From: Kevin A. McGrail kmcgr...@pccc.com
Date: Wed, 26 Feb 2014 19:06:34 -0500
On 2/26/2014 6:53 PM, Webmaster wrote:
I need a regex to match an alphanumeric string with letters and numbers.
example: 48HQZBF404TY2298D1414BB8050022YQ3872444
The pattern is defined
thanks!... that appears to work just fine ... tested on http://regexpal.com
I will break that down and try to understand how it works.
JC
On 2/26/14 2:49 PM, Jeff Mincy wrote:
From: Kevin A. McGrail kmcgr...@pccc.com
Date: Wed, 26 Feb 2014 19:06:34 -0500
On 2/26/2014 6:53
On Feb 26, 2014, at 5:49 PM, Jeff Mincy j...@delphioutpost.com wrote:
Can't you do something like this using a look ahead regexp?
(?=[A-Z0-9]{30,})(?:[A-Z]*[0-9]){10,}
According to regexpal.com, that matches the OP's example. The lookahead works
properly in this case, since trying to use
On 2/18/2014 1:26 PM, Marc Perkel wrote:
On 2/18/2014 9:32 AM, John Hardin wrote:
On Tue, 18 Feb 2014, Marc Perkel wrote:
Trying to do something complex and not sure how it's done. What I'm
looking for is to combine 2 conditions in a single regular expression
so that both have to be true for
On 2/18/2014 9:32 AM, John Hardin wrote:
On Tue, 18 Feb 2014, Marc Perkel wrote:
Trying to do something complex and not sure how it's done. What I'm
looking for is to combine 2 conditions in a single regular expression
so that both have to be true for a match. Yes - I know I can make 2
SA
On 1/30/2014 6:37 PM, David B Funk wrote:
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
If you want to share the complete rule, I can throw it into my
sandbox and see what masscheck thinks as well.
The complete rule
On 1/30/2014 6:37 PM, David B Funk wrote:
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
If you want to share the complete rule, I can throw it into my
sandbox and see what masscheck thinks as well.
The complete rule
Amir Caspi ceph...@3phase.com wrote on 01/29/2014 11:08:18 AM:
From: Amir Caspi ceph...@3phase.com
To: Andy Jezierski ajezier...@stepan.com,
Cc: users@spamassassin.apache.org users@spamassassin.apache.org
Date: 01/29/2014 11:08 AM
Subject: Re: Help with a regex to catch spam with gibberish
: Help with a regex to catch spam with gibberish html tags
On Jan 29, 2014, at 9:53 AM, Andy Jezierski
ajezier...@stepan.com wrote:
I've been noticing a lot of spam getting through with the same
traits, a bunch of random words within brackets. They all seem to
come after the /body or the /html
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
If you want to share the complete rule, I can throw it into my sandbox and
see what masscheck thinks as well.
The complete rule would be something like this, assuming Andy implemented it as
I wrote it:
rawbody
Amir Caspi ceph...@3phase.com wrote on 01/30/2014 11:39:51 AM:
From: Amir Caspi ceph...@3phase.com
To: Kevin A. McGrail kmcgr...@pccc.com,
Cc: Andy Jezierski ajezier...@stepan.com,
users@spamassassin.apache.org users@spamassassin.apache.org
Date: 01/30/2014 11:40 AM
Subject: Re: Help
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
If you want to share the complete rule, I can throw it into my sandbox and see
what masscheck thinks as well.
The complete rule would be something like this, assuming Andy
On Jan 30, 2014, at 11:25 AM, John Hardin jhar...@impsec.org wrote:
I'd suggest writing it as a subrule first, to see how well it performs
against the masscheck corpora. If it does well by itself (good hits, high
S/O), then a meta can be added to expose it for scoring. If it hits a lot but
On 1/30/2014 1:25 PM, John Hardin wrote:
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
If you want to share the complete rule, I can throw it into my
sandbox and see what masscheck thinks as well.
The complete rule would be
that will
potentially be very useful in combination if they don't perform well on
their own. If it doesn't perform well enough to publish, or gets a low
score, then we can look at overlaps to see if a combination meta would
help.
--
John Hardin KA7OHZhttp://www.impsec.org
On 1/30/2014 12:39 PM, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com
mailto:kmcgr...@pccc.com wrote:
If you want to share the complete rule, I can throw it into my
sandbox and see what masscheck thinks as well.
The complete rule would be something like
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
If you want to share the complete rule, I can throw it into my sandbox
and see what masscheck thinks as well.
