Regular Expressions Examples

One example I have is:

(?i) c[i|1][a|4][i|l|1|!][i|l|1|!][s|z]

This matches many derivatives of " cialis" which is now a common word in spam messages. I use (?i) to disable case sensitivity... don' t know if this is technically correct but it works. I inserted the white space in front of the word to prevent false matches with words such as specialist.

here is mine /\bc[i1\|l\!\¡]+[a4@]+[i1\|l\!]+[i1\|l\!\¡]+[sz5]+/i

guys how about email from unknown. if you using linux based email server you can see the log for the email showing from:<> to etc@etc.com. any way to block this from:<>

  Hi all,    does anyone know how to match Unicode characters with regular expression in   Antispam Banned Words?    For example say I want to match the registered sign ® followed by " some   text"  in the subject of incoming mail:  I tried the following patterns;    /.*® some text/i  /.*some text/i  but it appears that a mail subject containing the ® character bypass the   antispam filter.   If I remove che ® from the test mail the second pattern block it.    Pattern with the Perl pattern \u00AE is not accepted by Fortigate GUI.  Any suggestion?

Thanks Marco --------------------------------------------- Fortigate FGT200 2.8 build 489[size=1][/size][size=4][/size]

I need some help here... I used the following regex to filter for links to .cn domains in incoming emails. Or well, I tried to, but it doesn' t work. /\.cn/i I also used the following to check for the word unsubscribe in the same message. Every spam that has been slipping through lately has these two elements in them. /unsubscribe/i I have given these two items a high enough score that if they are in the same message it should always be blocked. And yet they are still coming through. I probably should have started a new thread for this... but thought it might be nice to keep all of this stuff together to help someone find it in the future. Thanks in advance! Neal

Well my AS logs don' t say much. I can only see a log entry for when a message is determined to be spam... it doesn' t show results of the scanning process or anything. I have examined the messages that I have received and it doesn' t appear as though the links are embedded in any images. When I look at the source of the message it has those hyperlinks in it. It is strange because I have used a regex tester and verified that the syntax I use should work... and yet it' s not. seems to be the case sensitivity switch that buggers it up. I have had that problem in the past. Maybe I' ll turn that off. What does the .\w+ do? Is that roughly the equivalent to a wild card? Thanks!

we´ll expect to see something like " The email contains banned word(s).(regexp expression, etc) under " Message" column

I do see those in the log. Not nearly as often and I expect that I should see them when considering how many of these messages have been getting through. I read your other post in the other thread I created... I shouldn' t have double posted this. I have a number of Regexs that all have a score of 5 and the threshold is 8. I do have emails getting blocked so somehow they must be cumulative. My thinking is that it' s not cumulative from the number of reoccurences of one expression... but that there is a cumulative score between the occurences of different expressions. So in my messages, if any two regex' s occur in the same message it should get blocked. I could be wrong but that' s how I figured it.

\w stands for a word [A-Za-z0-9_] (alphanumeric characters plus " _" ) and + stands for matching the preceding element one or more times

That' s good to know. That will come in handy.

/https?://.\w+\.\w+\.cn/i

I tried this and it started blocking almost every URL under the sun. Then I realized that I had to use this: /https?:\/\/\w+\.\w+\.cn/i This allows the backslashes to be seen literally and not as a function. Plus I think that the first dot might have been a mistake. Not sure on that. I haven' t tested this yet but I am going to.

I just tested this and what ended up working for me was: /https?:\/\/.\w+\.\w+\.cn/i Not sure why the first dot was needed... but without it nothing matched. I have tested this somewhat and confirmed that it does not appear to be blocking other root domains.

Oh, and a good website for Perl RegEx stuff: http://www.troubleshooters.com/codecorn/littperl/perlreg.htm