Regular Expressions Examples

Report Inappropriate Content · ‎06-16-2008

I thought it might be a good idea to start a thread where we can all post examples of Regular Expressions that we use to block spam. Or maybe some good web sites that we use to look up expressions. This is to help users who aren' t familiar with Regex (like I was when I first got my FG) to get them started and perhaps for all of us to find better expressions to use to keep spam to a minimum. Perhaps if this thread is useful it could be stickied to make it easier to find...

Report Inappropriate Content · ‎07-10-2009

Oh, and a good website for Perl RegEx stuff: http://www.troubleshooters.com/codecorn/littperl/perlreg.htm

Report Inappropriate Content · ‎07-10-2009

Another one I put in a few days ago is: /http:\/\/groups\.yahoo\.com/i These have been coming in spams now for the past few weeks... and I can' t imagine where in a business email one might reference this particular site... I don' t give any one regex a high enough of a score to block an email on it' s own. I have to see two matches in order for a message to get blocked. There are many common words or phrases that accompany this example that you can use to filter out the good from the bad.

Report Inappropriate Content · ‎07-10-2009

Two more: /Acc?ai Berr?y/i /[a|@]cc?[a|@][i|1|!] /i

johnt · ‎02-19-2010

sorry for hijacking a somewhat old thread but i cant to seem to add a % to a dictionary filter as in up\sto\s[\$|Â£|\%]\d* either with or without the " \" before the percentage sign. is there any way of explicity trying to find the " %" or is there a way around this.

abelio · ‎02-19-2010

Hello John, i' ve tried it just copy and paste your expression in a box running 4MR1p3 and it works:

 config spamfilter bword
     edit 1
             config entries
                 edit 1
                     set pattern " /\\b0FF\\b/" 
                     set pattern-type regexp
                     set score 20
                     set where subject
                 next
                 edit 2
                     set pattern " up\\sto\\s[\\$|Â£|\\%]\\d*" 
                     set pattern-type regexp
                     set score 20
                     set where subject
                 next
             end
         set name " filtros" 
     next
 end

regards

/ Abel

johnt · ‎02-24-2010

abelio we were on MR4 patch 3 at the time and now ive upgraded to latest 4.0 patch im still having issues. how did you get to that part of the config? for some reason now whenever i try to insert something into the console for example buy\spills\snow or something similar with " \" inside the exspression it just cuts it out. so after clicking ok it reverts to buyspillssnow the same also said for wanting to insert a digit i can try \d\d* but get dd* after clicking ok... bit wierd. what did you use to edit the fml.cfg file and is it safe to change things in this state and re-upload them to the device? thank you in advance doesnt matter. figured it out. i think i need to enter " \\d\\d\\s" this then turns into " \d\d\s" through the web console but in the background .cfg is says " \\d\\d\\s" bizzarre. either that or i have misread something somewhere

abelio · ‎02-24-2010

It' s not matter of firmware version. If you copy and paste above commands within a CLI session, the shell itself will take care about escaping characters; Same thing if you introduce characters within GUI; Only if you' re using Regexps, you' ll need escape some extra chars; for example, if you want to catch johnathon.thompson with a regexp, you will need to escape the ' .' with a backslash ' \' . for buy\spills same thing, you' ll need to escape the ' \' with another slash ' \' regards

regards

/ Abel

MBruck · ‎02-22-2010

Hey Guys - I' m having a hard time following the regular expression syntax and using it properly to stop particular SPAM messages. Can someone please tell me the actual string I need for my Fortinet to block the following three SPAM messages I keep receiving: 80% better price Special offer we cut prices to -80% Each of the above lines are seperate email subjects and are only part of the full subject field, so it needs to search for this text within a longer string of characters. I know this has been covered a bit, but I can' t seem to get it working properly. Thank you in advance for your assistance! -Michael

Michael Bruck

abelio · ‎02-23-2010

Michael, if you want resolve only those 3 examples, use directly wildcards.

 
 config spamfilter bword
     edit 1
         set comment " examples" 
             config entries
                 edit 1
                     set pattern " Special offer" 
                     set where subject
                 next
                 edit 2
                     set pattern " 80% better price" 
                     set where subject
                 next
                 edit 3
                     set pattern " we cut prices to -80%" 
                     set where subject
                 next
             end
         set name " wildcards" 
     next
 end

regards

/ Abel

Report Inappropriate Content · ‎03-10-2010

Hoping someone can help me with this... I have the following filter set up: /\w+\.\w+\.[cn|ru|hk]/i The intent is to trigger when an email contains a link to a site from the .cn .ru or .hk domains... but it seems to be triggering on almost any domain. I am guessing that one of the letters is a function and needs a \ in front but don' t know for sure. I am going to try and find out on my own but thought someone here might know off the top of their head. Thank you!

Regular Expressions Examples

Nominate a Forum Post for Knowledge Article Creation