The complete rule would be something like this, assuming Andy
I've been noticing a lot of spam getting through with the same traits, a
bunch of random words within brackets. They all seem to come after the
/body or the /html tag. Anyone much more knowledgeable than me care
to assist with a rule to detect them?
Thanks
Andy
Example:
/html
/body
style
On Jan 29, 2014, at 9:53 AM, Andy Jezierski ajezier...@stepan.com wrote:
I've been noticing a lot of spam getting through with the same traits, a
bunch of random words within brackets. They all seem to come after the
/body or the /html tag. Anyone much more knowledgeable than me care to
On 1/29/2014 11:53 AM, Andy Jezierski wrote:
I've been noticing a lot of spam getting through with the same traits,
a bunch of random words within brackets. They all seem to come after
the /body or the /html tag. Anyone much more knowledgeable than
me care to assist with a rule to detect
On Wed, 29 Jan 2014, Joe Quinn wrote:
On 1/29/2014 11:53 AM, Andy Jezierski wrote:
I've been noticing a lot of spam getting through with the same traits, a
bunch of random words within brackets. They all seem to come after the
/body or the /html tag. Anyone much more knowledgeable than me
John Hardin jhar...@impsec.org wrote on 01/29/2014 12:34:29 PM:
From: John Hardin jhar...@impsec.org
To: users@spamassassin.apache.org,
Date: 01/29/2014 12:35 PM
Subject: Re: Help with a regex to catch spam with gibberish html tags
On Wed, 29 Jan 2014, Joe Quinn wrote:
On 1/29/2014 11
On Wed, January 29, 2014 11:34 am, John Hardin wrote:
There is already a style gibberish rule.
http://ruleqa.spamassassin.org/20140128-r1562007-n/STYLE_GIBBERISH/detail
I haven't seen STYLE_GIBBERISH hitting on very much in the last month...
some hits, but it's missing a bunch of stuff,
On Wed, 29 Jan 2014, Amir 'CG' Caspi wrote:
On Wed, January 29, 2014 11:34 am, John Hardin wrote:
There is already a style gibberish rule.
It would appear that the rule needs updating based on the above examples...
Okay, I will try to take a look at it this weekend. Thanks.
Feel free to
Are there any instructions in setting up the Bayes DB using a Redis
server?
I've installed the server, took the sample config options and added them
to local.cf
bayes_store_module Mail::SpamAssassin::BayesStore::Redis
bayes_store_module_additional Mail::SpamAssassin::Util::TinyRedis
You'll need quite a lot of memory to run Bayes/Redis
Did you expire old tokens before the backup?
what does sa-learn --dump magic say (when using mysql)
my Redis
top - 18:11:53 up 39 days, 8:01, 1 user, load average: 0.80, 0.29, 0.16
Tasks: 128 total, 1 running, 127 sleeping, 0
Axb axb.li...@gmail.com wrote on 01/16/2014 11:16:32 AM:
From: Axb axb.li...@gmail.com
To: users@spamassassin.apache.org,
Date: 01/16/2014 11:17 AM
Subject: Re: SA 3.4.0rc5 Redis DB Help
You'll need quite a lot of memory to run Bayes/Redis
Sounds like I might stick with mysql
Andy Jezierski writes:
Are there any instructions in setting up the Bayes DB using a Redis
server?
Yes, in release notes (currently also in build/announcements/PROPOSED-3.4.0.txt
in svn). Pretty much exactly as you already have it.
I've installed the server, took the sample config options
me writes:
Note that bayes_token_ttl and bayes_seen_ttl have no effect
on entries loaded from a backup dump, they are all given
a 'current' timestamp (with some random offset so that they
will not expire at exactly the same time). But for a steady-state,
with these *_ttl settings you can
Hi,
On Fri, Jan 10, 2014 at 10:32 PM, Kevin A. McGrail kmcgr...@pccc.comwrote:
I checked in basic and I didn't get very far just looking at the first
rule using your pastebin example. It didn't appear to hit your rules.
Might be something lost via pastebin but it's late and I'm tired so
On 1/11/2014 9:05 AM, Alex wrote:
Hi,
On Fri, Jan 10, 2014 at 10:32 PM, Kevin A. McGrail kmcgr...@pccc.com
mailto:kmcgr...@pccc.com wrote:
I checked in basic and I didn't get very far just looking at the
first rule using your pastebin example. It didn't appear to hit
your
HI,
I have an FP that has hit on a few rules, but one of them was a rule
for short URLs, but I can't figure out which one it's hitting. How can
I have it show me which pattern triggered a specific rule?
