# SpamAssassin rules file: HTML tests
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of either the Artistic License or the GNU General
# Public License as published by the Free Software Foundation; either
# version 1 of the License, or (at your option) any later version.
#
# See the file "License" in the top level of the SpamAssassin source
# distribution for more details.
#
###########################################################################

require_version @@VERSION@@

# HTML parser tests
#
# please sort these by eval type then name

# HTML control test, HTML spam rules should all have better S/O than this
body HTML_MESSAGE		eval:html_message()
describe HTML_MESSAGE		HTML included in message

# the HTML percentage range
# should really be converted into a numeric function test
body HTML_00_10			eval:html_range('ratio','0.00','0.10')
body HTML_10_20			eval:html_range('ratio','0.10','0.20')
body HTML_20_30			eval:html_range('ratio','0.20','0.30')
body HTML_30_40			eval:html_range('ratio','0.30','0.40')
body HTML_40_50			eval:html_range('ratio','0.40','0.50')
body HTML_50_60			eval:html_range('ratio','0.50','0.60')
body HTML_60_70			eval:html_range('ratio','0.60','0.70')
body HTML_70_80			eval:html_range('ratio','0.70','0.80')
body HTML_80_90			eval:html_range('ratio','0.80','0.90')
body HTML_90_100		eval:html_range('ratio','0.90','1.00')
describe HTML_00_10		Message is 0% to 10% HTML
describe HTML_10_20		Message is 10% to 20% HTML
describe HTML_20_30		Message is 20% to 30% HTML
describe HTML_30_40		Message is 30% to 40% HTML
describe HTML_40_50		Message is 40% to 50% HTML
describe HTML_50_60		Message is 50% to 60% HTML
describe HTML_60_70		Message is 60% to 70% HTML
describe HTML_70_80		Message is 70% to 80% HTML
describe HTML_80_90		Message is 80% to 90% HTML
describe HTML_90_100		Message is 90% to 100% HTML

# HTML shouting range
# should really be converted into a numeric function test
body HTML_SHOUTING3		eval:html_range('max_shouting','2','3')
body HTML_SHOUTING4		eval:html_range('max_shouting','3','4')
body HTML_SHOUTING5		eval:html_range('max_shouting','4','5')
body HTML_SHOUTING6		eval:html_range('max_shouting','5','6')
body HTML_SHOUTING7		eval:html_range('max_shouting','6','7')
body HTML_SHOUTING8		eval:html_range('max_shouting','7','8')
body HTML_SHOUTING9		eval:html_range('max_shouting','8')
describe HTML_SHOUTING3		HTML has very strong "shouting" markup
describe HTML_SHOUTING4		HTML has very strong "shouting" markup
describe HTML_SHOUTING5		HTML has very strong "shouting" markup
describe HTML_SHOUTING6		HTML has very strong "shouting" markup
describe HTML_SHOUTING7		HTML has very strong "shouting" markup
describe HTML_SHOUTING8		HTML has very strong "shouting" markup
describe HTML_SHOUTING9		HTML has very strong "shouting" markup

body HTML_TABLE_THICK_BORD		eval:html_test('thick_border')
describe HTML_TABLE_THICK_BORD	HTML table has thick border

body HTML_COMMENT_EMAIL		eval:html_test('comment_email')
describe HTML_COMMENT_EMAIL	HTML comment contains email address

body HTML_COMMENT_SHOUTING	eval:html_test('comment_shouting')
describe HTML_COMMENT_SHOUTING	HTML comment inside of "shouting" markup

body HTML_COMMENT_SKY		eval:html_test('comment_sky')
describe HTML_COMMENT_SKY	HTML comment contains SKY database codes

body HTML_COMMENT_8BITS		eval:html_test('comment_8bit')
describe HTML_COMMENT_8BITS	HTML comment has 3 consecutive 8-bit chars

body HTML_COMMENT_SAVED_URL	eval:html_test('comment_saved_url')
describe HTML_COMMENT_SAVED_URL	HTML message is a saved web page

body HTML_EMBEDS		eval:html_test('embeds')
describe HTML_EMBEDS		HTML with embedded plugin object

