Perl and regular expressions
Results 1 to 4 of 4

Thread: Perl and regular expressions

  1. #1
    Senior Member
    Join Date
    Jul 2001

    Perl and regular expressions

    Hi All,

    I have a server which scans all inbound and outbound email for virus infected files. I am able to get it to generate reports, i.e tell me all messages which the server accepted. and it will then generate a csv file with the following format.

    Date, Time, Action, Result, Client, Server, From, To, To, To....., Subject, Size, SMTP ID

    a typical line might be


    I need to use regular expressions in perl to scan these reports for mail from a particular domain to a particular domain. i.e. from to So, I need it to only give a match if the domain after the sixth comma is, and only if. I have the following code which does match that requirement, except that if there are multiple recipients in, and the sender is not in it will also match, not what I need.

    Anyway, here is the code I am using, I hope that someone can point me in the right direction to specify the 6 comma requirement exactly, using regular expressions, or some other way which I haven't learned yet. (Only been doing perl for about 2 days now...)

    #this next line reads stdin, call the script like (perl filename)
    while (<>) {
    # the next line is a regular expression, attempting to specify random text then comma,
    #six times before domain.
    if (/^.*,.*,.*,.*,.*,.*,.*\,.*\{
    # output data to screen

    Thanks in advance,


  2. #2
    Senior Member
    Join Date
    Jun 2002
    Hi, i have been away from perl and regex for a long time, but after reading your question several times I think I understand. As you said, after the sixed coma if the email address is not in it will be acepted if one or more of the recipitants are in, which is not what you want, whereas you want to ensure the address after the sixt coma is inside

    I think your problem is the wild card which matches everything which in this case can grad the email beyond the 7th coma which would be the recipitant, thus if the recipitant is in but the sender is not, it matches because the wildcard blindly skiped over the sender, this will alow it to "hog" and grab beyond the coma. I think instead of the wild card you might use something more restrictive such as
    which if I remember corectly will match any character except for a coma,

    I could be wrong and I will check in a minute, please corect me if I am wrong.

    I did however write a regex tutorial for perl regular expressions long time ago, you can find it here:

    I dont know if that is of any help, but I think your problem is the wildcard is hoging which can grab beyond the 7th coma
    In snatches, they learn something of the wisdom
    which is of good, and more of the mere knowledge which is of evil. But must I know what must not come, for I shale become those of knowledgedome. Peace~

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Thanks ele5125,

    I will check out your tutorial.

    I think I have found a way to do it actually, if I can figure out the complex(very complex to me) way of stating it.

    I can have a routine which counts the comma's in a line up untill it reaches the 7th comma, and then perform a match against the previous x characters, looking for, and then a match against everything before the next comma. Or maybe, I will have to count @ symbols to look at the next address. I don't know.

    The first to address does not need to match nescessarily, as what I am trying to filter out of these logs are emails from our users to other users at our company, including if they also send a message to users outside.

    The critical thing for me was to match the domain found after the sixth comma but before the seventh.

    Anyway, thanks again,


  4. #4
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    IchNiSan --

    Since this is a comma-separated file, why not simply use Perl's split function? It was built for situations like this.

    @ary = split /,/, $string;
    $whatitis = $ary[5];

    if ($whatitis eq $whatyouexpect) {

    Using the split function with a regex pattern, you can make anything a delimiter. Let me know if you need some more information on this. Perl's kinda my thing.
    /* You are not expected to understand this. */

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts