Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1697
Views
0
Helpful
6
Replies

Message Filter case insensitive help

Greg Muszynski
Level 1
Level 1

‎06-03-2013 04:03 PM

Need help with a simple Message Filter that skips virus scanning if a message has "MonkeyTails" in the Subject.  This should work with "monkeytails" and or "MONKEYTAILS" but it does not, it only works with "MonkeyTails".  What am I doing wrong?  I thought the (?i) makes it case insensitve

Skip_VirusCheck:

if (subject == "(?i)MonkeyTails")

{

skip-viruscheck();

}

Labels:
0 Helpful
6 Replies 6

Stephan Bayer
Cisco Employee
Cisco Employee

‎06-04-2013 08:33 AM

Greg, I believe the following will work. Please let me know if this helps and mark the question as answered by using the star rating system if so. Thanks!

Skip_VirusCheck:

if(subject == "MonkeyTails" or subject == "MONKEYTAILS" or subject == "monkeytails" )

{

skip-viruscheck();

}

.

The engine uses Python syntax so you may want to test to see if you can get it "case insensitive" without all the ORs.

Please see:

http://stackoverflow.com/questions/3627784/case-insensitive-in-python

0 Helpful

Greg Muszynski
Level 1
Level 1
In response to Stephan Bayer

‎06-04-2013 09:06 AM

thank you Stephan that may work, but that only takes care of the three examples, and what if someone types Monkeytails or MoNkEyTaIlS etc... I need that (?i) to work to make all the veriations work

0 Helpful

Ken Stieers
VIP
VIP

‎06-04-2013 09:14 AM

Greg,

Try

if (subject == "(?i:MonkeyTails)")

0 Helpful

Greg Muszynski
Level 1
Level 1
In response to Ken Stieers

‎06-04-2013 12:48 PM

thank you Ken, I tried that but it looks like it no like it

An error occurred during processing: Invalid regular expression in header comparison: '(?i:MonkeyTails)'. 

FYI mine was enclosed in double quotes not single, but the way the error displays it is in single quotes

0 Helpful

kananth
Level 1
Level 1
In response to Greg Muszynski

‎06-04-2013 11:49 PM

Hi Greg,

The initial syntax that you have provided worked perfectly for me.

This is my filter -

Num Active Valid Name

  1   Y      Y   regex_filter_3

regex_filter_3: if subject == "(?i)MonkeyTails" {

                    quarantine("Policy");

                }

This is the mail logs -

Fri Jun  7 05:38:47 2013 Info: MID 135485 Subject 'abcd monkeyTails'

Fri Jun  7 05:38:47 2013 Info: MID 135485 ready 222 bytes from

Fri Jun  7 05:38:47 2013 Info: MID 135485 matched all recipients for per-recipient policy DEFAULT in the inbound table

Fri Jun  7 05:38:47 2013 Info: ICID 16666 close

Fri Jun  7 05:38:47 2013 Info: MID 135485 interim verdict using engine: CASE spam negative

Fri Jun  7 05:38:47 2013 Info: MID 135485 using engine: CASE spam negative

Fri Jun  7 05:38:47 2013 Info: MID 135485 interim AV verdict using Sophos CLEAN

Fri Jun  7 05:38:47 2013 Info: MID 135485 antivirus negative

Fri Jun  7 05:38:47 2013 Info: MID 135485 Outbreak Filters: verdict negative

Fri Jun  7 05:38:47 2013 Info: MID 135485 quarantined to "Policy" (message filter:regex_filter_3)

May be give it a try again ?

Also, let us know what version are you on.

PS:

Ignore the dates, I have manually set to a future date.

Regards Karthik
0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee

‎06-06-2013 11:57 AM

The token (?i) that indicates the rest of the regular expression should be treated in case-insensitive mode. Placing this token at the beginning of a case-sensitive regular expression results in a completely insensitive match.

For example, the regular expression “(?i)williams-int.com” matches WILLIAMS-INT.COM, williams-int.com, and wIllIamS-iNt.com.

Cheers,
Robert Sherwin
0 Helpful
Customers Also Viewed These Support Documents