Solved

GFI Mail Essential, How to filter URL only spam with regular expression

Posted on 2013-12-09
8
587 Views
Last Modified: 2013-12-10
I contacted GFI support and forum, they claim it's possible to filter emails containing URL only, no text before and after. But it seems to be not working, to me it looks as the regular expression engine they use check line by line, not applying regular expression to the entire body text. If you use GFI MailEssential, how do you overcome this limit?

For example, when I tried to filter emails containing only URL, not text before and after with/without new line character, I put this;

e= ^http:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)+$

But it filters both 'text +  e', 'e+text', text+e+text'. The ^ and $ is only applied to line, not entire text, looks like...
0
Comment
Question by:crcsupport
  • 4
  • 4
8 Comments
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 500 total points
ID: 39706516
There should be a switch/modifier you can use to turn on finding newlines as part of the text, rather than terminating the text string at them. Commonly, the switch is 's' or 'm', as in:

e= (?m)^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+$

Open in new window

I'm not sure this is correct, but I assume it is based on my preliminary research on GFI/Tcl.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39707227
It takes (?m), but it seems to restart the input string when there's line break...
I may keep this thread while I research more..
0
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 500 total points
ID: 39709022
Did you try (?s) ? Also try (?D) or (?d) , I've seen those before as newline match modifiers as well. If none of those work...

Wait. What *exactly* are you trying to find/filter? Upon re-reading your request, it sounds like you're looking for emails containing *only* a URL in the body, is that correct?

In any case, you're always welcome to try this regex:

e= ^(\r|\n|\s|\t)*http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}\/(\/|\S)*(\r|\n|\t|\s)*$

Open in new window

I refactored it so it would (hopefully) account for anything before/after a URL that's not text.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709296
Same thing in GFI MailEssential, I tried yours and changed a bit to;

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s+$

It captures;

"http://asfsadfasdfds.com/asdfsdfas

"

but also captures :
"http://asfsadfasdfds.com/asdfsdfas

sdfasdfasdfsadf"

I tested on regular expression checker for the expression at http://regex101.com, it works as it's expected. But, GFI MailEssential doesn't work, it seems like their engine doesn't know how to do multiline mode. I used (?m) and others after researching online, none of them is taken as multiline mode
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Accepted Solution

by:
Derek Jensen earned 500 total points
ID: 39709323
okay, let's try this one then:

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s*?[^a-zA-Z]$

Open in new window

0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709380
nope... it stops right after it finds the pattern and gives false positive.

Match in body triggered rule "URL Only" (Match found: http://sadfsadfdsaf.com/asdfasdfasdf )

for both

"http://sadfsadfdsaf.com/asdfasdfasdf

"

and
"http://sadfsadfdsaf.com/asdfasdfasdf

sssss"
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709406
I contacted GFI support, they have no idea what multiline mode is, asks me to post in http://ideas.gfi.com. well...
Thank you bigdogdman anyway for your efforts.
0
 
LVL 9

Expert Comment

by:Derek Jensen
ID: 39710309
Wow....didn't see that one coming...

They must have a highly proprietary (and highly stripped-down) regex engine; good luck with that; hope everything works out. :-)
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now