It seems some rules already show this, for example:
Jan 10 19:38:29.919 [2393] dbg: rules:
I checked in basic and I didn't get
very far just looking at the first rule using your pastebin
example. It didn't appear to hit your rules.
Might be something lost via pastebin but it's late and I'm tired
so could be my mistake as well. However,
On Sun, 2013-12-15 at 18:04 -0500, Jeff Jennings wrote:
I setup an email server today and for the life of me I can't figure
out why my spamaassin implementation is flagging all of my emails from
the server with DATE_IN_FUTURE_03_06
Received: from spamtitan.example.com ([127.0.0.1])
by
I setup an email server today and for the life of me I can't figure out why
my spamaassin implementation is flagging all of my emails from the server
with DATE_IN_FUTURE_03_06
any help would be appreciated.
thanks in advance
Jeff
Return-Path: xxx
Delivered-To: spam-quarantine
X-Envelope
On Sun, 2013-12-15 at 18:04 -0500, Jeff Jennings wrote:
I setup an email server today and for the life of me I can't figure out why
my spamaassin implementation is flagging all of my emails from the server
with DATE_IN_FUTURE_03_06
Your timezone is GMT -5 (from your) letter header, and you
On 2013-12-15 15:04, Jeff Jennings wrote:
I setup an email server today and for the life of me I can't figure
out why my spamaassin implementation is flagging all of my emails from
the server with DATE_IN_FUTURE_03_06
Have you checked the obvious, do you have both your server's time and
time
Jeff Jennings skrev den 2013-12-16 00:04:
Received: from xxx (unknown [98.16.160.99])
by spamtitan.example.com [1] (Postfix) with ESMTP id 427543D1974
for xxx; Sun, 15 Dec 2013 18:50:24 + (UTC)
Date: Mon, 16 Dec 2013 04:20:20 +0530
mua says the Date: but the mailserver is not using
On Sat, 23 Nov 2013 00:33:51 +0600
?? wrote:
Hi All!
I've read a number of articles about a FreeBSD + Postfix + Dovecot +
Amavisd + Clamav + SpamAssassin + MySQL system. And with these
materials I set up a mail server.
OS: FreeBSD
And every week I teach SpamAssassin with those mailboxes with script:
#!/bin/sh
DIR=/var/spool/mail/prem-ekb.ru
sa-learn --clear
sa-learn --spam ${DIR}/s...@prem-ekb.ru/cur/*S{a,}
In FreeBSD /bin/sh is a minimal POSIX bourne shell,
And every week I teach SpamAssassin with those mailboxes with script:
#!/bin/sh
DIR=/var/spool/mail/prem-ekb.ru
sa-learn --clear
sa-learn --spam ${DIR}/s...@prem-ekb.ru/cur/*S{a,}
In FreeBSD /bin/sh is a minimal POSIX bourne shell,
On Sun, 24 Nov 2013, Matus UHLAR - fantomas wrote:
And every week I teach SpamAssassin with those mailboxes with script:
#!/bin/sh
DIR=/var/spool/mail/prem-ekb.ru
sa-learn --clear
sa-learn --spam
Гуляев Гоша skrev den 2013-11-23 09:11:
ноя 23 13:56:32.056 [91453] dbg: diag: [...] module not installed:
Mail::SPF ('require' failed)
ноя 23 13:56:32.056 [91453] dbg: diag: [...] module not installed:
IP::Country::Fast ('require' failed)
ноя 23 13:56:32.056 [91453] dbg: diag: [...] module not
Гуляев Гоша skrev den 2013-11-23 10:10:
Benny thanks a lot for your attention!
I install that modules.
Now all modules are installed, and I think maybe that lines are
reasons of problem:
replyed offlist, if my sql setup solves it, make a bug report if you
used setup from spamassassin and it
23.11.2013, 15:38, Benny Pedersen m...@junc.eu:
Гуляев Гоша skrev den 2013-11-23 10:10:
Benny thanks a lot for your attention!
I install that modules.
Now all modules are installed, and I think maybe that lines are
reasons of problem:
replyed offlist, if my sql setup solves it, make
Additional info:
Now my SQL scheme for spamass database are in MyISAM (after that number of
records after script work, about 140 000, with InnoDB it be 220 000)
And in script databases first flushes, so I don't understand why number of
records are changed with table engine.
My terminal are in
According to your --dump magic info, I assume you're running a rather
small system.
