UnrealIRCd Forums

Recieved a complaint this morning that some DCC sends were blocked between 2 specific users. Spamfilter seems to have blocked the sends.

-nightcrow.se.eu.epicirc.net- DCC to xxUSERxx blocked: Infected by Gaggle worm
-nightcrow.se.eu.epicirc.net- *** You have been blocked from sending files, reconnect to regain permission to send files


Of course this is in the spamfilter as:

spamfilter {
regex "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
target dcc;
action block;
reason "Infected by Gaggle worm?";
};

Now, I am not good with regex, so sorry that I have to ask somewhat simple questions here... How could this spamfilter be blocking files. What exactially is it looking for? User test sending test.txt are blocked. User has virusscanned with updated Norton 2005, so Im just not POSITIVE that anyone is infected.

Any help is appreciated.

Darv.

Dukat wrote:http://forums.unrealircd.com/viewtopic.php?t=1723

doh. thank you dukat.

Dukat wrote:http://forums.unrealircd.com/viewtopic.php?t=1723

Ok that post OBVIOUSLY is my problem but is WAY over my head. It implies that // needs to be ////. All of them?

regex "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";

is what I show in spamfilter.conf

Does it want

regex "C:\\\\WINNT\\\\system32\\\\[][0-9a-z_-{|}`]+\.zip";
?

That and the regex is entirely messed up...

What are you trying to block?

Stealth wrote:That and the regex is entirely messed up...

What are you trying to block?

Well I wasnt trying to block anything, recieved a false positive on the 'Gaggle' entry in the spamfilter.conf. I realize that I could just remove that and make it work, but I would rather working spamfilters

Get the fix from CVS:
http://cvs.ircsystems.net/cgi/viewcvs.c ... l3_2_fixes

Stealth wrote:Get the fix from CVS:
http://cvs.ircsystems.net/cgi/viewcvs.c ... l3_2_fixes

Thank you very much stealth!!!!

Have a merry christmas.

PS. I woulda just logged into the irc network for help, but DNS for irc.unrealircd.com is down. In case nobody notices yet.