On Thu, 2009-06-18 at 18:01 -0400, MySQL Student wrote: > I'm also having a problem with one of my rules: > > [32692] info: config: invalid expression for rule LOCAL_XPS: "Subject > =~ /Free\ DELL\ XPS/i": syntax error > > Here is the full rule: > > meta LOCAL_XPS Subject =~ /Free\ DELL\ XPS/i
That's not a meta rule. It's a header rule. > score LOCAL_XPS 1.5 > describe LOCAL_XPS Rule by AS: XPS Dell > > Do I need the backslashes to escape the spaces? no, although \s would be fine. > Will that match that pattern anywhere on the line, yes > or only > that text on the line? > > Can you explain to me the meaning of '(.+)' as in: You are trying to DOS your system by matching any number of characters... > header LOCAL_RULE1 Subject =~ /(.+)Spam\ Sample(.+)/i this can be much more effectively written as: /.spam\ssample./i That will match the words "spam sample" in the subject as long as there is at least 1 character before and one after. > score LOCAL_RULE1 5.0 > describe LOCAL_RULE1 Subject Spam Sample > > How about without the parens? even better. You can use parens for alteration. See perldoc perlretut for more hints on regular expressions. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part