Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Regular Expressions Examples

I thought it might be a good idea to start a thread where we can all post examples of Regular Expressions that we use to block spam. Or maybe some good web sites that we use to look up expressions. This is to help users who aren' t familiar with Regex (like I was when I first got my FG) to get them started and perhaps for all of us to find better expressions to use to keep spam to a minimum. Perhaps if this thread is useful it could be stickied to make it easier to find...
48 REPLIES 48
Not applicable

Oh, and a good website for Perl RegEx stuff: http://www.troubleshooters.com/codecorn/littperl/perlreg.htm
Not applicable

Another one I put in a few days ago is: /http:\/\/groups\.yahoo\.com/i These have been coming in spams now for the past few weeks... and I can' t imagine where in a business email one might reference this particular site... I don' t give any one regex a high enough of a score to block an email on it' s own. I have to see two matches in order for a message to get blocked. There are many common words or phrases that accompany this example that you can use to filter out the good from the bad.
Not applicable

Two more: /Acc?ai Berr?y/i /[a|@]cc?[a|@][i|1|!] /i
johnt
New Contributor

sorry for hijacking a somewhat old thread but i cant to seem to add a % to a dictionary filter as in up\sto\s[\$|£|\%]\d* either with or without the " \" before the percentage sign. is there any way of explicity trying to find the " %" or is there a way around this.
abelio

Hello John, i' ve tried it just copy and paste your expression in a box running 4MR1p3 and it works:
 config spamfilter bword
     edit 1
             config entries
                 edit 1
                     set pattern " /\\b0FF\\b/" 
                     set pattern-type regexp
                     set score 20
                     set where subject
                 next
                 edit 2
                     set pattern " up\\sto\\s[\\$|£|\\%]\\d*" 
                     set pattern-type regexp
                     set score 20
                     set where subject
                 next
             end
         set name " filtros" 
     next
 end
 

regards




/ Abel

regards / Abel
johnt
New Contributor

abelio we were on MR4 patch 3 at the time and now ive upgraded to latest 4.0 patch im still having issues. how did you get to that part of the config? for some reason now whenever i try to insert something into the console for example buy\spills\snow or something similar with " \" inside the exspression it just cuts it out. so after clicking ok it reverts to buyspillssnow the same also said for wanting to insert a digit i can try \d\d* but get dd* after clicking ok... bit wierd. what did you use to edit the fml.cfg file and is it safe to change things in this state and re-upload them to the device? thank you in advance doesnt matter. figured it out. i think i need to enter " \\d\\d\\s" this then turns into " \d\d\s" through the web console but in the background .cfg is says " \\d\\d\\s" bizzarre. either that or i have misread something somewhere
abelio

It' s not matter of firmware version. If you copy and paste above commands within a CLI session, the shell itself will take care about escaping characters; Same thing if you introduce characters within GUI; Only if you' re using Regexps, you' ll need escape some extra chars; for example, if you want to catch johnathon.thompson with a regexp, you will need to escape the ' .' with a backslash ' \' . for buy\spills same thing, you' ll need to escape the ' \' with another slash ' \' regards

regards




/ Abel

regards / Abel
MBruck
New Contributor

Hey Guys - I' m having a hard time following the regular expression syntax and using it properly to stop particular SPAM messages. Can someone please tell me the actual string I need for my Fortinet to block the following three SPAM messages I keep receiving: 80% better price Special offer we cut prices to -80% Each of the above lines are seperate email subjects and are only part of the full subject field, so it needs to search for this text within a longer string of characters. I know this has been covered a bit, but I can' t seem to get it working properly. Thank you in advance for your assistance! -Michael
Michael Bruck
Michael Bruck
abelio

Michael, if you want resolve only those 3 examples, use directly wildcards.
 
 config spamfilter bword
     edit 1
         set comment " examples" 
             config entries
                 edit 1
                     set pattern " Special offer" 
                     set where subject
                 next
                 edit 2
                     set pattern " 80% better price" 
                     set where subject
                 next
                 edit 3
                     set pattern " we cut prices to -80%" 
                     set where subject
                 next
             end
         set name " wildcards" 
     next
 end
 

regards




/ Abel

regards / Abel
Not applicable

Hoping someone can help me with this... I have the following filter set up: /\w+\.\w+\.[cn|ru|hk]/i The intent is to trigger when an email contains a link to a site from the .cn .ru or .hk domains... but it seems to be triggering on almost any domain. I am guessing that one of the letters is a function and needs a \ in front but don' t know for sure. I am going to try and find out on my own but thought someone here might know off the top of their head. Thank you!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors