Hi folks!

I'm trying to build a RegEx to block some e-mails infected by the worm MY_DOOM.A

My idea is to block e-mails wich have the words hi, hello, test or error in his subject.

I made some RegEx like:

- (Subject:\x20(hi|Hi|HI|hello|Hello|HELLO|error|Error|ERROR|test|Test|TEST))

- (subject:\x20(test$|hi|hello$|error$))

- (Subject:(hi$|hello$|test$|error$))

None of them work!!!

Someone can give me a clue?

Thanks everyone and sorry about my bad english, that's not my natural language.

Henrique

I have two mx servers.

One of them with the 1.2.0.212 build and the other with the 1.2.0.178 build.

[]'s

Henrique

I'm having the same issue (the "Subject:" search isn't working).  Per the release notes and bug fixes on the 'Download' page...(the third items shows that version 1.2.0.212 now has the new "Subject:" word search...

// New to VersionNumber = '1.2.0.212';
{TODO -cNew : Add ini option to allow MAIL FROM command without 1st HELO command}
{TODO -cNew : Incoming connections are dropped immediately when the DATA stream exceeds the max message size, before the entire email was received before being rejected}
{TODO -cNew : Subject lines are now prefixed with the words "Subject:", allowing RegEx searches to be more specific by limiting them to the subject line only}

I upgraded to this version, but my "Subject:" keyword searches are not working.

Any help would be greatly appreciated, I too am trying to stop the MyDoom virus in it's tracks by searching the email subjects

Thanks!

GJ

Sure Dan, thanks for the quick initial response!

Here is what I have in my Keywords Filter area to filter any emails with a subject of "hi" (without the quotes)...

Subject: hi
Subject: (?i)hi
"Subject:" (hi)

All three of these don't work!  I've sent an inbound email from three seperate email accounts that I have on the internet, with the subject of "hi" (without the quotes), and SpamFilter isn't trapping it.

I just re-verified my version on the spamfilter.exe and spamfiltersvc.exe, and they are both: 1.2.0.212.

Thanks!

GJ

Hmmm ... all of a sudden my Subject RegEx is not working ... but it did.  I am running a private beta that may have an issue though ..  I will check on that.

Dan S.

All,

The following examples do, in fact, work but I have no stats on false blocking yet.  After one hour, I got "hits" on 2 out of 3 of them and nailed 23 messages.

((?i)Subject:((re:hit)|((\.){1})|((\w){0,3}(dont wait\!))))

((?i)Subject:(.){3,15}("confirmation n))

((?i)Subject:(at last).{20,})

Any comments on what is wrong with these PLEASE!

Regards,

Dan S.

Nix the post above ... too many false positives.

I changed it to ((?i)Subject:=\?ISO\-\d*\-\1?.*?better_)  For the moment.

Dan S.