If indeed low traffic, are you really sure you *need* Bayes in MySQL?
(low traffic = less than 50k accepted msgs/day)
Running file based Bayes would make your life much simpler.
Гуляев Гоша skrev den 2013-11-23 11:01:
Additional info:
Now my SQL scheme for spamass database are in MyISAM (after that
number of records after script work, about 140 000, with InnoDB it be
220 000)
i have seen this aswell, not always exact counted there when using
innodb, i dont think its
23.11.2013, 16:07, Axb axb.li...@gmail.com:
According to your --dump magic info, I assume you're running a rather
small system.
If indeed low traffic, are you really sure you *need* Bayes in MySQL?
(low traffic = less than 50k accepted msgs/day)
Running file based Bayes would make your
Many thanks Benny and AxB ! I change SA to file store
bayes_path = /var/sb/bayes
bayes_file_mode = 0666
and now it works. After checking message from spam it has BAYES_99 header
Thank you a lot!
But I think it will be good to investigate root of SQL-based problem for
developers :)
Гуляев Гоша skrev den 2013-11-23 11:29:
But I think it will be good to investigate root of SQL-based problem
for developers :)
note is that mysql 5.5 is not yet stable on gentoo :)
google mysql 5.5 innodb, there is more then one bug there
On 11/23/2013 11:29 AM, Гуляев Гоша wrote:
Many thanks Benny and AxB ! I change SA to file store
bayes_path = /var/sb/bayes
bayes_file_mode = 0666
and now it works. After checking message from spam it has BAYES_99 header
Thank you a lot!
Good to hear it works.
Note:
Watch for locks if
Hi All!
I've read a number of articles about a FreeBSD + Postfix + Dovecot + Amavisd +
Clamav + SpamAssassin + MySQL system. And with these materials I set up a mail
server.
OS: FreeBSD dom.local 8.4-STABLE FreeBSD 8.4-STABLE #0: Sun Jul 7
Гуляев Гоша skrev den 2013-11-22 19:33:
trusted_networks 127. 192.168.3. 192.168.4. 192.168.5.
192.168.6. 192.168.7. 192.168.12.
remove 127.
whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn DBI:mysql:spamass:localhost
user_awl_sql_usernamespamass
Hi,
http://pastebin.com/0xWK4mws
This is hitting bayes00 because I assume very little of the body is
spammy. I've added body and subject rules to catch these, but perhaps
this relates to the recent fuzzyOCR conversation and may help there?
I was expecting to see the image and am too lazy
Alex,
I realize fuzzyOCR is very limited and resource-intensive, so will
probably just continue to use body and header rules to catch them
until they become more of a problem, unless someone has other
ideas
From past experience, there were very few spam where fuzzyOCR would have
made a
Hi guys,
I'm hoping someone can help me with an image spam. I haven't seen one
of these in a while, and I can't figure out how to catch them
effectively.
This one is probably now being caught by the RBLs, but I'm hoping
there's some other characteristic within the email that can be used to
block
Hi Alex,
I'm hoping someone can help me with an image spam. I haven't seen one
of these in a while, and I can't figure out how to catch them
effectively.
This one is probably now being caught by the RBLs, but I'm hoping
there's some other characteristic within the email that can be used
On Tuesday, September 17, 2013 09:44:21 AM Olivier Nicole wrote:
My only restriction is that FuzzyOCR uses it's own list of spam words
instead of pushing back the decoded text to SA for SA to analyze.
This is necessary because of the poor quality of the OCR. It's only going to
be useful if the
My only restriction is that FuzzyOCR uses it's own list of spam words
instead of pushing back the decoded text to SA for SA to analyze.
This is necessary because of the poor quality of the OCR. It's only going to
be useful if the number of words you try to match against is very small.
On Tue, 17 Sep 2013, Olivier Nicole wrote:
(I am not sure if it would increase the spamines to have several
instances of the same bad word in a message).
