To all RegEx Experts |
Post Reply ![]() |
Author | |
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() Posted: 27 July 2003 at 10:29pm |
All, Perhaps we should have a contest! This is one that has me going around in circles. Anyone have a good block for this? <html> <CENTER> <body> </body> </html> Dan S.
|
|
![]() |
|
Alan ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
I cannot see of any HTML tags that use more than one concurrent space in a tag or that use the "@" symbol. Why not filter on those? The one that gets me is using common keywords in the tags instead of HTML comments as a way of trying to get around statistical Bayesian filtering. Any good browser ignores them, yet they will not get caught by other filtering methods either. Now this would be a challenge. |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Alan, In this email, I was more concerned by the function that seems to create or decode the tags. I do not see where it is actually being envoked but if I remove it the message gets garbled. Do you understand the function? Dan S.
|
|
![]() |
|
Erik Reed ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Laughing... I know this is not what you are asking but I could not resist! Simple Keywords in Black List: penis,3 inches this works great for me. I have to laugh that they always use 3 inches! Why not 2 or 4, nooooo, there is something about that 3 extra inches, LOL! The real problem that I am having is the newest spam that has almost ZERO text and 1 image tag that pulls the spam image from their website. I HATE THAT and it appears there is nothing you can do about it since many valid newsletters and support emails contain those linked images also... Erik!
|
|
![]() |
|
Gabriel Langen ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Hi, I think you are wrong. I have this one! Increase your penis size by 2 to 5 full inches booth Do you want more information? :-) Gaby |
|
![]() |
|
Alan ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Are you posting the actual email content or just the generated page code? I am unclear what you are removing that is causing it to generate garbled output. I am no expert but to me it doesn't appear to do much of anything (beyond the basic html portion that is.) It looks like there may be some other components missing for it to do what it's supposed to. It looks almost like something that an amateur spammer cobbled together. Maybe this was created using a basic template and this script portion was not properly utilized? If I had to make a guess based on the various hanging fragments, I suspect the intent was to get you to click on the link (uh, yeah right) and you would get a multitude of child windows opening up which all submit your email address and their referal id (sz27t) for credit, but the sender didn't know what they were doing. Either way you had originally asked about blocking this. Seems to me you can still block via the "@" or extra spaces in a tag. So do I get a cupie doll? |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Wow! 5 Inches? (thats gotta be a life changer!) ... Seriously ... the "Function" is my concern. Something that I am not yet able to understand is using that function (I believe) to create or decode the obscured code. Every message I get is totally different EXCEPT the function part. ALso, "Simple Keywords" are out of the question from my vantage point. First, we have a "No Censorship" policy and second, we find that literal keywords have little value due to all the obscured code. Last though ... This for LogSat support also: I wonder if any would be spammers look at any of out posts about filters. Is this a possible concern? Dan S. Dan S.
|
|
![]() |
|
ashley ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
I agree, a spam that only has a picture to click on defeats a good regex filter. In that case i resort to a keyword filter: @mags.net They wont put it in the email address but it's always in the link they want you to click on. The down side is this filter only applies to this one spammer. |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Should I take it personally that you used my domain as an example? Dan S.
|
|
![]() |
|
ashley ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Occam's Razor! ;) |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
OK .... Or ... KISS! So I won't read anything into it! (I didn't anyway) das |
|
![]() |
|
Frank Schreier ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Did I anything wrong with (\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com)) maybe a typing error??07.31.03 13:13:29:800 -- (752) String matching error for (mos.187902.33882.gemeindebrief.dbounce@news.messagizer.de --and-- (\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com)) : TRegExpr(exec): Loop Stack Exceeded
07.31.03 13:13:29:800 -- (752) Mail from: mos.187902.33882.gemeindebrief.dbounce@news.messagizer.de
07.31.03 13:13:30:080 -- (752) - MAPS search done... .
07.31.03 13:13:30:080 -- (752) RCPT TO: [del]@brainlift.de accepted
07.31.03 13:13:35:749 -- (752) EMail from mos.187902.33882.gemeindebrief.dbounce@news.messagizer.de to [del]@brainlift.de was queued. Size: 41 KB
07.31.03 13:13:35:769 -- (1004) Sending email from gemeindebrief@geizkragen.de to [del]@brainlift.de
07.31.03 13:13:35:819 -- (752) Disconnect
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Frank, You have an extra close paren on the end. YOUR RegEx: (\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com)) Should be: (\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com) Also, what build are you running? Dan
|
|
![]() |
|
Frank Schreier ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Dan, thanks a lot (to stupid), its build 190, have a nice day...
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Hold on a second ... On build 190 up, I am getting a string match error also. I have been working directly with LogSat on this for another RegEx so I will look into this also. I had ZERO errors in the past and this has been a good block for me so it is a high priority. Dan S.
|
|
![]() |
|
Frank Schreier ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Ok, just as I looked again to fix it I saw there is no extra close paren in the filter, its only the close paren for the hole log text line
(mos.187902.33882.gemeindebrief.dbounce@news.messagizer.de --and-- (\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com))
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Frank, The extra Paren, as you saw, is only in the log. This is what I have so far and what I sent off to LogSat: Using the RegEx test in the SF GUI, the following RegEx In the fromemail bl fails as follows:
(\b[\d+]+([\-a-za-z0-9_\.\+])+(@hotmail|@juno)\.com)
If the chars before the @ are 32 or less, the test works. If the chars before the @ are greater than 32, it fails. Could this be related to the String Matching error.
Dan
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Frank, Do not panic on this yet. LogSat has placed a limit on the string length due to a REALLY bad issue that came up on my server. I have requested that we take another look at the limit setting but in the meantime, it is NOT a failure but the message may "sneak" past the filter. I am looking into that now but I am leavint the RegEx in my server for now. Dan |
|
![]() |
|
Frank Schreier ![]() Guest Group ![]() |
![]() ![]() ![]() ![]() ![]() |
Dan, I am relaxed and leaving it in my server too for the next days. Frank.
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Frank, This is from Roberto of LogSat: If the loop stack is exceeded for a RegEx, that single RegEx expression will be skipped, so there won't be a match on it. All other keywords/blacklists are still processed.
I'll [LogSat] see how much I can increase the loop stack without runnning into the problems you [Dan S.] had.
[LogSat's] been working on the statistical filtering for a while now, and will most likely have an alpha version ready for internal testing by this weekend. If all goes well, a public beta will be released within a week or two. This hsould help a LOT in catching more spam.
Dan S. |
|
![]() |
Post Reply ![]() |
|
Tweet
|
Forum Jump | Forum Permissions ![]() You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.180 seconds.