[sniffer] Kudos
Hi All - With the holidays behind us, we upgraded to the it doesn't look like it will ever go gold wide-beta. Followed the directions in the readme to the letter. Worked wonderfully, continues to work wonderfully 24 hours later. We're low volume, but so far no false positives and no complaints of leakage. The suggestion to keep the rule update process the same was a good one. We used FireDaemon instead of srvany to manage the SNF process. Works fine. We use inv-uribl, Declude (and therefore zerohour) in combo with Message Sniffer. I'm thinking of lowering the weight we delete at! Thanks! Rob # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Database Compiler Upgrades
Timing on release to production? -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, November 15, 2007 3:21 PM To: Message Sniffer Community Subject: [sniffer] Database Compiler Upgrades Hello Sniffer Folks, There have been a few unavoidable disruptions regarding rulebase deliveries and/or update notifications over the past few days. We apologize about that. There should not be any more noticeable disruptions in the foreseeable future. Over the past few days we have upgraded nearly all of our database, bot, and compiler servers. There are a few more systems to upgrade, but at this point the heavy lifting has been done :-) Moving forward you will see more frequent updates of your SNF rulebase files and you will also see improvements in the rulebase quality as we bring new back-end systems online to take advantage of our new hardware. Thanks for your patience and support! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Database Compiler Upgrades
Sorry, I wasn't really specific enough. Actually interested in the estimated date for Sniffer itself. For most of the year, we enjoy being modestly early adopters. During the holiday quarter, we're late adopters. Rob -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, November 15, 2007 5:58 PM To: Message Sniffer Community Subject: [sniffer] Re: Database Compiler Upgrades Hello Robert, Thursday, November 15, 2007, 4:42:25 PM, you wrote: Timing on release to production? We are continuously improving our back-end systems. There is no specific timing for any of the many projects. The current hardware upgrade process will be completed this week. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] timing for production
We generally don't do anything system wise during the 4th quarter unless absolutely necessary. 1) If we don't upgrade to production if/when it comes out later this year, will we be ok? 2) Is release to production Q4 event?? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Test - ignore
Sorry for all these tests -- but a new copy of Declude Interceptor seems to want to completely lose messages from lists. Rob # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] test -6:35 please ignre
Please ignore this test.# This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Significant increase in false positives
That's been a problem for a long time, but for us, it still treats that e-mail as spam, with the appropriate weight. 100% of the time if Declude does that, the e-mail is beyond our delete weight. Rob From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Herb GuentherSent: Monday, October 16, 2006 4:35 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: Significant increase in false positives Hi Darin;Not seeing a lot of false pos messages, but there are lots of spam messages sneaking through our system because declude is not modifying the header correctly. It is adding a header stub to the bottom of the message so that users mail client filters which look for the modified subject line is not working. Anyone else having that issue?HerbDarin Cox wrote: Anyone else seeing a sudden increase in FPs? We normally report a few each day, but we're seeing a 10x increase in FPs for the past three days. Darin. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way.
[sniffer] Re: Significant increase in false positives
We're seeing it with the latest and greatest gateway version. Again, not a problem. Since it's above our delete weight, always, we just delete them. Users never see them. Rob From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Monday, October 16, 2006 5:12 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: Significant increase in false positives Ahh... good. The first thing they'll probably tell you is to update to the latest 4.x version, see if the problem persists, then re-report it. Darin. - Original Message - From: Herb Guenther To: Message Sniffer Community Sent: Monday, October 16, 2006 5:51 PM Subject: [sniffer] Re: Significant increase in false positives Not sure, this is what my declude diags.txt saysDeclude 4.1.0 DiagnosticsCompilation Platform: SmarterMailCopyright (c) 2000-2005 Declude, Inc.HerbDarin Cox wrote: We see this occasionallywith Declude 1.82. What version are you running? Darin. - Original Message - From: Herb Guenther To: Message Sniffer Community Sent: Monday, October 16, 2006 5:35 PM Subject: [sniffer] Re: Significant increase in false positives Hi Darin;Not seeing a lot of false pos messages, but there are lots of spam messages sneaking through our system because declude is not modifying the header correctly. It is adding a header stub to the bottom of the message so that users mail client filters which look for the modified subject line is not working. Anyone else having that issue?HerbDarin Cox wrote: Anyone else seeing a sudden increase in FPs? We normally report a few each day, but we're seeing a 10x increase in FPs for the past three days. Darin. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way.-- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way.
[sniffer] Declude Interceptor
Hi We're attempting to install SNF with the new Declude Gateway product. We're having problems. We're also having problems installing invariant systems' INVURIBL product, which leads me to wonder. Are any of you using SNF with Interceptor successfully? While it definitely could be us, maybe, since the product is so new, it's Interceptor. Pete's thinks people are using it, but he's not sure. Thanks for the info. Rob # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Declude Interceptor
Hi We're attempting to install SNF with the new Declude Gateway product. We're having problems. We're also having problems installing invariant systems' INVURIBL product, which leads me to wonder. Are any of you using SNF with Interceptor successfully? While it definitely could be us, maybe, since the product is so new, it's Interceptor. Pete's thinks people are using it, but he's not sure. Thanks for the info. Rob iGive.com PH 847.477.6968 FAX 312-896-9038 [EMAIL PROTECTED] http://www.iGive.com Turn your everyday shopping into philanthropy Your favorite stores mean cash for your cause. This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
RE: [sniffer] How are folks doing with the latest version?
Lowish volume box, no problems seen. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, November 19, 2004 2:28 PM To: [EMAIL PROTECTED] Subject: [sniffer] How are folks doing with the latest version? Hello Sniffer Folks, I am curious to know how many folks have been using Version 2-3.1i2. I have not heard any problem reports, so I'm assuming it's going well with you as it is on our systems... or, perhaps, nobody has tried it yet?? I would like to move this interim to the official version. If I can get a show of hands on how many folks are using the new version successfully then I would really appreciate it. Thanks! _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Release of snf2check v2 w/ digest checking
No initial problems here. Installed fine. --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] test
Appears to work beautifully. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, May 01, 2004 12:10 PM To: [EMAIL PROTECTED] Subject: Re: [sniffer] test At 07:13 AM 5/1/2004, you wrote: This can be done with wget, for example, but setting this up appears to be technically complex - so I'm going to leave it at that for now. (Requires the --header switch and piping the output through gzip) It is not so complex: In the wget command change -O sniffer.new to -O sniffer.new.gz and add the switch --header=Accept-Encoding:gzip And in the next line put the command gzip -d -f sniffer.new.gz That looks about right. Of course you will also need to download gzip to make this work if you don't already have it. http://www.gzip.org/ _M --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Final beta (b2) for snfrv2r3
Since you're up, sorry to ask, where's the beta? Didn't save the e-mail. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, April 07, 2004 9:23 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Final beta (b2) for snfrv2r3 Tried the above and got an error message. Tried: sniffer.exe xxauthenticationxx stop and it paused a few seconds and returned to command prompt, so I'm guessing that it stopped. That doesn't sound quite right. In the distribution there are some .CMD files that show examples of the commands: stop - Ends the persistent server reload - Reloads the rulebase config file data rotate - Moves the current log file to sniffer.log.mmddhhmmss Note that all commands and configuration options are case sensitive. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html