Hi Sandy,
Thought I'd let you know I tried it today. Worked great on strings with no
spaces, but all of the strings with spaces in them triggered on every email,
whether the entire string was there or not. Haven't had time to test in
detail, so I'm not sure why yet.
Here's an example test config:
REGEX14 external 0 "c:\winnt\system32\cmd.exe /c findstr "If you require
any of the medications below,"" 1 0
Every email was failing this test, regardless of whether it had the whole
string in it.
On the positive side, running a half dozen other tests didn't seem to do
much to processor utilization. I'll have a better idea in a couple of days
from our performance monitoring.
Darin.
----- Original Message -----
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 30, 2004 6:49 PM
Subject: [Declude.JunkMail] External RegEx tests using FINDSTR
All,
Forgive me if someone has mentioned this before, but my archives don't
show anything.
I've been playing with FINDSTR as an external test to quickly add
RegEx tests:
REGEX1 external 0 "c:\winnt\system32\cmd.exe /c findstr
"search.*term"" <weight> 0
It's been working out fine thus far in lab use. Note that it is used
as an 'external 0' test, as it returns 0 if the FINDSTR search string
_is_ found.
While the RegEx engine isn't crazy-robust (it doesn't span line
breaks, I believe), it certainly gives us tons above filters alone,
and I'd bet that those with overlong filters would see relative
benefits in maintenance and performance.
It's certain that the CPU needs will be substantial, not only because
of the search step itself (which should just be comparable to other
non-compiled RegEx engines), but because of the shelling to the
external command interpreter, as with any external test. I'd certainly
recommend using the /G option to feed a list of search strings in one
test iteration, with the caveat that only one weight would thus be
returned for any number of failures within the list, unlike with
Declude filter files.
Also note that I personally use SpamAssassin for compiled RegEx
support and the granular matching/weighting it offers, but the FINDSTR
method would be accessible to anyone using Declude for easy-to-build
checks and profiling.
I eagerly anticipate feedback from the first guinea pigs. :)
--Sandy
P.S. I'm working on passing Declude variables to FINDSTR, which would
be great. There are some issues with the fact that Declude always
passes the D file as the last argument, creating parsing errors for
FINDSTR. Scott, could we get a new test type like EXTERNALNOBODY that
just runs the command line without adding anything at the end?
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail
Aliases!
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