It might. There are rules that consider more than N instances of a given
phrase (like you'd see on a pharma spam where there are per-pill
Benny Pedersen wrote:
its was good since to many still use it :)
In my case it was that the old rulesets were left behind long after the
updates stopped; they kept getting transferred over through upgrades of
SpamAssassin and Perl. Once I deleted them, all was well. Well, except that
more
Mike Brown skrev den 2013-07-11 18:09:
SARE_MSGID_DDDASH Message-ID has ratware pattern (9-, 9$, 99-)
sare rulesets is depricated, so you are on your own :=)
Axb skrev den 2013-07-11 18:13:
a retired SARE Ninja
its was good since to many still use it :)
Google Code sends out notifications from project name@googlecode.com. These
notifications have Message-ID headers that start with two digits and a dash,
triggering this rule:
SARE_MSGID_DDDASH Message-ID has ratware pattern (9-, 9$, 99-)
The rule was proposed in 2004:
On 07/11/2013 06:09 PM, Mike Brown wrote:
Google Code sends out notifications from project name@googlecode.com. These
notifications have Message-ID headers that start with two digits and a dash,
triggering this rule:
SARE_MSGID_DDDASH Message-ID has ratware pattern (9-, 9$, 99-)
The rule was
Axb wrote:
SARE rules are obsolete/unsupported/ancient/history/etc and shouldn't be
used.
Do yourself a favour and remove those files - will save you CPU cycles,
memory and lots of headaches.
Heh, even easier than I thought.
I think I had assumed that if I stopped fetching them, I wouldn't
The answer is 42.
Alex, from prypiat.
Yes, I recycle.
On 13-02-25 01:07 PM, Chris Hunt wrote:
signature.asc
Description: OpenPGP digital signature
If you dying, then please call 911/112 or maybe just 114(in DK) if you
need police assistance.
On Mon, Feb 25, 2013 at 7:07 PM, Chris Hunt dharmach...@gmail.com wrote:
On 11/10/2012 11:13 AM, John Hardin wrote:
On Sat, 10 Nov 2012, Marc Perkel wrote:
Just a thought, I changed this:
uri URI_PROTO_MC /^(?!(?-i:https?:))https?:/i
into this:
uri URI_PROTO_MC /^(?!(?-i:ttps?:))ttps?:/i
Some people capitalize the H - but the rest of it being mixed case
On Tue, 13 Nov 2012, Marc Perkel wrote:
So far working good. Caught 4620 spams since sunday morning with these mixed
case rules.
Cool.
I added this as a separate rule.
/^(?!(?-i:[Hh]ttps?:\/\/www))https?:\/\/www/i
Found some cases where the HTTP was lower case but the WWW was mixed.
I
Hi,
This is what you want:
uri URI_PROTO_MC /^(?!(?-i:[Hh]ttps?:))https?:/i
The string inside the parentheses is what you want to _not_ hit, and that
part is _not_ case-insensitive, even though the rest of the expression _is_
case-insensitive.
Also, for the TLD rule: after a bit of
On Tue, 13 Nov 2012, Alex wrote:
So far working good. Caught 4620 spams since sunday morning with these mixed
case rules.
Can you really make scoring decisions based on a mixed-case URI? Do
you have it as part of a meta with the other rules that John provided?
I'm looking at John's sandbox
Need a rule to catch this:
HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
Mixed case links
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
On 11/10, Marc Perkel wrote:
Need a rule to catch this:
HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
body GOOGLEMIXED /HtTp:\/\/goOGleplAcESSEOopTimiZaTIonx.cOm/
Untested, because I kind of expect that's not actually what you want. If
you want something to match things that look similar to this,
I meant a rule to catch mixed case URIs in general. That was just one
example.
On 11/10/2012 7:44 AM, dar...@chaosreigns.com wrote:
On 11/10, Marc Perkel wrote:
Need a rule to catch this:
HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
body GOOGLEMIXED /HtTp:\/\/goOGleplAcESSEOopTimiZaTIonx.cOm/
On Sat, 10 Nov 2012, Marc Perkel wrote:
Need a rule to catch this:
HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
Mixed case links
Mixed-case protocol:
uri URI_PROTO_MC /^(?!(?-i:https?:))https?:/i
Note: this _will_trigger on HTTP and HTTPS but I expect they are rare in
legitimate URIs
On 11/10/2012 8:57 AM, John Hardin wrote:
On Sat, 10 Nov 2012, Marc Perkel wrote:
Need a rule to catch this:
HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
Mixed case links
Mixed-case protocol:
uri URI_PROTO_MC /^(?!(?-i:https?:))https?:/i
Note: this _will_trigger on HTTP and HTTPS but I
Actually - I think that will do as is. I'm going to test it.
Thanks for your help.
On 11/10/2012 8:57 AM, John Hardin wrote:
uri URI_PROTO_MC /^(?!(?-i:https?:))https?:/i
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415
On Sat, 10 Nov 2012, Marc Perkel wrote:
On 11/10/2012 8:57 AM, John Hardin wrote:
How much are you seeing these in real traffic?
