.
/^ScanMail for Microsoft Exchange has detected virus-infected attachment/  REJECT unwanted virus notification.
/^Symantec AntiVirus found a virus in an attachment you/  REJECT unwanted virus notification.
/^Prohibited attachment: [a-zA-Z0-9._-]+$/  REJECT unwanted virus notification.
/^Network Associates WebShield .* detected virus /  REJECT unwanted virus notification.
/^The Declude Virus software on our mail server detected the/  REJECT unwanted virus notification.

/^The advanced content filter defined by InterScan MSS blocked the following message/  REJECT unwanted virus notification.
/^MailMarshal \(an automated content monitoring gateway\) has stopped/  REJECT unwanted virus notification.

/^Sender, InterScan has detected virus(es) in your e-mail attachment/  REJECT unwanted virus notification.


/https?:\/\/www\.plaxo\.com\/edit_contact/	REJECT plaxo.com spam is not wanted here.


# miscellaneous
/\/(?:[A-Z][A-Z]\d+\|green)\/(?:.*\.php)?\?affiliate_id/	REJECT
/\/(confirm|remove)\/\?oc=/					REJECT
/\/twer\.gif/								REJECT

/\/(?:g73|sm|d13|sv|hgh|l17|gv|st|sv)\/index\.php\??/		REJECT
/\/(?:gp|er|tp)\/(?:default|er|index)\.asp\??/			REJECT  
/\/(?:stop|remove|email_?remove|optout|out|link|chair)\.(?:php|asp|htm|cgi|pl)|emailremove\.(?:php|asp|htm|cgi|pl)/	REJECT
/\/(\?AFF_ID=|\?AFF%5FID=)/					REJECT
/(?:\/sr\/\?ui|\/(?:if|block)\/ad_opt|\/sr\/rd\.cgi\?|\/(?:if|block)\/_pt_)/		REJECT
/\/(?:pt|sv)\//							REJECT
/d.i.p.l.o.m.a/								REJECT
/\.(?:com|net|org|biz|us)\?r/				REJECT
/%RND_WORD|%RND_AD_2|%RND_ALL_OTHER_MEDS|%RND_HOST/		REJECT
/\b(?:H[iy|]dr[o0]c[o0]d[o0]n[e3]|V[i1]c[o0]d[i1|]n|C[i1|]al[i1|]s|l[e3]v[i1|]tra|V[|1]a.?g.?ra)\b/   REJECT
/\/index\.(?:php|asp|htm|cgi|pl)\?refid=/					REJECT
/\?partid=/									REJECT
/\/(?:content|support|web)\/\?oc/			REJECT
/\/(?:jn\date)\/?:r[rd]\.cgi\?/				REJECT  
/\/(?:genlogo|logogen)\.img\?/				REJECT
/\/pp\/atrack\.(?:php|asp|htm|cgi|pl)/			REJECT
/\/apb\/tracking\.(?:php|asp|htm|cgi|pl)/		REJECT

/http:\/\/[a-z0-9]+\.[a-z0-9]+\.(?:com|us|org|biz|info)\/at\/?"?>/			REJECT

/\bhref[a-z0-9]+href=/						REJECT

/script\s+language\s*=(3D)?\s*"?JScript.Encode"?/       REJECT

/You may read more stories about the crash on visiting these websites:/		REJECT
/because we are accepting your mort|Our office confirms you can get a|Approval process will take.*1 minute/	REJECT

/Advertising (done )?by VD Markett?ing Ltd/	REJECT
/R[0o]CKHARD.*[3E]R[3E]CT[il][o0]N/	REJECT

