On Tue, Apr 26, 2022 at 05:11:47PM +0300, Henrik K wrote:
> On Tue, Apr 26, 2022 at 03:59:36PM +0200, Matus UHLAR - fantomas wrote:
> > On 26.04.22 16:11, Henrik K wrote:
> > > Maybe a bit safer version that doesn't log huge strings and run wild
> > >
> > > full FOO /^(?=.*?\nContent-Type:
> > > message\/rfc822.{0,1024}?\nReceived:(?:[^\n]{1,100}\n\s{1,100}){0,3}[^\n]{0,100}\b1\.2\.3\.4\b)/s
> >
> > Doesn't this requires mime headers in specific order that may not be
> > fullfilled?
>
> Well if you want to match rfc822 contents, it's Received: headers can only
> be after a rfc822 declaration.
>
> Other than that it's up to you to figure out, since there's no samples. Of
> course this doesn't replace a full parser, but as long as the stuff you
> receive doesn't vary much, there's no reason for it not to work.
.. as long as the whole rfc822 contents isn't base64 encoded. Probably not that
common.
