Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

GFI Mail Essential, How to filter URL only spam with regular expression

Posted on 2013-12-09
8
Medium Priority
?
645 Views
Last Modified: 2013-12-10
I contacted GFI support and forum, they claim it's possible to filter emails containing URL only, no text before and after. But it seems to be not working, to me it looks as the regular expression engine they use check line by line, not applying regular expression to the entire body text. If you use GFI MailEssential, how do you overcome this limit?

For example, when I tried to filter emails containing only URL, not text before and after with/without new line character, I put this;

e= ^http:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)+$

But it filters both 'text +  e', 'e+text', text+e+text'. The ^ and $ is only applied to line, not entire text, looks like...
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 2000 total points
ID: 39706516
There should be a switch/modifier you can use to turn on finding newlines as part of the text, rather than terminating the text string at them. Commonly, the switch is 's' or 'm', as in:

e= (?m)^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+$

Open in new window

I'm not sure this is correct, but I assume it is based on my preliminary research on GFI/Tcl.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39707227
It takes (?m), but it seems to restart the input string when there's line break...
I may keep this thread while I research more..
0
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 2000 total points
ID: 39709022
Did you try (?s) ? Also try (?D) or (?d) , I've seen those before as newline match modifiers as well. If none of those work...

Wait. What *exactly* are you trying to find/filter? Upon re-reading your request, it sounds like you're looking for emails containing *only* a URL in the body, is that correct?

In any case, you're always welcome to try this regex:

e= ^(\r|\n|\s|\t)*http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}\/(\/|\S)*(\r|\n|\t|\s)*$

Open in new window

I refactored it so it would (hopefully) account for anything before/after a URL that's not text.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:crcsupport
ID: 39709296
Same thing in GFI MailEssential, I tried yours and changed a bit to;

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s+$

It captures;

"http://asfsadfasdfds.com/asdfsdfas 

"

but also captures :
"http://asfsadfasdfds.com/asdfsdfas 

sdfasdfasdfsadf"

I tested on regular expression checker for the expression at http://regex101.com, it works as it's expected. But, GFI MailEssential doesn't work, it seems like their engine doesn't know how to do multiline mode. I used (?m) and others after researching online, none of them is taken as multiline mode
0
 
LVL 9

Accepted Solution

by:
Derek Jensen earned 2000 total points
ID: 39709323
okay, let's try this one then:

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s*?[^a-zA-Z]$

Open in new window

0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709380
nope... it stops right after it finds the pattern and gives false positive.

Match in body triggered rule "URL Only" (Match found: http://sadfsadfdsaf.com/asdfasdfasdf )

for both

"http://sadfsadfdsaf.com/asdfasdfasdf

"

and
"http://sadfsadfdsaf.com/asdfasdfasdf

sssss"
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709406
I contacted GFI support, they have no idea what multiline mode is, asks me to post in http://ideas.gfi.com. well...
Thank you bigdogdman anyway for your efforts.
0
 
LVL 9

Expert Comment

by:Derek Jensen
ID: 39710309
Wow....didn't see that one coming...

They must have a highly proprietary (and highly stripped-down) regex engine; good luck with that; hope everything works out. :-)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Resolve DNS query failed errors for Exchange
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question