Hi,
exim 3.34 / SuSE 7.1
we have a system filter which checks $message_body for various words to
intercept junk, spam and p0rnographic mail. This has worked fine until
recently when we have received a number of messages from clever
spammers.
The mail messages are html and the trigger words have random html
comments inserted in the middle of them.
e.g. live s<!-- dgshdfg -->ex show
Thus the message appears readable in the client (MS Outlook) but does
not trigger the filter.
I have been trying to find ways to pick these up and at the same time I
was trying to find a better way than simply running through an ever
increasing list of words (which could now all include html comment
tags).
I was trying to use a filter to find the html tagged words as well but
(not knowing a great deal about regex) I cannot get it to trigger on the
html comments. The filter file contains the following
if $message_body matches "/s <!-- .* .-->/ex" then
.... dump message to a junk file and deliver a note to the intended
recipient.
finish endif
the regex has been tested with success in pcretest using the data as
given in the example above but testing the filter with a sample message
(using -bf ), exim reports that no significant deliveries would have
been made (i.e. the filter failed to find the trigger).
Any ideas what regex I would use to find the above example?
Ryan Cartwright - IT Manager
Contact a Family -
http://www.cafamily.org.uk
