Skip to content

Instantly share code, notes, and snippets.

@limed

limed/aper.py

Last active August 29, 2015 14:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save limed/d91a82717778fa77aafb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save limed/d91a82717778fa77aafb to your computer and use it in GitHub Desktop.
Download ZIP
Generates SA rule file based on a list of email addresses
Raw
aper.py
#!/usr/bin/python
import urllib2
import sys
import datetime
import re
address_file_url = 'http://svn.code.sf.net/p/aper/code/phishing_reply_addresses'
# SA Rule stuff
default_score = '10.0'
rulefile = '/etc/mail/spamassassin/98-aper.cf'
addresses = {}
# Time stuff
delta = datetime.timedelta(days=30) # how far back do we care?
today = datetime.date.today()
def get_list(url):
try:
req = urllib2.Request(url)
response = urllib2.urlopen(req)
return response
except urllib2.URLError, e:
print 'failed to open url ', address_file_url
print 'reason: ', e
sys.exit()
def create_rule(handle, code, counter,address):
if 'A' in code:
handle.write('# ' + address + ' is listed in a reply-to header\n')
handle.write('header SA_PHISH_GEN_REPLYTO_' + counter + ' reply-to =~ /' + re.escape(address) + '/i\n')
handle.write('score SA_PHISH_GEN_REPLYTO_' + counter + ' ' + default_score + '\n')
handle.write('describe SA_PHISH_GEN_REPLYTO_' + counter + ' ' + address + 'is listed in in http://code.google.com/p/anti-phishing-email-reply\n')
handle.write('\n')
elif 'B' in code:
handle.write('# ' + address + ' is listed in a from header\n')
handle.write('header SA_PHISH_GEN_FROM_' + counter + ' From =~ /' + re.escape(address) + '/i\n')
handle.write('score SA_PHISH_GEN_FROM_' + counter + ' ' + default_score + '\n')
handle.write('describe SA_PHISH_GEN_FROM_' + counter + ' ' + address + 'is listed in in http://code.google.com/p/anti-phishing-email-reply\n')
handle.write('\n')
elif 'C' in code:
handle.write('# ' + address + ' is listed in email body\n')
handle.write('body SA_PHISH_GEN_BODY_' + counter + ' /\b' + re.escape(address) + '\b/i\n')
handle.write('score SA_PHISH_GEN_BODY_' + counter + ' ' + default_score + '\n')
handle.write('describe SA_PHISH_GEN_BODY_' + counter + ' ' + address + 'is listed in in http://code.google.com/p/anti-phishing-email-reply\n')
handle.write('\n')
elif 'D' in code:
handle.write('# ' + address + ' is listed in email body\n')
handle.write('body SA_PHISH_GEN_BODY_' + counter + ' /\b' + re.escape(address) + '\b/i\n')
handle.write('score SA_PHISH_GEN_BODY_' + counter + ' ' + default_score + '\n')
handle.write('describe SA_PHISH_GEN_BODY_' + counter + ' ' + address + 'is listed in in http://code.google.com/p/anti-phishing-email-reply\n')
handle.write('\n')
else: # Invalid code or 'E'
handle.write('# ' + address + ' is very likely invalid\n')
handle.write('body SA_PHISH_GEN_INVALID_' + counter + ' /\b' + re.escape(address) + '\b/i\n')
handle.write('score SA_PHISH_GEN_INVALID_' + counter + ' ' + '1.0\n')
handle.write('describe SA_PHISH_GEN_INVALID_' + counter + ' ' + address + 'is listed in in http://code.google.com/p/anti-phishing-email-reply\n')
handle.write('\n')
if __name__ == '__main__':
output = get_list(address_file_url)
try:
handle = open('98-sa-aper.cf', 'w')
except IOError, e:
print e
sys.exit()
for line in output:
if line.startswith('#'):
continue
address, code, datestamp = line.split(',')
year = int(datestamp[0:4])
month = int(datestamp[4:6])
day = int(datestamp[6:8])
date = datetime.date(year, month, day)
if (date > (today - delta)) :
addresses[address] = code
counter = 0
for key in addresses:
create_rule(handle, addresses[key], str(counter), key)
counter += 1
handle.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment