Microsoft Forefront Server Security and Keyword Filtering
if you ever wondered how much key filtering can be flexible, here is how much...
this is the Keyword List Syntax Rules for forefront server security...
The following are the syntax rules for a keyword list:
|
1. |
Each item (line of text) is considered a search query. |
|
2. |
Queries use the OR operator. It is considered to be a positive detection if any entry is a match. |
|
3. |
Queries may contain operators that separate text tokens. Such queries are called expressions. The following logical operators are supported. There must be a space between an operator and a keyword, represented in the examples by the • character:
| • |
_AND_ (Logical AND). For example, apple•_AND_•orange juice. |
| • |
_NOT_ (Negation). For example, apple•_AND__NOT_•juice. |
| • |
_ANDNOT_ (Same as _AND__NOT_). For example, apple•_ANDNOT_•juice |
| • |
_WITHIN[#]OF_ (Proximity). If the two terms are within a specified number of words of each other, there is a match. For example, free•_WITHIN[10]OF_•offer. (If free is within 10 words of offer, this query will be true.) |
| • |
_HAS[#]OF_ (Frequency). Specifies the minimum number of times the text must appear for the query to be considered true. For example, _HAS[4]OF_•get rich quick. If the phrase get rich quick is found in the text four or more times, this query will be true. This operator is implicitly assumed and has a default value of 1 when it is not specified. |
| • |
Multiple _AND_, _NOT_, _HAS[#]OF_, and _WITHIN[#]OF_ operators are allowed in a single query. The precedence of the operators is (from highest to lowest):
1) _WITHIN[#]OF_
2) _HAS[#]OF_
3) _NOT_
4) _AND_ |
This precedence cannot be overridden with parentheses. |
|
4. |
The logical operators must be entered in uppercase letters. |
|
5. |
Phrases may be used as keywords. For example, apple juice or get rich quick. |
|
6. |
Multiple blank spaces (blank characters, line feed characters, carriage return characters, horizontal tabs, and vertical tabs) will be treated as one blank space for matching purposes. For example, A••••B will be treated as A•B and will match the phrase A•B. |
|
7. |
In HTML encoded message texts, punctuation (any non-alphanumeric character) is treated as a word separator similar to blank spaces. Therefore, words surrounded by HTML tags can be properly identified by the filter. However, note that the filter <html> will match <html>, but not html. |
Examples (the • character represents a space):
| • |
apple•_AND_•orange•_AND_•lemon•_WITHIN[50]OF_•juice |
| • |
confidential•_WITHIN[10]OF_•project•_AND_•banana•_WITHIN[25]OF_•shake |
| • |
_HAS[2]OF_•get rich•_WITHIN[20]OF_•quick |
show me a spam message that can go a well defined keyword list like this one... :-)