Not applicable
Created on 06-16-2008 08:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regular Expressions Examples
I thought it might be a good idea to start a thread where we can all post examples of Regular Expressions that we use to block spam. Or maybe some good web sites that we use to look up expressions. This is to help users who aren' t familiar with Regex (like I was when I first got my FG) to get them started and perhaps for all of us to find better expressions to use to keep spam to a minimum.
Perhaps if this thread is useful it could be stickied to make it easier to find...
48 REPLIES 48
Not applicable
Created on 06-16-2008 08:38 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One example I have is:
(?i) c[i|1][a|4][i|l|1|!][i|l|1|!][s|z]This matches many derivatives of " cialis" which is now a common word in spam messages. I use (?i) to disable case sensitivity... don' t know if this is technically correct but it works. I inserted the white space in front of the word to prevent false matches with words such as specialist.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/ c[i|1][a|4][i|l|1|!][i|l|1|!][s|z]/i should do the trick. What you have is looking for one or no ' i' s at the beginning....
My quick and dirty web site for refreshers is by Rex Swain.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks guys... I tweaked mine to look for @ and fixed the case sensitivity check on each of my RegExs.
Here are some others I use:
/v[i|1][a|4|@][g|r][g|r][a|e|4|@]/i
/pen[i|1|u|!]s/i
/d[i|1]p[l|1][o|0]m[a|4]s?/i
/Mast[e|3][e|3]rMBA/i
/r[e|3]p[l|1|i][l|1|i]c[a|4]s? /i
/ w[a|4]tch[e|3]s/i
/ r[o|0][l|1|!][e|3]x/i
/br[e|3][i|1|!]t[l|1|!][i|1|!]ng/i
/Bach[e|3][e|3]lor/i
/D[o|0]ct[o|0]r[a|4][a|4]te/i
I gave all of these a rating of five with a threshhold of 10. As I add more I think I am going to change it so each item has a lower value to be more certain that I' m not causing false positives. I am going to change all of the " A" s to check for @ as well.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/ c[i|1][a|4][i|l|1|!][i|l|1|!][s|z]/i should do the trick. What you have is looking for one or no ' i' s at the beginning....question: using the above example, is there supposed to be whitespace between the first forward slash and the c? I used the above example, only I removed the white space. Only, now it picks up on the word " specialist" ... if I put the whitespace back in, will it not do that? Well to answer my question ... I put the whitespace back in, and now the word specialist get' s through. If only trying to understand perl regular expressions didn' t make my brain implode I probably would' ve figured that out. Thanks for the examples guys!
Rick Payton, IT Support
Morikawa & Associates
http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired)
FortiGate-60B v4.0 build 328 MR2 Patch 8
FortiAnalyzer-100B v4.0 build 513 MR3
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch
8 FortiAnalyzer-100B v4.0 build 513 MR3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
question: using the above example, is there supposed to be whitespace between the first forward slash and the c? I used the above example, only I removed the white space. Only, now it picks up on the word " specialist" ... if I put the whitespace back in, will it not do that? Well to answer my question ... I put the whitespace back in, and now the word specialist get' s through. If only trying to understand perl regular expressions didn' t make my brain implode I probably would' ve figured that out. Thanks for the examples guys!Yes maurixxx, in that pattern it is supposed that before the c letter there must be a whitespace. To match an exact word with or without whitespaces before or after and with the logic of the pattern, you can use word boundaries \b as aszujatovich suggested in his pattern: /\bc[i|1][a|4][i|l|1|!][i|l|1|!][s|z]/i would do the trick. Regards, Marco
zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
zaskarThanks --------------------------------------------- Marco Scala
Fortigate-200 2.80,build489,051027
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Marco ScalaAloha again Marco, I recently ran into a new " problem" with banned words. I have the word " sex" blocked, but now we' re doing business with a guy named " Dan Sexton" So how would I block " sex" but allow " Sexton" ? I' m currently using the following expression: / s[e|3]x/i Would adding the \b (like so: /\bs ) do the trick? Mahalo!question: using the above example, is there supposed to be whitespace between the first forward slash and the c? I used the above example, only I removed the white space. Only, now it picks up on the word " specialist" ... if I put the whitespace back in, will it not do that? Well to answer my question ... I put the whitespace back in, and now the word specialist get' s through. If only trying to understand perl regular expressions didn' t make my brain implode I probably would' ve figured that out. Thanks for the examples guys!Yes maurixxx, in that pattern it is supposed that before the c letter there must be a whitespace. To match an exact word with or without whitespaces before or after and with the logic of the pattern, you can use word boundaries \b as aszujatovich suggested in his pattern: /\bc[i|1][a|4][i|l|1|!][i|l|1|!][s|z]/i would do the trick. Regards, Marco
Rick Payton, IT Support
Morikawa & Associates
http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired)
FortiGate-60B v4.0 build 328 MR2 Patch 8
FortiAnalyzer-100B v4.0 build 513 MR3
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch
8 FortiAnalyzer-100B v4.0 build 513 MR3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recently ran into a new " problem" with banned words. I have the word " sex" blocked, but now we' re doing business with a guy named " Dan Sexton" So how would I block " sex" but allow " Sexton" ? I' m currently using the following expression: / s[e|3]x/iI know this is old but may still help someone. What I did for cases like that is check for spaces before and after the word. For Ex: / s[e|3]xy? /i This will check for sex, s3x, sexy and s3xy but won' t trigger on names as in your example. I also suggest that you never give one term a score high enough to block a message on it' s own. You should try to have at least two positive matches before you block a message. This will prevent false positives. Each term that matches only scores once so if the term above has a score of 3 and the term is matched 10 times it only counts as a score of 3.
Not applicable
Created on 06-17-2008 06:33 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
here is mine
/\bc[i1\|l\!\¡]+[a4@]+[i1\|l\!]+[i1\|l\!\¡]+[sz5]+/i
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
guys how about email from unknown. if you using linux based email server you can see the log for the email showing from:<> to etc@etc.com.
any way to block this from:<>