Scanning Headers |
Post Reply 
|
| Author | ||||||||||||||||||
Desperado 
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Scanning HeadersPosted: 06 June 2005 at 12:54pm |
|||||||||||||||||
|
All, Trying to detect: Received: from [153.160.239.84] (port=3379 helo=[Jan]) In the headers with no success. I have a working RegEx but it still doesn't see it. I have the setting ScanReceivedHeaders=1 in my INI file. I have a keyword of: ((?i)received: from \[(\d+?\.){3}(\d+?)\] \(port\=(\d){3,} helo=\[) Thoughts? Regards, |
||||||||||||||||||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||||||||||||||||||
 |
||||||||||||||||||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 June 2005 at 4:55pm |
|||||||||||||||||
|
OK then ... I will answer myself. The following *DOES* work Regards, |
||||||||||||||||||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||||||||||||||||||
|
||||||||||||||||||
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 2:47am |
|||||||||||||||||
|
What is the advantage of that regex?
|
||||||||||||||||||
|
||||||||||||||||||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 7:20am |
|||||||||||||||||
|
Kevin, I am finding a stupid amount of spam with something like: Regards, |
||||||||||||||||||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||||||||||||||||||
|
||||||||||||||||||
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 9:38am |
|||||||||||||||||
|
Interesting, I'm always curious to try out your stuff, so I just need that regex as it sits?
|
||||||||||||||||||
|
||||||||||||||||||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 9:50am |
|||||||||||||||||
|
Kevin, ((?i)\[(\d+?\.){3}(\d+?)\] \(port\=(\d){3,} helo=\[) Should work. EXAMPLE:
Edited by Desperado |
||||||||||||||||||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||||||||||||||||||
|
||||||||||||||||||
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 9:57am |
|||||||||||||||||
|
Does it require subject: before it or just throw it in the keywords black list?
|
||||||||||||||||||
|
||||||||||||||||||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2005 at 10:08am |
|||||||||||||||||
|
Throw it in EXACTLY as is but make sure your ini setting for headder scanning in turned on. ScanReceivedHeaders=1 This is a "Recieved" line in the header. Regards, |
||||||||||||||||||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||||||||||||||||||
|
||||||||||||||||||
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.316 seconds.