/\bD.R.U.G.S\b/	REJECT
/Get a capable html e-mailer/	REJECT


# Cialis, hydrocodone, levitra, viagra, vicodin, etc
/\b(C.?[:yit|1l].?[ãa\@4].?(?:[l1|].?){1,2}[:yitãa\@4|l1].?[s5]|L.?[e3].?V.?[:yit|1l].?T.?R.?[ãa\@4]|V.?[:yit|1l].?[ãa\@4e].?g.?r.?[ãa\@4]|V.?[:yit|1l].?C.?[O0].?D.?[:yit|1l].?N?|\bH.?[:yit|1l].?d.?r.?[o0].?c.?[o0].?d.?[o0].?n.?[e3]|T.?[ãa\@4].?d.?[ãa\@4].?[l1|].?[ãa\@4].?f.?[:yit|1l].?[l1|])/    REJECT

# lines consisting only of at least 6 chars separated by spaces, with
# any amount of optional leading or trailing white space
# e.g.
# V A L I U M
# V h A f L l l v U j M b
/^\s*(?:\S{1,2}\s+){4,}\S{0,2}\s*(?:\$\s*[0-9., ]{4,})?(?:=20|<BR>)?\s*$/	REJECT

/^<\s*DIV\s*>\s*[VXCAH]\s*<\s*FONT\s*color\s*=#(?:3d)?\s*"?FFFFFF"?/	REJECT

# drug spams
/(?:Cost|Price) in your (?:local )?(?:drugstore|medstore)/	REJECT
/Herbal.V/	REJECT
/cailis|ptabs/	REJECT
/Prropecja|Levjttra|Ambbjen|CjALLjS|VALLjUM|VjAGGRA|Vjaagra|Vjjagra/	REJECT
/CjALjj\.S|CjALj\.S|Cj\.\.aljs|CjAALj\.S/	REJECT
/Sooftt\.abs|Softt\.\.abs|Sofftt\.abs|Sofft T\.abss|Softtt\.abs/	REJECT

/^\s*(?:VA|XA|CI|AG|LIU|NA|ALI|RA)\s*$/	REJECT
/<DIV>\s*(?:VA|XA|CI|AG|LIU|NA|ALI|RA)\s*<\/DIV>/	REJECT

/^\s*(?:Som|Xana|CALIS|Proecia|Lvitra|Pxil|mbien|Merida|VIGRA|VAIUM)\s*$/	REJECT

/\bp.e.n.i.s\b/	REJECT

/Penls|phartmacy|Get your Viag|CIlck here and make sure/	REJECT
/ejjaculation|peniis|penniss|monneyy|N-largement/	REJECT
/M E D S|online drugs|eXclusive Generics|^Get ready in 15 minutes|go to the site/	REJECT
/Increase.*Penis Width|Gain.*\d+\+.*Inches|Stop Premature Ejaculation|Rock Hard Erections/ REJECT

/^(?:right|float|"?>\s*.\s*<\/span>\s*.\s*<span style="?)$/	REJECT

/(?:<(?:STRONG|DIV)\s*>\s*[A-Z]{1,2}\s*<\/(?:STRONG|DIV)\s*>.*){3,}/	REJECT

/dr@g.*store|Our store is VERIFIED BY BBB|All transactions are APPROVED BY VISA|love life enhancer|Need some love pi11s|medication for Erectile Difficulties|If you are already paying hundreds of dollars/	REJECT


# pirate software spam
/All the software is in the English language for PC\./		REJECT
/All the software is OEM-/					REJECT
/Dear CheapSoft Customer|You spend your money and time on CheapSoft/	REJECT
/^Access all the popular software imaginable for extremely low prices!/	REJECT
/^Get access to all the popular software you ever imagined for less!/	REJECT
#/^We sell software \d+ ?- ?\d+ times cheaper than/	REJECT
/^(?:our|We sell) software (?:is )?\d+ ?- ?\d+ times cheaper than/	REJECT
/^Norton Internet Security Pro 2004 Professional \(Including: AntiVirus + AntiSpam + Firewall\)/	REJECT
/^Categories: Business, Internet, Antivirus, Security, etc.<br>/	REJECT
/^To change your mail (details|preferences), go:/	REJECT
/Available for INSTANT download|^Best Sellers Software|Windows XP Professional With SP. Full Version/	REJECT
/cheap oem soft|\d+\s*% Off for All.*Software|microsoft, adobe, macromedia!|New software on our site:|^(Acrobat 6 Professional|Project 2003 Professional|Acrobat 6 Professional|CorelDraw Graphics Suite)[-\.\s]*\$/	REJECT
/ProSoftware.*Team/	REJECT


