?
Solved

GFI Mail Essential, How to filter URL only spam with regular expression

Posted on 2013-12-09
8
Medium Priority
?
659 Views
Last Modified: 2013-12-10
I contacted GFI support and forum, they claim it's possible to filter emails containing URL only, no text before and after. But it seems to be not working, to me it looks as the regular expression engine they use check line by line, not applying regular expression to the entire body text. If you use GFI MailEssential, how do you overcome this limit?

For example, when I tried to filter emails containing only URL, not text before and after with/without new line character, I put this;

e= ^http:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)+$

But it filters both 'text +  e', 'e+text', text+e+text'. The ^ and $ is only applied to line, not entire text, looks like...
0
Comment
Question by:crcsupport
  • 4
  • 4
8 Comments
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 2000 total points
ID: 39706516
There should be a switch/modifier you can use to turn on finding newlines as part of the text, rather than terminating the text string at them. Commonly, the switch is 's' or 'm', as in:

e= (?m)^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+$

Open in new window

I'm not sure this is correct, but I assume it is based on my preliminary research on GFI/Tcl.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39707227
It takes (?m), but it seems to restart the input string when there's line break...
I may keep this thread while I research more..
0
 
LVL 9

Assisted Solution

by:Derek Jensen
Derek Jensen earned 2000 total points
ID: 39709022
Did you try (?s) ? Also try (?D) or (?d) , I've seen those before as newline match modifiers as well. If none of those work...

Wait. What *exactly* are you trying to find/filter? Upon re-reading your request, it sounds like you're looking for emails containing *only* a URL in the body, is that correct?

In any case, you're always welcome to try this regex:

e= ^(\r|\n|\s|\t)*http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}\/(\/|\S)*(\r|\n|\t|\s)*$

Open in new window

I refactored it so it would (hopefully) account for anything before/after a URL that's not text.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:crcsupport
ID: 39709296
Same thing in GFI MailEssential, I tried yours and changed a bit to;

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s+$

It captures;

"http://asfsadfasdfds.com/asdfsdfas 

"

but also captures :
"http://asfsadfasdfds.com/asdfsdfas 

sdfasdfasdfsadf"

I tested on regular expression checker for the expression at http://regex101.com, it works as it's expected. But, GFI MailEssential doesn't work, it seems like their engine doesn't know how to do multiline mode. I used (?m) and others after researching online, none of them is taken as multiline mode
0
 
LVL 9

Accepted Solution

by:
Derek Jensen earned 2000 total points
ID: 39709323
okay, let's try this one then:

^http:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}(\/\S*)+\s*?[^a-zA-Z]$

Open in new window

0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709380
nope... it stops right after it finds the pattern and gives false positive.

Match in body triggered rule "URL Only" (Match found: http://sadfsadfdsaf.com/asdfasdfasdf )

for both

"http://sadfsadfdsaf.com/asdfasdfasdf

"

and
"http://sadfsadfdsaf.com/asdfasdfasdf

sssss"
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39709406
I contacted GFI support, they have no idea what multiline mode is, asks me to post in http://ideas.gfi.com. well...
Thank you bigdogdman anyway for your efforts.
0
 
LVL 9

Expert Comment

by:Derek Jensen
ID: 39710309
Wow....didn't see that one coming...

They must have a highly proprietary (and highly stripped-down) regex engine; good luck with that; hope everything works out. :-)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month16 days, 19 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question