body HTML_EVENT			eval:html_test('html_event')
describe HTML_EVENT		HTML contains auto-executing code

body HTML_EVENT_UNSAFE		eval:html_test('html_event_unsafe')
describe HTML_EVENT_UNSAFE	HTML contains unsafe auto-executing code

body HTML_FONT_BIG		eval:html_test('big_font')
describe HTML_FONT_BIG		HTML has a big font

body HTML_FONTCOLOR_UNSAFE	eval:html_test('font_color_unsafe')
describe HTML_FONTCOLOR_UNSAFE	HTML font color not in safe 6x6x6 palette

body HTML_FONTCOLOR_NAME	eval:html_test('font_color_name')
describe HTML_FONTCOLOR_NAME	HTML font color has unusual name

body HTML_FONT_INVISIBLE	eval:html_test('font_invisible')
describe HTML_FONT_INVISIBLE	HTML font color is same as background

body HTML_FONT_LOW_CONTRAST	eval:html_test('font_near_invisible')
describe HTML_FONT_LOW_CONTRAST	HTML font color similar to background

body HTML_FONTCOLOR_GRAY	eval:html_test('font_gray')
describe HTML_FONTCOLOR_GRAY	HTML font color is gray

body HTML_FONTCOLOR_RED	eval:html_test('font_red')
describe HTML_FONTCOLOR_RED	HTML font color is red

body HTML_FONTCOLOR_YELLOW	eval:html_test('font_yellow')
describe HTML_FONTCOLOR_YELLOW	HTML font color is yellow

body HTML_FONTCOLOR_GREEN	eval:html_test('font_green')
describe HTML_FONTCOLOR_GREEN	HTML font color is green

body HTML_FONTCOLOR_CYAN	eval:html_test('font_cyan')
describe HTML_FONTCOLOR_CYAN	HTML font color is cyan

body HTML_FONTCOLOR_BLUE	eval:html_test('font_blue')
describe HTML_FONTCOLOR_BLUE	HTML font color is blue

body HTML_FONTCOLOR_MAGENTA		eval:html_test('font_magenta')
describe HTML_FONTCOLOR_MAGENTA	HTML font color is magenta

body HTML_FONTCOLOR_UNKNOWN		eval:html_test('font_color_unknown')
describe HTML_FONTCOLOR_UNKNOWN	HTML font color is unknown to us

body HTML_FONT_FACE_BAD		eval:html_test('font_face_bad')
describe HTML_FONT_FACE_BAD	HTML font face is not a word

body HTML_FONT_FACE_ODD		eval:html_test('font_face_odd')
describe HTML_FONT_FACE_ODD	HTML font face is not a commonly used face

body HTML_FONT_FACE_CAPS	eval:html_test('font_face_caps')
describe HTML_FONT_FACE_CAPS	HTML font face has excess capital characters

body HTML_FORMACTION_MAILTO		eval:html_test('form_action_mailto')
describe HTML_FORMACTION_MAILTO	HTML includes a form which sends mail

# HTML_IMAGE_AREA - lots of image area (absolute)
# note that: 640x480 = 307200, 800x600 = 480000, 1024x768=786432
body HTML_IMAGE_AREA_04		eval:html_range('image_area','400000','500000')
body HTML_IMAGE_AREA_05		eval:html_range('image_area','500000','600000')
body HTML_IMAGE_AREA_06		eval:html_range('image_area','600000','700000')
body HTML_IMAGE_AREA_07		eval:html_range('image_area','700000','800000')
body HTML_IMAGE_AREA_08		eval:html_range('image_area','800000','900000')
body HTML_IMAGE_AREA_09		eval:html_range('image_area','900000')
describe HTML_IMAGE_AREA_04	HTML has 4-5 kilopixels of images
describe HTML_IMAGE_AREA_05	HTML has 5-6 kilopixels of images
describe HTML_IMAGE_AREA_06	HTML has 6-7 kilopixels of images
describe HTML_IMAGE_AREA_07	HTML has 7-8 kilopixels of images
describe HTML_IMAGE_AREA_08	HTML has 8-9 kilopixels of images
describe HTML_IMAGE_AREA_09	HTML has over 9 kilopixels of images

