On Tue, Jul 22, 2008 at 06:06:47AM -0700, Professional Software
At 11:43 2008-07-22 +0200, Dallman Ross wrote:
Good comments, Sean. One other one is that he is not using any
boundary anchors to the search string. This will cause false
matches. For example, what if feldman(_at_)example(_dot_)com were in the
blacklist but he ran dman(_at_)example(_dot_)com through his grep? It would
match. He needs the "w" flag with his grep, among other fixes.
echo "feldman(_at_)example(_dot_)com" | fgrep -i -w -f ipblacklist
won't match, which is good.
echo "fel(_dot_)dman(_at_)example(_dot_)com" | fgrep -i -w -f ipblacklist
WOULD match, because the dot, which is really intended to be part of the
string, is treated as a word separator. Obviously, this is a rather
contrived example, but it does demonstrate that it'd potentially match
things we don't want to match.
Includsion of the -w flag is even more important when dealing with ip
dotted quad, since short initial and trailing octets could otherwise
easily match much larger networks:
Sure. I was thinking of the reverse case of your example, though,
just by way of clarification:
echo "dman(_at_)example(_dot_)com" | fgrep -i -f blacklist
when blacklist contains feldman(_at_)example(_dot_)com, it will match.
I know you know this. And that would be fixed by the -w
option to fgrep, though as you correctly note there are other
cases that will still be problematic.
Best is to have each word or phrase on its own line in the blacklist
and use the -x option to grep.
procmail mailing list Procmail homepage: http://www.procmail.org/