filter module: ability for opers to see matched lines to refine filtering

[henk84]

Context: filtering the recent/current spamwave

Problem: filtering e.g. non-printing characters like '2060 Zero Width Joiner' prevents opers from seeing the message that triggered the filter making it impossible to refine the rules.

Detail: one of the first filters I currently use filters lines containing non-printing characters as the current spammer uses them to make matching the spammed string harder. This filter only 'block's to not 'zline' (or apply any other severe action against) legitimate users innocently copy-pasting something containing such a character.

The line this filter blocks may contain other content (like a URL or any other string) that would be a more specific match for filtering the spam with a more specific filter rule. Not seeing the original line prevents admins from taking more severe action (like a 'zline') against the spammer.

I’m not sure what would be the best solution here, that would also account for:

The filter module will never expose the contents of a message that matched a filter to server operators« to »prevent server operators from covertly snooping on private conversations«

but I have a few ideas:

• opers could see the original message (with snomsk f/F or a separate one) as long as the message was sent to a channel they are joined to, or to them directly as a private message
• rules could have a flag "optional" which allows users/channels to set a particular usermode for opting out of the optional filters

But, TBH, I don’t see much of a value in trying to prevent server operators from covertly snooping on private conversations where the server controls who sees what. The intention is definitely noble but in the end the admins can just circumvent this by adjusting the code or loading some module they wrote to still see everything. Users implicitly trust the network when they do this. So IMHO it’s more important for opers to be able to see these messages for combating a spamwave. I think the first idea above might be a good compromise or not even violate the intention of the quoted text above.

[SadieCat]

Problem: filtering e.g. non-printing characters like '2060 Zero Width Joiner' prevents opers from seeing the message that triggered the filter making it impossible to refine the rules.

I've been thinking about adding zero width joiners and other zero-width unicode characters to the list of characters that the c flag ignores. I'm worried about breaking existing filters though.

opers could see the original message (with snomsk f/F or a separate one) as long as the message was sent to a channel they are joined to, or to them directly as a private message

The current snomask system doesn't support varying messages by who they are sent to but this could be a good compromise once we resolve that.

rules could have a flag "optional" which allows users/channels to set a particular usermode for opting out of the optional filters

The problem with this is that user modes can be set on connect and by opers with /SAMODE so this runs the risk of being a method for admins to snoop on users without them knowing.