Sandy, that's a nifty idea. It looks like it got lost in a blizzard of SA talk, though.
I did a very similar thing the last time we talked about using shells as external tests. I did much as you're suggesting here, but I used a .cmd batch file and the GNU utils egrep. After verifying that it worked as expected, I shelved it. Although it was computationally worth it, I'm happier having a fully licenced sniffer in place! Andrew 8) -----Original Message----- From: Sanford Whiteman [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 3:49 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] External RegEx tests using FINDSTR All, Forgive me if someone has mentioned this before, but my archives don't show anything. I've been playing with FINDSTR as an external test to quickly add RegEx tests: REGEX1 external 0 "c:\winnt\system32\cmd.exe /c findstr "search.*term"" <weight> 0 It's been working out fine thus far in lab use. Note that it is used as an 'external 0' test, as it returns 0 if the FINDSTR search string _is_ found. While the RegEx engine isn't crazy-robust (it doesn't span line breaks, I believe), it certainly gives us tons above filters alone, and I'd bet that those with overlong filters would see relative benefits in maintenance and performance. It's certain that the CPU needs will be substantial, not only because of the search step itself (which should just be comparable to other non-compiled RegEx engines), but because of the shelling to the external command interpreter, as with any external test. I'd certainly recommend using the /G option to feed a list of search strings in one test iteration, with the caveat that only one weight would thus be returned for any number of failures within the list, unlike with Declude filter files. Also note that I personally use SpamAssassin for compiled RegEx support and the granular matching/weighting it offers, but the FINDSTR method would be accessible to anyone using Declude for easy-to-build checks and profiling. I eagerly anticipate feedback from the first guinea pigs. :) --Sandy P.S. I'm working on passing Declude variables to FINDSTR, which would be great. There are some issues with the fact that Declude always passes the D file as the last argument, creating parsing errors for FINDSTR. Scott, could we get a new test type like EXTERNALNOBODY that just runs the command line without adding anything at the end? ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/re lease/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
