GFI Mail Essential, How to filter URL only spam with regular expression

I contacted GFI support and forum, they claim it's possible to filter emails containing URL only, no text before and after. But it seems to be not working, to me it looks as the regular expression engine they use check line by line, not applying regular expression to the entire body text. If you use GFI MailEssential, how do you overcome this limit?

For example, when I tried to filter emails containing only URL, not text before and after with/without new line character, I put this;

e= ^http:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)+$

But it filters both 'text +  e', 'e+text', text+e+text'. The ^ and $ is only applied to line, not entire text, looks like...
LVL 1
crcsupportAsked:
Who is Participating?
 
Derek JensenCommented:
okay, let's try this one then:

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s*?[^a-zA-Z]$

Open in new window

0
 
Derek JensenCommented:
There should be a switch/modifier you can use to turn on finding newlines as part of the text, rather than terminating the text string at them. Commonly, the switch is 's' or 'm', as in:

e= (?m)^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+$

Open in new window

I'm not sure this is correct, but I assume it is based on my preliminary research on GFI/Tcl.
0
 
crcsupportAuthor Commented:
It takes (?m), but it seems to restart the input string when there's line break...
I may keep this thread while I research more..
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Derek JensenCommented:
Did you try (?s) ? Also try (?D) or (?d) , I've seen those before as newline match modifiers as well. If none of those work...

Wait. What *exactly* are you trying to find/filter? Upon re-reading your request, it sounds like you're looking for emails containing *only* a URL in the body, is that correct?

In any case, you're always welcome to try this regex:

e= ^(\r|\n|\s|\t)*http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}\/(\/|\S)*(\r|\n|\t|\s)*$

Open in new window

I refactored it so it would (hopefully) account for anything before/after a URL that's not text.
0
 
crcsupportAuthor Commented:
Same thing in GFI MailEssential, I tried yours and changed a bit to;

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s+$

It captures;

"http://asfsadfasdfds.com/asdfsdfas 

"

but also captures :
"http://asfsadfasdfds.com/asdfsdfas 

sdfasdfasdfsadf"

I tested on regular expression checker for the expression at http://regex101.com, it works as it's expected. But, GFI MailEssential doesn't work, it seems like their engine doesn't know how to do multiline mode. I used (?m) and others after researching online, none of them is taken as multiline mode
0
 
crcsupportAuthor Commented:
nope... it stops right after it finds the pattern and gives false positive.

Match in body triggered rule "URL Only" (Match found: http://sadfsadfdsaf.com/asdfasdfasdf )

for both

"http://sadfsadfdsaf.com/asdfasdfasdf

"

and
"http://sadfsadfdsaf.com/asdfasdfasdf

sssss"
0
 
crcsupportAuthor Commented:
I contacted GFI support, they have no idea what multiline mode is, asks me to post in http://ideas.gfi.com. well...
Thank you bigdogdman anyway for your efforts.
0
 
Derek JensenCommented:
Wow....didn't see that one coming...

They must have a highly proprietary (and highly stripped-down) regex engine; good luck with that; hope everything works out. :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.