procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: matching on bad word list but which word was it ?

2006-08-20 05:11:08
from [Matthias Häker] [Permanent Link] 


Dallman Ross schrieb:

On Sun, Aug 20, 2006 at 12:50:06PM +0200, Matthias Häker wrote:

  

Dallman Ross schrieb:
    

You need to use the match token, "\/" first to grab the word.
(See man procmailrc page and look for "'\/' token".)


   * ()\/(bad1|bad2|bad3|bad4|bad5)

The "()" is an empty group, used because a "naked" slash used
in that first position in the regex needs quoting, but slashes
in other positions don't.  We could also have used another slash
as a quote char, but the parens are easier to understand and
the "received wisdom" to use in this case among procmailers.
      


  


*  B ?? ()\<iframe src=3D 

and to  read what Procmail matched  into a var

*  B  ??  ()\/ \< 
{ BAD=$MATCH }    
    


Well, in the last condition, why did you suddenly introduce
whitespace?  What if there's no whitespace before "\<iframe"?
  

by error

I think you want:

   *  B  ??  ()\/\<iframe src=3D 
  


 

But, testing, no, that isn't what those messages say.  Here's one:

 1:25pm [~/Mail/virus] 541[1]> grep -h src=3D *.*
 src=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0 
width=3D0></iframe> 

(Probably you aren't reading this message now, 

dont worry , was an example for understanding how "()" works



thats surprised me a bit cause i took the example from a predefined
recipe  from the Goldvision Procmail  implantation


So that would need to be:

   * B ?? ()\/src=3D.*</iframe.*
  

OK

That works.

However, whitespace including line breaks are permitted in HTML.  So the
virual message could have that string broken across multiple lines.  You'd
need:

   * B ?? ()\/src=3D.*($.*)*.*</iframe.*

That also works in my simple test.
  



Now I have to confess that I made an error earlier in what I said about
quoting.  The backslash will need to be quoted wherever it is.
You can use another backslash, or use "[\]".

  


*  B  ??  ()\/\< 
{ BAD=$MATCH }  

will look for "<"   in the mailbody

*  B  ??  ()\/\\\< 
{ BAD=$MATCH }  
will look for "\<"  in the mailbody , 

*  B  ??  ()\/[\]\< 

will look for "\<" ...

this can be quite confusing 


Matthias



 




____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: matching on bad word list but which word was it ?, Dallman Ross
Next by Date:  Re: matching on bad word list but which word was it ?, Dallman Ross
Previous by Thread:  Re: matching on bad word list but which word was it ?, Dallman Ross
Next by Thread:  Re: matching on bad word list but which word was it ?, Dallman Ross
Indexes:  [Date] [Thread] [Top] [All Lists]