# rolex etc spams
/(?:reproductions?|REPLI[kC]A(?:tion)?s?|imitation) (?:wrist.?)?(?:WATCH|r[o0]lex|time.?piece)|(?:watch|r[o0]lex|time.?piece) (?:repli[ck]a|repro|imitation)|ROLEX, CARTIER, PIAGET Repli[ck]as|r0lex|Repli[ck]ated to the smallest detail|identical to branded|99[0-9. ]*% like original/    REJECT
/R.E.P.L.I.C.A|W.A.T.C.H/	REJECT

# pump and dump spams
/^(?:Trade Date|Stock|Expected Target|Last Trade|Short Term Target|12month Target|\d+ day expected price)\s*[-:] /	REJECT
/Big news expected|This should invoke LARGE gains|This stock will explode|Do not wait until it is too late|This has been a great producer in our last PR Campaign|There is a Big PR Campaign running|This Is Going To Explode!/	REJECT
/Expected \d+ day price|\d+ day expected price/	REJECT
/Get Ready For A Great Week In Trading/	REJECT
/We recommend this as a VERY str..?ng/	REJECT
/^(?:(?:L.?a.?[5s].?t.?|P.?r.?[3e].?[5s].?[3e].?n.?t.?).?Pr[1i]c[3e]|(?:[5S].?h.?[o0].?r.?t.?|L.?[0o].?n.?g.?)..?T.?[3e].?r.?m|Sym)[-:;]/	REJECT
/^(?:S.?[yi].?m.?b.?[0o].?[1l]|P.?r.?[0o].?f.?[1i].?[1l].?[3e].?d|S.?[3e].?c.?t.?[0o].?r|I.?N.?F.?0|(?:O.?v.?[3e].?r|R.?[3e]).?v.?i.?e.?w|Profit Potential)[-:;]/	REJECT

/^C[o0][:;]/	REJECT

/\d+ Day Projection.?:/	REJECT
/St0ck|h0t|Brand new sto ?ck|A\|ert|Recommendati0n|Sh0rt|STR0NG|M0ney|GL0RY|GR0UP|GOOD LUCK AND TRADE AT THE TOP|^Present_Price:|^Sym:|^Co:/	REJECT
/Gr0wth|R[3e]p0rt|0pt[1il]0ns|c0nsu[il1]t/	REJECT
/r3g1stered|1nvestment|advis0r|br0ker|GWNV accepts no liability|th0usand|d0ll4rs/	REJECT

/S.?t.?o.?c.?k.? .?A.?l.?e.?r.?t/	REJECT
/S.?e.?c.?t.?i.?o.?n.? .?2.?7.?A.? .?o.?f.? .?t.?h.?e.? .?S.?e.?c.?u.?r.?i.?t.?i.?e.?s.? .?A.?c.?t/	REJECT
/Market Pulse|TRADE OUT THE TOP|For more in depth information about this exciting company/	REJECT
/(?:^V.?o.?l.?u.?m.?e.? .?I.?n.?c.?r.?e.?a.?s.?e.?|H e a d l i n e|G.?o.?o.?d.?.?.?T.?r.?a.?d.?i.?n.?g)/	REJECT
/Inf0rmati0n|c0ntains|predicti0ns|expectati0ns|pr0jecti0ns|0bjectives|g0als|assumpti0ns|perf0rmance/	REJECT
/^(?:pr0f1led|Se ct0r|Symb01|C0mpany Info):/	REJECT
/EVER_-_GL0RY/	REJECT
/Stop further communication by/	REJECT
/last pick was up over \d+ percent|You can easily turn \$500 into|\$2,500 or more!/	REJECT
/A Massive PR Campaign is Underway/		REJECT
/approve.*loan|Are you in debt|loan.*quote|free.*loan/	REJECT
/Direct Investors|3196 Highway Rd/	REJECT