I'm seeing a lot of these. They are coming from stolen Yahoo accounts from
back when Yahoo leaked their data base. They appear to come from friends of
mine.
On Sat, 10 Nov 2012, Marc Perkel wrote:
What would you have to do to show the URI in the description?
...it would have to be a plugin. There's no general-purpose model for
putting a capturing expression into a rule and having the captured match
appear in the description, and if there was
On 11/10/2012 10:51 AM, John Hardin wrote:
On Sat, 10 Nov 2012, Marc Perkel wrote:
What would you have to do to show the URI in the description?
...it would have to be a plugin. There's no general-purpose model for
putting a capturing expression into a rule and having the captured
match
That should have been:
uri URI_PROTO_MC /^[Hh](?!(?-i:ttps?:))ttps?:/i
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
On Sat, 10 Nov 2012, Marc Perkel wrote:
Just a thought, I changed this:
uri URI_PROTO_MC /^(?!(?-i:https?:))https?:/i
into this:
uri URI_PROTO_MC /^(?!(?-i:ttps?:))ttps?:/i
Some people capitalize the H - but the rest of it being mixed case should be
100% accurate.
That breaks it.
Adam Katz wrote:
% grep html_text_match..comment 20_html_tests.cf
I hadn't known about that function until I saw Henrik's replies last
week, so it would have been hard to search for it.
Any more that 512 chars isn't going to be helpful but will end up being
computationally expensive (I've
On 04/02/2012 09:40 AM, Kris Deugau wrote:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
Testing the same regex against the whole
On Fri, Apr 06, 2012 at 08:40:08AM -0700, Adam Katz wrote:
Try this:
body OVERSIZE_COMMENT eval:html_text_match('comment',
'!--(?!.?--).{512,}--')
No. See what I already posted.
On Fri, Apr 06, 2012 at 07:07:18PM +0300, Henrik K wrote:
On Fri, Apr 06, 2012 at 08:40:08AM -0700, Adam Katz wrote:
Try this:
body OVERSIZE_COMMENT eval:html_text_match('comment',
'!--(?!.?--).{512,}--')
No. See what I already posted.
Btw I put few test rules to my sandbox:
On 4/2/2012 6:03 PM, Kris Deugau wrote:
On 4/2/2012 12:58 PM, Stephane Chazelas wrote:
Don't know about the spamassassin issue, but that regexp
matches!-- followed by a sequence of 32000 of more characters
provided that sequence doesn't start with --.
ITYM
m|!--(?:(?!--).){32000,}|s
That
[Somewhat OT]
In general, I would be very wary of any regex that has an unbounded
quantifier like +, * or {32000,}
If all you care about is matching something followed by *at least* 32000
copies of something else, you should use:
/something(?:something_else){32000}/
After all, once you
Bowie Bailey wrote:
Try using a string that's longer than 320 characters that starts with a
short comment.
i.e.:'!-- comment -- blah blah blah blah.'
This is where your original version will fail. Your original regex
translates as a string starting with a comment opener followed by
On Mon, Apr 02, 2012 at 12:40:27PM -0400, Kris Deugau wrote:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
Testing the same regex
On Tue, Apr 03, 2012 at 11:00:56PM +0300, Henrik K wrote:
On Mon, Apr 02, 2012 at 12:40:27PM -0400, Kris Deugau wrote:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are
Henrik K wrote:
On Mon, Apr 02, 2012 at 12:40:27PM -0400, Kris Deugau wrote:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
Testing the
On Tue, Apr 03, 2012 at 05:25:57PM -0400, Kris Deugau wrote:
Henrik K wrote:
This only checks the main message body that SA uses. If you want to check
_all_ mime parts, here's a quick plugin:
http://sa.hege.li/HTMLComments.pm
Hm. Does check_html_comment_length get each tag all by itself?
Can anyone point out what bit of stupidity I'm committing in trying to
use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
Testing the same regex against the whole raw message outside of SA seems
to fire just
2012-04-02 12:40:27 -0400, Kris Deugau:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
Testing the same regex against the whole raw
On 4/2/2012 12:58 PM, Stephane Chazelas wrote:
2012-04-02 12:40:27 -0400, Kris Deugau:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
2012-04-02 12:40:27 -0400, Kris Deugau:
Can anyone point out what bit of stupidity I'm committing in trying
to use this:
rawbody OVERSIZE_COMMENTm|!--(?!--).{32000,}|s
to match messages that are mostly very very long HTML comment(s)?
I've found one way to handle this; use full
401 - 500 of 1889 matches
Mail list logo
