Re[2]: [sniffer] New Version 2-3.2 has been officially released.
On Tuesday, November 23, 2004, 6:08:34 AM, Bonno wrote: BB Hi, BB Just to let you know. We had a problem after updating to 2.3.2 this morning BB where suddenly a lot of our internal mail got caught as spam by sniffer. Ive BB allready sent a report to the support address. For whatever reason I could BB net send to the false@ address. BB All I did was replace the 2.3.1 exe with the 2.3.2 exe (of course with the BB correct id name). I am unable to duplicate your results. I have re-verified my testing. I have version 2-3.2 running on our test server without any problems and it is capturing 9+ / 10 messages which is typical. Please verify that you have the correct executable in place by running the program from the command line with no parameters. The correct build information is: build - v2-3.2 Nov 23 2004 01:21:33 Then please also verify that you have the correct rulebase in place. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] New Version 2-3.2 has been officially released.
On Tuesday, November 23, 2004, 6:33:13 AM, System wrote: SA on 11/23/04 6:08 AM, Bonno Bloksma wrote: Just to let you know. We had a problem after updating to 2.3.2 this morning snip/ All I did was replace the 2.3.1 exe with the 2.3.2 exe (of course with the correct id name). SA Bonno, SA Thanks for the report. I was just about to do the upgrade but now I think SA I'll hold off until I hear from Pete (or you) about the situation. I have no indications of a problem and I have just re-verified my testing. Please give this a try and report any success, errors, or problems. In my testing the build information from the distribution and on my test server are: build - v2-3.2 Nov 23 2004 01:21:33 You can get the build information by running the sniffer executable on the command line without any parameters. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] New Version 2-3.2 has been officiallyreleased.
on 11/23/04 12:22 PM, Landry William wrote: No problems experienced here on either of our servers I installed it. No problems so far. Greg This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] New Version 2-3.2 has been officially released.
Hi, BB Just to let you know. We had a problem after updating to 2.3.2 this morning BB where suddenly a lot of our internal mail got caught as spam by sniffer. Ive BB allready sent a report to the support address. For whatever reason I could BB net send to the false@ address. BB All I did was replace the 2.3.1 exe with the 2.3.2 exe (of course with the BB correct id name). I am unable to duplicate your results. I have re-verified my testing. I have version 2-3.2 running on our test server without any problems and it is capturing 9+ / 10 messages which is typical. Please verify that you have the correct executable in place by running the program from the command line with no parameters. The correct build information is: build - v2-3.2 Nov 23 2004 01:21:33 Then please also verify that you have the correct rulebase in place. The version is the same as you say. The rulebase was downloaded last night and later that morning once more but not updated because there were no changes. I verify every downloaded rulebase. Like I wrote, all I did was early thismorng replace the 2.3.1. exe with the 2.3.2 exe. After that the problems started. When I replace the 2.3.2 exe with the 2.3.1 exe all problems disappeared. As I had to attend a seminar this afternoon I did not any time for further testing. I just once more installed the 2.3.2 exe, we'll see what happens. As it is close to 9 PM overhere it should not disrupt any business going on and let me do some testing. Did you receive the mail I sent along with the caught e-mail and the logfiles? Anything that pointed to a special rule? Should I change the logging when this happens so as to provide more information about what might be happening? Hope this helps, _M We'll see. Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? --- [E-mail scanned at tio.nl for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[4]: [sniffer] New Version 2-3.2 has been officially released.
On Tuesday, November 23, 2004, 2:51:10 PM, Bonno wrote: snip/ BB Just to let you know. We had a problem after updating to 2.3.2 this snip/ BB The version is the same as you say. The rulebase was downloaded last night BB and later that morning once more but not updated because there were no BB changes. I verify every downloaded rulebase. Like I wrote, all I did was BB early thismorng replace the 2.3.1. exe with the 2.3.2 exe. After that the BB problems started. When I replace the 2.3.2 exe with the 2.3.1 exe all BB problems disappeared. As I had to attend a seminar this afternoon I did not BB any time for further testing. I understand. I have no reasonable explanation for your experience. There have been no other reported problems and I have been unable to recreate your conditions. BB I just once more installed the 2.3.2 exe, we'll see what happens. As it is BB close to 9 PM overhere it should not disrupt any business going on and let BB me do some testing. Thanks for your efforts. BB Did you receive the mail I sent along with the caught e-mail and the BB logfiles? Anything that pointed to a special rule? Should I change the BB logging when this happens so as to provide more information about what might BB be happening? I did receive these email. I have looked at your logs and I was unable to explain the results. It is as if suddenly all of your black rules were removed ... that is, the sniffer log reports clean suddenly on most of your messages. White rules do not seem to be effected. I do not have a theory to explain these conditions. One change you should make is to adjust your Declude configuration so that your message file name is emitted into your message headers. This way when a false positive does occur we can match the message up to the log entries and identify the rule or rules that fired. I have checked our system again and we show no anomalies at this time. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] New Version 2-3.2 has been officially released.
We run Sniffer in the normal way (non-persistent), is there an extra file that we must copy into the Sniffer directory in order for this version to work properly? I believe I read somewhere of a config file that contains needed settings. Thanks again, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, November 23, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: [sniffer] New Version 2-3.2 has been officially released. Hello Sniffer Folks, We have now officially released version 2-3.2 of Message Sniffer. You can download the distribution files from our Try-It page. This version includes a number of upgrades that will improve the spam filtering performance of Message Sniffer by allowing it to see beyond most obfuscation mechanisms. In particular, this version makes obfuscation techniques that use HTML and XML tags, HTML encoding, and URL encoding ineffective in most cases. These new features do not interfere with Message Sniffer's ability to detect these obfuscation techniques, but rather enhances these capabilities to allow clear-text patterns to match obfuscated message content in addition to any other detection rules that might apply. (Version 2-3.2 is functionally identical to version 2-3.1i2 which has successfully passed internal and external testing.) This is an important upgrade. As we begin to generate rules that take advantage of these new features, any systems that are running the older version may experience a decrease in performance over time. This version is a drop-in replacement for version 2-3.1. This version is compatible with the prior 2.x versions. You may install the new .exe by renaming it for your license ID and replacing your current .exe file. (You will probably need to temporarily stop your email server software and any persistent instance of Message Sniffer before you can replace the .exe file on your system.) Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] New Version 2-3.2 has been officially released.
Pete, We plan to, working on the SrvAny service in beta right now. Thanks again for the aid and time. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, November 23, 2004 5:07 PM To: Keith Johnson Subject: Re[2]: [sniffer] New Version 2-3.2 has been officially released. On Tuesday, November 23, 2004, 4:19:35 PM, Keith wrote: KJ We run Sniffer in the normal way (non-persistent), is there an extra KJ file that we must copy into the Sniffer directory in order for this KJ version to work properly? I believe I read somewhere of a config KJ file that contains needed settings. Thanks again, Nothing in the .cfg file is strictly needed. If you don't have one, then copy the one that comes with the distribution. You _may_ want to use one or more of the features at some point. If you don't have it then it is ignored. (Backward compatibility). _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