/\/\/(?:www|uk|asia|ca|au)?\.?geocities\.com\/(?:[a-z0-9-]{6,}\d{3,}|[a-z0-9-]{3,}\d{3,}[a-z0-9-]{3,}\d{3,})\//	REJECT
#/V.*i.*s.*i.*t.*o.*u.*r.*s.*i.*t.*e.*geocities/	REJECT
/H.*urry, when these dea.*s are gone, they are gone !/	REJECT
#/D.*e.*a.*r.*H.*o.*m.*e.*O.*w.*n.*e.*r.*,/	REJECT
#/D.*r.*H.*o.*m.*e.*O.*w.*n.*e.*r.*/	REJECT
#/A.*p.*p.*r.*o.*v.*a.*l.*M.*a.*n.*a.*g.*e.*r/	REJECT


# 419 spams
/IRISH LOTTERY|Sweepstakes International|LOTTERY TREASURY|LOTTO NL/	REJECT
/(?:winning addresses were randomly selected|LOTTO INTERNATIONAL|LOTTERIES|promotional program|The Lotto Company|immediate release of your|LOTTERY ONLINE|FAILURE TO CLAIM YOUR WIN WILL|THE WINNING TICKET WAS SELECTED FROM A DATA BASE)/	REJECT
/GOLDEN RAND LOTTERY/						REJECT
/URGENT INVESTOR TRADING ALERT|WEEKLY STOCK PICK|PLEASE DO YOUR OWN DUE DILLIGENCE BEFORE/		REJECT

# mortgage spams
/Dear Home Owner|Your credit doesn't matter to us|Don't worry about approval|your credit will not disqualify you|stop the current promo/	REJECT
/As we all know the real estate market is about to crash|In .* 200. there were.*foreclosures|This is your chance to learn the game and make huge daily returns|Get A Complimentary Copy .* Book By|^Newsletter Subscriber,$/	REJECT
/it doesn't matter to us\s*!|span>\s*\w*\s*\bHome\b\s*\w*\s*<span/	REJECT


# link spams
/We are interested in the possibility of exchanging links with your site|It will be visible within 24 hours, when we update the site|We would appreciate if you could link back to us|We will check for the reciprocal link|If we do not find our link on your site/	REJECT


# bogus URLs with < or > in them
/\"http:\/\/[^"]*[<>]/	REJECT

# more bogus URLs
/\/(?:signs|n|vk|mrg)\.asp/	REJECT
/\/ph\/\?/	REJECT
/^\s*(?:&nbsp;)*\s*\$(?:[0-9.]+)?<br>$/	REJECT

# lots of spam URLs are http://051.spamdom.com/ or http://043. - dunno why.
/http:\/\/(?:051|043)\./	REJECT

# More misc.
/L.?[0@].?[0@].?k.?i.?n.?g.?/	REJECT
/Seminario|OBJETIVO|CONTENIDO|CONFERENCISTAS|Autoliquidacion/	REJECT
/\b(?:Hey|Fwd?)[:,;]? *(?:cas|postmaster|webmaster|root|toni|claude|indigo)\b/	REJECT

/copy.*address.*paste.*(?:w.?e.?b.*)?b.?r.?o.?w.?s.?e.?r:/	REJECT

/swissecolife|EcoLife\s*Company|You must have a bank account/	REJECT

/DC Brands International,? Inc/	REJECT

/Endeavor Societies church addition Christian pledge/	REJECT

/Subject: Re: \w{5} news/	REJECT

/opt out of this campaign|Hoodia/	REJECT