Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Regular Expressions Examples
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 06-16-2008 08:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regular Expressions Examples
I thought it might be a good idea to start a thread where we can all post examples of Regular Expressions that we use to block spam. Or maybe some good web sites that we use to look up expressions. This is to help users who aren' t familiar with Regex (like I was when I first got my FG) to get them started and perhaps for all of us to find better expressions to use to keep spam to a minimum.
Perhaps if this thread is useful it could be stickied to make it easier to find...
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
48 REPLIES 48
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Guys, very useful.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Rather new on the Fortimail:
I use this to block email from unknown, took the example of the admin guide:
^\s*$
Check regular expression
BTW: i saw a posting somewhere with the spoofed mail domain, also an example in the guide (p151):
-/* -/*@domain.com ip reversednsname relay (rule that allows mail from that domain)
-/*@domain.com -/* 0.0.0.0/0 -/* reject
in those order.
Now i' m trying to do that for a client, but he doe not have a full subnet, is there another way to do this based only on the ip address?
[link]https://www.secure-it.be[/link]
[link]https://www.secure-it.be[/link]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all, does anyone know how to match Unicode characters with regular expression in Antispam Banned Words? For example say I want to match the registered sign ® followed by " some text" in the subject of incoming mail: I tried the following patterns; /.*® some text/i /.*some text/i but it appears that a mail subject containing the ® character bypass the antispam filter. If I remove che ® from the test mail the second pattern block it. Pattern with the Perl pattern \u00AE is not accepted by Fortigate GUI. Any suggestion?Thanks Marco --------------------------------------------- Fortigate FGT200 2.8 build 489[size=1][/size][size=4][/size]
zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
zaskarThanks --------------------------------------------- Marco Scala
Fortigate-200 2.80,build489,051027
Not applicable
Created on 06-25-2009 10:45 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need some help here... I used the following regex to filter for links to .cn domains in incoming emails. Or well, I tried to, but it doesn' t work.
/\.cn/i
I also used the following to check for the word unsubscribe in the same message. Every spam that has been slipping through lately has these two elements in them.
/unsubscribe/i
I have given these two items a high enough score that if they are in the same message it should always be blocked. And yet they are still coming through.
I probably should have started a new thread for this... but thought it might be nice to keep all of this stuff together to help someone find it in the future.
Thanks in advance!
Neal
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
what do the AS logs say?
Nowadays spam includes those chinese url embedded in image files, so your regexp will fail.
I' ve tried with /https?://.\w+\.\w+\.cn/i (in body) as banned word with more or less success..
regards
/ Abel
regards
/ Abel
Not applicable
Created on 06-26-2009 07:55 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well my AS logs don' t say much. I can only see a log entry for when a message is determined to be spam... it doesn' t show results of the scanning process or anything.
I have examined the messages that I have received and it doesn' t appear as though the links are embedded in any images. When I look at the source of the message it has those hyperlinks in it.
It is strange because I have used a regex tester and verified that the syntax I use should work... and yet it' s not. seems to be the case sensitivity switch that buggers it up. I have had that problem in the past. Maybe I' ll turn that off.
What does the .\w+ do? Is that roughly the equivalent to a wild card?
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well my AS logs don' t say much. I can only see a log entry for when a message is determined to be spam... it doesn' t show results of the scanning process or anything.we´ll expect to see something like " The email contains banned word(s).(regexp expression, etc) under " Message" column Re-check you relevant SMTP traffic profile for enabling antispam logging
What does the .\w+ do? Is that roughly the equivalent to a wild card?\w stands for a word [A-Za-z0-9_] (alphanumeric characters plus " _" ) and + stands for matching the preceding element one or more times
regards
/ Abel
regards
/ Abel
Not applicable
Created on 06-26-2009 01:33 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we´ll expect to see something like " The email contains banned word(s).(regexp expression, etc) under " Message" columnI do see those in the log. Not nearly as often and I expect that I should see them when considering how many of these messages have been getting through. I read your other post in the other thread I created... I shouldn' t have double posted this. I have a number of Regexs that all have a score of 5 and the threshold is 8. I do have emails getting blocked so somehow they must be cumulative. My thinking is that it' s not cumulative from the number of reoccurences of one expression... but that there is a cumulative score between the occurences of different expressions. So in my messages, if any two regex' s occur in the same message it should get blocked. I could be wrong but that' s how I figured it.
\w stands for a word [A-Za-z0-9_] (alphanumeric characters plus " _" ) and + stands for matching the preceding element one or more timesThat' s good to know. That will come in handy.
Not applicable
Created on 07-10-2009 12:40 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/https?://.\w+\.\w+\.cn/iI tried this and it started blocking almost every URL under the sun. Then I realized that I had to use this: /https?:\/\/\w+\.\w+\.cn/i This allows the backslashes to be seen literally and not as a function. Plus I think that the first dot might have been a mistake. Not sure on that. I haven' t tested this yet but I am going to.
Not applicable
Created on 07-10-2009 12:52 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tested this and what ended up working for me was:
/https?:\/\/.\w+\.\w+\.cn/i
Not sure why the first dot was needed... but without it nothing matched. I have tested this somewhat and confirmed that it does not appear to be blocking other root domains.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
Labels
-
FortiGate
8,043 -
FortiClient
1,612 -
5.2
801 -
FortiManager
679 -
5.4
639 -
FortiAnalyzer
516 -
FortiAP
425 -
FortiSwitch
424 -
6.0
416 -
FortiClient EMS
364 -
5.6
362 -
FortiMail
301 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
188 -
SSL-VPN
176 -
FortiNAC
161 -
IPsec
154 -
6.4
128 -
FortiGuard
125 -
FortiGateCloud
98 -
FortiCloud Products
94 -
FortiSIEM
93 -
SD-WAN
89 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
70 -
4.0MR3
64 -
Firewall policy
58 -
FortiProxy
53 -
FortiEDR
50 -
Fortivoice
49 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
40 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
25 -
Authentication
25 -
FortiWAN
24 -
FortiConverter
24 -
RADIUS
24 -
FortiGate v5.2
23 -
VDOM
23 -
FortiLink
23 -
Web profile
21 -
Virtual IP
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
Application control
18 -
FortiMonitor
16 -
Traffic shaping
16 -
FortiPAM
16 -
FortiDDoS
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Admin
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiSOAR
10 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiManager v4.0
8 -
FortiBridge
8 -
IPS signature
8 -
System settings
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Security profile
7 -
Traffic shaping policy
7 -
Port policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
Application signature
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1476 | |
| 1007 | |
| 749 | |
| 443 | |
| 207 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.