All Hail Nigeria!

[Posting by email/PGP seems to be broken again. Great.]

This typo makes me giggle: "this massage is not intended to cause an embarrasment to your personality". If you've spent any time dealing with the Nigerian scam spam, that probably sounds like a familiar writing style.

There are some newer versions of this ancient scam that slipped through SpamAssassin 2.63's rules for this stuff, so I added a few of my own Nigeria-detecting rules. Doing that required switching off the default meta rules for this stuff and putting my own in place (while still using their rules). Here's all of what's in my local.cf for Nigeria now:

# Need to update the Nigerian spam metarules in light of new instances.
# Hopefully I can pull these back out after an upgrade...

# No *clue* how to score these, there isn't enough of a sample yet.
header NIGERIAN_SUBJECT_LOCAL1  Subject =~ /\bCONFIDENTIAL MESSAGE\b/
describe NIGERIAN_SUBJECT_LOCAL1 Subject is indicative of a Nigerian spam
score NIGERIAN_SUBJECT_LOCAL1 .5
header NIGERIAN_SUBJECT_LOCAL2  Subject =~ /\bPRIVATE ESTATE ACQUISITION\b/
describe NIGERIAN_SUBJECT_LOCAL2 Subject is indicative of a Nigerian spam
score NIGERIAN_SUBJECT_LOCAL2 .5

# We're going to use their rules and our own to feed our meta rules,
# which means we need to deactivate their meta rules (to avoid
# double-scoring). Probably not *actually* a problem, but there's a
# Right way to do this.

score NIGERIAN_BODY1 0
score NIGERIAN_BODY2 0
score NIGERIAN_BODY3 0
score NIGERIAN_BODY4 0

meta NIGERIAN_BODY_LOCAL1       ( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_15 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_38 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __NIGERIAN_BODY_LOCAL1 + __NIGERIAN_BODY_LOCAL2 + __NIGERIAN_BODY_LOCAL3 + __NIGERIAN_BODY_LOCAL4 + __NIGERIAN_BODY_LOCAL5) > 1
meta NIGERIAN_BODY_LOCAL2       ( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_15 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_38 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __NIGERIAN_BODY_LOCAL1 + __NIGERIAN_BODY_LOCAL2 + __NIGERIAN_BODY_LOCAL3 + __NIGERIAN_BODY_LOCAL4 + __NIGERIAN_BODY_LOCAL5) > 2
meta NIGERIAN_BODY_LOCAL3       ( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_15 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_38 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __NIGERIAN_BODY_LOCAL1 + __NIGERIAN_BODY_LOCAL2 + __NIGERIAN_BODY_LOCAL3 + __NIGERIAN_BODY_LOCAL4 + __NIGERIAN_BODY_LOCAL5) > 3
meta NIGERIAN_BODY_LOCAL4       ( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_15 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_38 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __NIGERIAN_BODY_LOCAL1 + __NIGERIAN_BODY_LOCAL2 + __NIGERIAN_BODY_LOCAL3 + __NIGERIAN_BODY_LOCAL4 + __NIGERIAN_BODY_LOCAL5) > 4
meta NIGERIAN_BODY_LOCAL5       ( __NIGERIAN_BODY_1 + __NIGERIAN_BODY_2 + __NIGERIAN_BODY_3 + __NIGERIAN_BODY_5 + __NIGERIAN_BODY_6 + __NIGERIAN_BODY_7 + __NIGERIAN_BODY_8 + __NIGERIAN_BODY_9 + __NIGERIAN_BODY_10 + __NIGERIAN_BODY_11 + __NIGERIAN_BODY_12 + __NIGERIAN_BODY_13 + __NIGERIAN_BODY_14 + __NIGERIAN_BODY_15 + __NIGERIAN_BODY_16 + __NIGERIAN_BODY_17 + __NIGERIAN_BODY_18 + __NIGERIAN_BODY_19 + __NIGERIAN_BODY_20 + __NIGERIAN_BODY_21 + __NIGERIAN_BODY_22 + __NIGERIAN_BODY_25 + __NIGERIAN_BODY_26 + __NIGERIAN_BODY_27 + __NIGERIAN_BODY_28 + __NIGERIAN_BODY_29 + __NIGERIAN_BODY_30 + __NIGERIAN_BODY_31 + __NIGERIAN_BODY_32 + __NIGERIAN_BODY_33 + __NIGERIAN_BODY_34 + __NIGERIAN_BODY_35 + __NIGERIAN_BODY_36 + __NIGERIAN_BODY_37 + __NIGERIAN_BODY_38 + __NIGERIAN_BODY_39 + __NIGERIAN_BODY_40 + __NIGERIAN_BODY_41 + __NIGERIAN_BODY_42 + __NIGERIAN_BODY_43 + __NIGERIAN_BODY_44 + __NIGERIAN_BODY_45 + __NIGERIAN_BODY_46 + __NIGERIAN_BODY_LOCAL1 + __NIGERIAN_BODY_LOCAL2 + __NIGERIAN_BODY_LOCAL3 + __NIGERIAN_BODY_LOCAL4 + __NIGERIAN_BODY_LOCAL5) > 5

describe NIGERIAN_BODY_LOCAL1   Message body looks like a Nigerian spam message 1+
describe NIGERIAN_BODY_LOCAL2   Message body looks like a Nigerian spam message 2+
describe NIGERIAN_BODY_LOCAL3   Message body looks like a Nigerian spam message 3+
describe NIGERIAN_BODY_LOCAL4   Message body looks like a Nigerian spam message 4+
describe NIGERIAN_BODY_LOCAL5   Message body looks like a Nigerian spam message 5+

score NIGERIAN_BODY_LOCAL1 3.009 1.563 2.696 2.018
score NIGERIAN_BODY_LOCAL2 0.700 0.717 0.858 0.700
score NIGERIAN_BODY_LOCAL3 0.700 1.006 0.972 0.738
score NIGERIAN_BODY_LOCAL4 0.701 0.724 0.700 0.701
score NIGERIAN_BODY_LOCAL5 0.70 0.75 0.70 0.70

body __NIGERIAN_BODY_LOCAL_1 /\b[fF]ederal.*Nigeria\.\S+\b/
# Weird one, but both of the ones that slipped through recently had it.
body __NIGERIAN_BODY_LOCAL_2 /\bvery strategic and influential position\b/
body __NIGERIAN_BODY_LOCAL_3 /\b(vital|convenient) bank account\b/
body __NIGERIAN_BODY_LOCAL_4 /\bwe\s+need\s+your\s+assistance\s+(in|to)\s+transfer(ring)?\s+(some of)?\s+the\s+(money|funds)\s+(in)?to\s+your\s+(vital)?\s+(bank)?\s+(account|country)\b/
# "... vital bank account", "... country"
body __NIGERIAN_BODY_LOCAL_5 /\bhttp(s?):\/\/\W+\/africa/
# One reference to http://news.bbc.co.uk/1/hi/world/africa/468903.stm