|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: header_check: regexp or PCRE? false positives?
From: Matt (math
mlists.ath.cx)
Date: Mon Jan 03 2005 - 14:43:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roger B.A. Klorese wrote:
> Matt wrote:
>
> > No. I know I'll probably get slapped down on this, but anchoring the
> > .com
> >to the end of the line leaves you open to crap getting through. Many
> >undesirable mails have multiple filenames to try bypassing this very
> >sort of thing.
> >
> >
>
> By "multiple filenames" do you mean that the one attachment has multiple
>
> "name=" clauses, or something else?
>
Someone can name a file something like image.com.jpg, or they can use
something else between the extensions, say for example,
image.com?=?jpg, and what it gets picked up as depends to some degree upon
the MUA. The above example is not exact. (Just saying before someone else
does :).
The expression below may be closer to what you want.
.*\.com([[:punct:]].*)?$
Matt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]