# HTML_IMAGE_ONLY - not much text with images (absolute)
body HTML_IMAGE_ONLY_02		eval:html_image_only('0000','0200')
body HTML_IMAGE_ONLY_04		eval:html_image_only('0200','0400')
body HTML_IMAGE_ONLY_06		eval:html_image_only('0400','0600')
body HTML_IMAGE_ONLY_08		eval:html_image_only('0600','0800')
body HTML_IMAGE_ONLY_10		eval:html_image_only('0800','1000')
body HTML_IMAGE_ONLY_12		eval:html_image_only('1000','1200')
describe HTML_IMAGE_ONLY_02	HTML: images with 0-200 bytes of words
describe HTML_IMAGE_ONLY_04	HTML: images with 200-400 bytes of words
describe HTML_IMAGE_ONLY_06	HTML: images with 400-600 bytes of words
describe HTML_IMAGE_ONLY_08	HTML: images with 600-800 bytes of words
describe HTML_IMAGE_ONLY_10	HTML: images with 800-1000 bytes of words
describe HTML_IMAGE_ONLY_12	HTML: images with 1000-1200 bytes of words

# HTML_IMAGE_RATIO - more image area than text (ratio)
body HTML_IMAGE_RATIO_02	eval:html_image_ratio('0.000','0.002')
body HTML_IMAGE_RATIO_04	eval:html_image_ratio('0.002','0.004')
body HTML_IMAGE_RATIO_06	eval:html_image_ratio('0.004','0.006')
body HTML_IMAGE_RATIO_08	eval:html_image_ratio('0.006','0.008')
body HTML_IMAGE_RATIO_10	eval:html_image_ratio('0.008','0.010')
body HTML_IMAGE_RATIO_12	eval:html_image_ratio('0.010','0.012')
body HTML_IMAGE_RATIO_14	eval:html_image_ratio('0.012','0.014')
describe HTML_IMAGE_RATIO_02	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_04	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_06	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_08	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_10	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_12	HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_14	HTML has a low ratio of text to image area

body HTML_JAVASCRIPT		eval:html_test('javascript')
describe HTML_JAVASCRIPT	JavaScript code

body HTML_LINK_PUSH_HERE	eval:html_eval('anchor_text', '=~ /(?:push|go)\s*(?:here|this)/i')
describe HTML_LINK_PUSH_HERE	HTML link text says "push here" or similar

body HTML_LINK_CLICK_HERE	eval:html_eval('anchor_text', '=~ /click\s*(?:here|this)/i')
describe HTML_LINK_CLICK_HERE	HTML link text says "click here"

body HTML_LINK_CLICK_CAPS	eval:html_eval('anchor_text', '=~ /CLICK/')
describe HTML_LINK_CLICK_CAPS	HTML link text says "CLICK"

# many spammers seem to do this nowadays (and probably track
# their customers with it).  (contrib: WW)
body HTML_RELAYING_FRAME	eval:html_test('relaying_frame')
describe HTML_RELAYING_FRAME	Frame wanted to load outside URL

body HTML_WEB_BUGS		eval:html_test('web_bugs')
describe HTML_WEB_BUGS		Image tag intended to identify you

body HTML_WIN_BLUR		eval:html_test('window_blur')
describe HTML_WIN_BLUR		Javascript to move windows around

body HTML_WIN_FOCUS		eval:html_test('window_focus')
describe HTML_WIN_FOCUS		Javascript to change window focus

body HTML_WIN_OPEN		eval:html_test('window_open')
describe HTML_WIN_OPEN		Javascript to open a new window

body HTML_WITH_BGCOLOR		eval:html_test('bgcolor_nonwhite')
describe HTML_WITH_BGCOLOR	HTML mail with non-white background

body HTML_TAG_BALANCE_A		eval:html_tag_balance('a', '< 0')
describe HTML_TAG_BALANCE_A	HTML has excess "a" close tags

