06-03-2013 04:03 PM
Need help with a simple Message Filter that skips virus scanning if a message has "MonkeyTails" in the Subject. This should work with "monkeytails" and or "MONKEYTAILS" but it does not, it only works with "MonkeyTails". What am I doing wrong? I thought the (?i) makes it case insensitve
Skip_VirusCheck:
if (subject == "(?i)MonkeyTails")
{
skip-viruscheck();
}
06-04-2013 08:33 AM
Greg, I believe the following will work. Please let me know if this helps and mark the question as answered by using the star rating system if so. Thanks!
Skip_VirusCheck:
if(subject == "MonkeyTails" or subject == "MONKEYTAILS" or subject == "monkeytails" )
{
skip-viruscheck();
}
.
The engine uses Python syntax so you may want to test to see if you can get it "case insensitive" without all the ORs.
Please see:
http://stackoverflow.com/questions/3627784/case-insensitive-in-python
06-04-2013 09:06 AM
thank you Stephan that may work, but that only takes care of the three examples, and what if someone types Monkeytails or MoNkEyTaIlS etc... I need that (?i) to work to make all the veriations work
06-04-2013 09:14 AM
Greg,
Try
if (subject == "(?i:MonkeyTails)")
06-04-2013 12:48 PM
thank you Ken, I tried that but it looks like it no like it
An error occurred during processing: Invalid regular expression in header comparison: '(?i:MonkeyTails)'.
FYI mine was enclosed in double quotes not single, but the way the error displays it is in single quotes
06-04-2013 11:49 PM
Hi Greg,
The initial syntax that you have provided worked perfectly for me.
This is my filter -
Num Active Valid Name
1 Y Y regex_filter_3
regex_filter_3: if subject == "(?i)MonkeyTails" {
quarantine("Policy");
}
This is the mail logs -
Fri Jun 7 05:38:47 2013 Info: MID 135485 Subject 'abcd monkeyTails'
Fri Jun 7 05:38:47 2013 Info: MID 135485 ready 222 bytes from
Fri Jun 7 05:38:47 2013 Info: MID 135485 matched all recipients for per-recipient policy DEFAULT in the inbound table
Fri Jun 7 05:38:47 2013 Info: ICID 16666 close
Fri Jun 7 05:38:47 2013 Info: MID 135485 interim verdict using engine: CASE spam negative
Fri Jun 7 05:38:47 2013 Info: MID 135485 using engine: CASE spam negative
Fri Jun 7 05:38:47 2013 Info: MID 135485 interim AV verdict using Sophos CLEAN
Fri Jun 7 05:38:47 2013 Info: MID 135485 antivirus negative
Fri Jun 7 05:38:47 2013 Info: MID 135485 Outbreak Filters: verdict negative
Fri Jun 7 05:38:47 2013 Info: MID 135485 quarantined to "Policy" (message filter:regex_filter_3)
May be give it a try again ?
Also, let us know what version are you on.
PS:
Ignore the dates, I have manually set to a future date.
06-06-2013 11:57 AM
The token (?i) that indicates the rest of the regular expression should be treated in case-insensitive mode. Placing this token at the beginning of a case-sensitive regular expression results in a completely insensitive match.
For example, the regular expression “(?i)williams-int.com” matches WILLIAMS-INT.COM, williams-int.com, and wIllIamS-iNt.com.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide