These are old archives. They are kept for historic purposes only.
Post Reply
Posts: 11
Joined: Sat Mar 06, 2004 2:10 am


Post by Jay » Tue Mar 09, 2004 12:37 pm

Code: Select all

spamfilter { 
   regex "^porn! porno! http://.+\/sexo.exe"; 
   target { private; }; 
   action gline; 
   reason "TRJ/SOEX.A Trojan Detected,"; 
   ban-time 1d; 
I got these spammers on my network, it's not really a harmfull bot, cause the .exe file mostly can't execute (bad programming)
Hope the regex is acceptable.

Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States

Post by codemastr » Tue Mar 09, 2004 4:36 pm

Looks good except,


That should probably be sexo\.exe

Since . is a special character in a regex.
-- codemastr

UnrealIRCd head coder
Posts: 1955
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl

Post by Syzop » Tue Mar 09, 2004 8:51 pm

Thanks, added in CVS :)

Code: Select all

spamfilter {
   regex "^porn! porno! http://.+\/sexo\.exe";
   target private;
   action block;
   reason "Infected by soex trojan: see";
(note that _ gets translated into a space, so I just use %5F for now, I'll see if I can make __ [double underscore] translate into _ :P)


Filder Mask

Post by APCyberax » Tue May 18, 2004 6:44 am

I've spotted the follow mask sould catch them all.


how sure if this would catch to many things but it seems like a sound idea.
what you people think?

Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight » Tue May 18, 2004 1:43 pm

Well that would certainly block sending any URL ending in .exe if not for the fact that that is not correct regex sytnax. It should be:


Post Reply