body HTML_TAG_BALANCE_FONT	eval:html_tag_balance('font', '< 0')
describe HTML_TAG_BALANCE_FONT	HTML has excess "font" close tags

body HTML_TAG_BALANCE_HTML	eval:html_tag_balance('html', '!= 0')
describe HTML_TAG_BALANCE_HTML	HTML has unbalanced "html" tags

body HTML_TAG_BALANCE_BODY	eval:html_tag_balance('body', '!= 0')
describe HTML_TAG_BALANCE_BODY	HTML has unbalanced "body" tags

body HTML_TAG_BALANCE_HEAD	eval:html_tag_balance('head', '!= 0')
describe HTML_TAG_BALANCE_HEAD	HTML has unbalanced "head" tags

body HTML_TAG_BALANCE_TABLE	eval:html_tag_balance('table', '> 0')
describe HTML_TAG_BALANCE_TABLE	HTML is missing "table" close tags

body HTML_TAG_EXISTS_BASE	eval:html_tag_exists('base')
describe HTML_TAG_EXISTS_BASE	HTML has "base" tags

body HTML_TAG_EXISTS_PARAM	eval:html_tag_exists('param')
describe HTML_TAG_EXISTS_PARAM	HTML has "param" tag

body HTML_TAG_EXISTS_TBODY	eval:html_tag_exists('tbody')
describe HTML_TAG_EXISTS_TBODY	HTML has "tbody" tag

body HTML_TITLE_EMPTY		eval:html_eval('title_text', '!~ /\S/s')
describe HTML_TITLE_EMPTY	HTML title contains no text

body HTML_TITLE_UNTITLED	eval:html_eval('title_text', '=~ /Untitled/i')
describe HTML_TITLE_UNTITLED	HTML title contains "Untitled"

###########################################################################
# meta tests

body __HTML_CHARSET_FARAWAY	eval:html_charset_faraway()
meta HTML_CHARSET_FARAWAY	(__HTML_CHARSET_FARAWAY && __HIGHBITS)
describe HTML_CHARSET_FARAWAY	A foreign language charset used in HTML markup
tflags HTML_CHARSET_FARAWAY	userconf

meta HTML_MIME_NO_HTML_TAG	MIME_HTML_ONLY && !__TAG_EXISTS_HTML
describe HTML_MIME_NO_HTML_TAG	HTML-only message, but there is no HTML tag

body __HTML_COMMENT_RATIO	eval:html_range('total_comment_ratio','0.70','1.00')
meta HTML_COMMENT_RATIO		__HTML_COMMENT_RATIO && MIME_HTML_ONLY
describe HTML_COMMENT_RATIO	HTML comments are large percentage of message

###########################################################################
# rawbody HTML tests

rawbody SPAM_FORM		/CHANGE EMAIL ADDRESS IN ACTION OF FORM/
describe SPAM_FORM		Form for changing email address
rawbody SPAM_FORM_RETURN	/return validate_form/
describe SPAM_FORM_RETURN	Form for checking email address
rawbody SPAM_FORM_ACTION	/action="\&\#\d+;\&\#\d+;\&\#\d+;\&\#\d+;/i
describe SPAM_FORM_ACTION	Obfuscated action attribute in HTML form

rawbody HIDE_WIN_STATUS		/<[^>]+onMouseOver=[^>]+window\.status=/i
describe HIDE_WIN_STATUS	Javascript to hide URLs in browser

rawbody LINK_TO_NO_SCHEME	/\s+href=['"]?www\./i
describe LINK_TO_NO_SCHEME	Contains link without http:// prefix

rawbody __OBFUSCATING_COMMENT_A	/\w(?:<![^>]*>)+\w/
rawbody __OBFUSCATING_COMMENT_B	/[^\s>](?:<![^>]*>)+[^\s<]/
meta OBFUSCATING_COMMENT	((__OBFUSCATING_COMMENT_A && HTML_MESSAGE) || (__OBFUSCATING_COMMENT_B && MIME_HTML_ONLY))
describe OBFUSCATING_COMMENT	HTML comments which obfuscate text