On Thu, 4 Mar 2004, Billy Kimble wrote:
|->(disclaimer: all regexps need to have asterisk removed to work.)
|->
|->Keith,
|->
|->Thanks for the info. I used your regexp and it didn't block anything. I
|->looked at it closer and while I'm not a regexp god, I have a little big of
|->perl regexp experience. I thought it should have read:
|->
|->U*EsDB....[Q-Za-fw-z0-9]+
Was not mine...I just cross posted from another list that someone else
(whom I think is more knowledgeable that I) had posted their work and
thought it would be useful here.
I am using:
/^UEsDBAoAAAAAA/ REJECT Bagel Body
/^UEsDBAoAAQAAA/ REJECT E-Bagel Body
E-Bagel is for Encrypted which has netted today:
grep -i "E\-Bagel" /var/log/maillog | wc -l
78
And regular:
grep "Bagel Body" /var/log/maillog | wc -l
272
Looking at the From: attribute on these a lot are definately garbage.
|->When I used that my "fixed" version, it stopped ALL zips (encrypted and
|->unencrypted) for some unknown reason. I did have luck with Gerry Massats
|->regexp:
|->
|->U*EsDBAoAAQAAA
|->
|->Normal zip: U*EsDBBQAAAA
|->My test encrypted zip: U*EsDBBQAAQA (3 differnt zip files, all with
|->differing types/pws each)
|->Decludes encrypted zip: U*EsDBAoAAQA (which would explain why Gerry's works
|->.. he prob used it only to test with and its the only thing my IMgate
|->catches)
|->
|->I don't know why my modifed version of your regexp didn't work ... it LOOKS
|->like it should have, but it didn't. I'm baffled and it's late so I'll leave
|->this to you early birds to try to solve. If you want, you can download one
|->of the test encrypted zip files I made at
|->http://dev.ebaseweb.com/stuff/test3.zip ... it contains 1 pw protected file
|->'setup.exe' (which was some random app installer file for windows that I
|->found). I hope you guys have better luck than I did with this :)
|->
|->> > | U*EsDBAoAAAAAA <= Matches unencrypted ZIP file
|->> > | U*EsDBAoAAQAAA <= Matches encrypted version.
I use the above match.
|->> > UEsDB....[Q-Za-fw-z0-9\+/]
|->> > Regexp: UEsDB....[Q-Za-fw-z0-9\+/]
I did not try these ones. I posted mostly for informational purposes as I
found the stuff about how zip files are put together kind of interesting.
Sorry for the confusion. Should have been a little clearer. I usually need
to drag out a book or two when deciphering regexps.
Keith
