[Exim] finding html comments - long (sorry)

Top Page
Delete this message
Reply to this message
Author: Ryan Cartwright
Date:  
To: exim-users
Subject: [Exim] finding html comments - long (sorry)
Hi,

exim 3.34 / SuSE 7.1

we have a system filter which checks $message_body for various words to
intercept junk, spam and p0rnographic mail. This has worked fine until
recently when we have received a number of messages from clever
spammers.

The mail messages are html and the trigger words have random html
comments inserted in the middle of them.

e.g. live s<!-- dgshdfg -->ex show

Thus the message appears readable in the client (MS Outlook) but does
not trigger the filter.

I have been trying to find ways to pick these up and at the same time I
was trying to find a better way than simply running through an ever
increasing list of words (which could now all include html comment
tags).

I was trying to use a filter to find the html tagged words as well but
(not knowing a great deal about regex) I cannot get it to trigger on the
html comments. The filter file contains the following

if $message_body matches "/s <!-- .* .-->/ex" then
    .... dump message to a junk file and deliver a note to the intended
recipient.
finish endif


the regex has been tested with success in pcretest using the data as
given in the example above but testing the filter with a sample message
(using -bf ), exim reports that no significant deliveries would have
been made (i.e. the filter failed to find the trigger).

Any ideas what regex I would use to find the above example?

Ryan Cartwright - IT Manager
Contact a Family - http://www.cafamily.org.uk