Print Page | Close Window

New RegEx & Incredimail (Improved?)

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1338
Printed Date: 14 March 2025 at 6:30am


Topic: New RegEx & Incredimail (Improved?)
Posted By: Desperado
Subject: New RegEx & Incredimail (Improved?)
Date Posted: 10 July 2003 at 12:31am
All,
 
No guarantees but this seems to work very well and doesn't.t block any incredimail I tested
 
(<[!--]+[a-zA-Z0-9]{11,}[!--])
(<[!--]+[a-zA-Z0-9]{13,}(-->))
(<[!--]+[a-zA-Z0-9]{2}(-->))
( http:///w{0,6}%[/d" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http:// \w{0,6}%[\d])           (Warning!  Must have mailto:*@paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - *@paypal.com  in "Excluded From" list for this one)
(href=" http://+[/d" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://+" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://+ [\d])
((<font color="#ffffff">.*){3,8})
 
Please comment on success or failure.
 
Dan S.


Replies:
Posted By: Guests
Date Posted: 10 July 2003 at 9:08am

Can you explain in plain words what each of them do. I'm a little rusty on my RegEx. :)

Thanks.

Posted By: Desperado
Date Posted: 10 July 2003 at 9:59am
I will ... but I want to acquire more statistics first.  PLEASE remember, these are not "Gospel" ... and I am providing now guarantees as to their function.   Feedback is always appreciated.
 
Dan S.

Posted By: Guests
Date Posted: 10 July 2003 at 2:47pm

(<[!--]+[a-hj-zA-HJ-Z0-9]{11,})
(href=" http://+[\d" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://+" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://+ [\d])

 

These are the only two I am using and it is catching only junk mail. I'm not sure of the effect of the others you had listed so I am waiting for a bit before I try those.
If anyone can explain the syntax of the others I will try them out also and let you know.

Thanks.

Posted By: Desperado
Date Posted: 10 July 2003 at 4:47pm
OK ... I have changed the first on yet again but it may be too ambitious. So far, in 30 min , it has blocked 100 messages and all were junk or at least stuff I wouldn't want.
 
I will TRY to explain it.
 
(<[!--]+[\x20]{0,1}[a-zA-Z0-9]{10,}[\x20]{0,1}[!--])
  • <                    look for an open tag start character, immediately followed by...
  •  [!--]+            looks for 1 or more  !-- characters indicating an html comment, immediately followed by...
  • [\x20]{0,1}    looks for 0 or 1 space (hex 20) followed by ....
  • [a-zA-Z0-9]{10,} 10 or more alphanumeric characters   (*** see note below)
  • [\x20]{0,1}    looks for 0 or 1 space (hex 20) followed by ....
  • [!--]               Any one of these characters should indicate that the tag is being closed
***  The original reason for 11  (now 10) was because <blockquote> is a 10 char tag that is valid but I ran 400 messages through with that tag and got no blocks because I have yet to see one that has !-- in it.
 
I tested it with <!--IncrdiXMLRemarkStart> and it doesn't block it HOWEVER,  I do see what seem to be valid "News Letters" with the following tag ... <!--messageREACH-object-start-->.  These DO get blocked.  Oddly enough, EVERY one of these messages (31 out of 31) are going to totally bogus accounts on our network so I am not worried ... YET.  Comments please.
 
If anyone sees a problem with this or has a problem, please report it with as much detail as possible.
 
Thanks,
 
Dan S.

 


Print Page | Close Window