Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 1422 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REGEX for emoji's in subject line

Yogi_Bear_79 
Here's an example. We get numerous variations of senders (all gmail) and subjects (usually consistent for a few days).  One common factor is that Green Heart Emoji.  I have tried various REGEX's to catch it.  There was another one that had the green heart and was for CLIPPERPRO toenail clippers. We get about 20 a day. The regex never catches on CLIPPERPRO or tonail either. Sometimes, it would catch them if they were being bounced as undelivered.  

smtpd[5461]: SCANNER[5461]: 1m6ogm-0001Q5-3y <= nguyenthilinh13081994@gmail.com R=1m6ogb-0001PW-1e P=INPUT S=68404 2021:07:23-02:29:40 smtpd[5461]: SCANNER[5461]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="209.85.217.67" from="nguyenthilinh13081994@gmail.com" to="" subject="Green heart Discover a Better, Faster Way to Eliminate Neck Pain!" queueid="1m6ogm-0001Q5-3y" size="68404"


Another note, now most of these get caught in quarantine as spam if they are undeliverable
smtpd[5461]: SCANNER[5461]: 1m6ogp-0001Q5-F0 <= R=1m6ogm-0001QC-1q P=INPUT S=80522 2021:07:23-02:29:43 smtpd[5461]: SCANNER[5461]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="" from="" to="nguyenthilinh13081994@gmail.com" subject="Undeliverable: Green heart Discover a Better, Faster Way to Eliminate Neck Pain!" queueid="1m6ogp-0001Q5-F0" size="80522" reason="as" extra=""


This thread was automatically locked due to age.
Parents
  • 0

    The code for that emoticon is 1364189d2f614533a50484dc4975342f - does using that work?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I sent a couple to myself from outside and it did not block them, I have not come across that code anywhere. Is there a reference you can share? The spammer has mixed it up over the last few days with new emojis as well.  I sent an example to Sophos, but have not heard anything. I really not seeing why it is not picking up on either the emoji or simple text from the subject lines. 

Reply
  • 0 in reply to BAlfson

    I sent a couple to myself from outside and it did not block them, I have not come across that code anywhere. Is there a reference you can share? The spammer has mixed it up over the last few days with new emojis as well.  I sent an example to Sophos, but have not heard anything. I really not seeing why it is not picking up on either the emoji or simple text from the subject lines. 

Children
No Data
Unfiltered HTML