Hello Frederick,
Tuesday, October 10, 2006, 8:14:15 AM, you wrote:
Where can I find a list of the latest result codes.
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.ResultCodes
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent
] On Behalf
Of Pete McNeil
Sent: Monday, October 02, 2006 8:07 PM
To: Message Sniffer Community
Subject: [sniffer] Re: MDaemon plug-in - Process inline during SMTP?
Hello Dave,
The current version can't do this -- it doesn't know how to respond properly
to the inline call. It only knows how
on.
Also - why the sudden change? This has worked fine for some time. Can
anybody pinpoint when (at what event precisely) this problem showed
up?
Those are my thoughts.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
Hello Dave,
Saturday, September 30, 2006, 10:01:41 AM, you wrote:
Why am I getting the following error when replying to a message here? It
certainly is NOT automatic... and has never happened before today.
Very odd. Your messages came through - including this one.
_M
--
Pete McNeil
Chief
with the email address (login), fqdn of the pop3
server, and password we can tell our bots to go and collect messages
from there and add them to our processing queues. (We poll as
frequently as once per minute when traffic is slow).
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research
messages in my other mail
boxes also, so it relates to a lot of deleting?
Could I have something set up incorrectly? Or thresholds set to
low that they are getting through?
Thanks for any info!
Sincerely,
Gary Stark
--
Pete McNeil
Chief Scientist,
Arm
of a challenge. We will
continue to work on it.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail
Hello Darin,
I may be behind... but I don't see an FP report on this. Do you have
the rule id?
_M
Wednesday, August 23, 2006, 1:36:08 PM, you wrote:
FYI... I just reported one of these, so watch out.
Darin.
--
Pete McNeil
Chief Scientist,
Arm Research Labs
the authorization code)
20060823163449 D83a20d3001502962.SMD 0 32 Match 1100444 60 1502
1551 98
20060823163449 D83a20d3001502962.SMD 0 32 Final 1100444 60 0 3798
98
The FP was submitted at 1:34pm ET.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED
Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.
DELIVERY ADDRESS:
21 GLEN STREET
BELROSE NSW 2085
AUSTRALIA.
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
: GFR97DF
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED
.
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Tuesday, August 22, 2006 2:34 PM
To: Message Sniffer Community
Subject
]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing
of these yesterday but I don't
know if the permutations are being caught.
Andrew 8)
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Monday, August 21, 2006 8:38 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Lots
to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list
PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe
are willing to have a black rule for a particular word or
phrase or perhaps some other attribute.
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed
to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Wednesday, 26 July 2006 2:52 PM
To: Message Sniffer Community
Subject: [sniffer] Re: New SPAM pain
Hello John,
Wednesday, July 26, 2006, 1:57:18 PM, you wrote:
I'm dying to start a thread and talk about Sniffer's stance
to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you
to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed
don't have any getting through spamtraps at the moment. I will look
into it again.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message
! And thanks for all of your efforts to simultaneously
increase the catch rate and decrease the FP rate.
Darin.
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing
Hello Matrosity,
Tuesday, June 27, 2006, 4:04:46 PM, you wrote:
I was wondering if updates would ever be compressed in the future to save
bandwidth?
Actually, if you are using the scripts with wget and gzip, they are
compressed on the fly by the web server.
_M
--
Pete McNeil
Chief
functionality.
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED
, on this page you can find PerlAutoUpdates and a few
others which might help:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.SubmittedScripts
Best,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
Hello Sniffer Folks,
Is anyone successfully using the WeightGate utility?
Anyone having trouble with it?
I've literally heard nothing so far ;-)
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
to debug it.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch
works ok.
_M
Testing. Sorry for the extra trafic - only way to debug it.
_M
This seems to be working ok, Thanks for your patience.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because
.
I just had an interesting FP case like this. By the time the match
record got to me along with what was supposed to be the original
message, there were at least 9K bytes missing - including the bytes
that presumably contained the rule match.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs
their registered email address or an authorized alias.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E
WILL be responding to the submission message so that
we can record a dialogue with you about the false positive in
question.
Hope this helps,
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent
will see :-)
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch
important for the FP resolution process to be interactive.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe
was called with the following arguments:
arg[0] me = WeightGate
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe
.
:-)
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode
not fail SNF. Generally this is done
by copying the message to a pop3 account that can be polled by our
bots.
That is exactly what I was suggesting. We'll put it on our list to write a
filter to do so when time permits. Just trying to help.
Thanks very much!
_M
--
Pete McNeil
Chief Scientist,
Arm
).
Yeah, we'd have to automate it. I can't imagine taking the time to manually
match for each occurrence of no rule found. Another item for the
automation list.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message
Hello Sniffer Folks,
I have a design question for you...
How many DNS based tests do you use in your filter system?
How many of them really matter?
Thanks!
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message
the pattern for the png stock spam
but I've got a new family of rules in place for it now... I'm waiting
on results to tally but I believe the rules will be effective.
If not we will continue to work on them.
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
the damage and it
is now happily sustaining ~900 msgs/minute so I don't expect further
problems from it in the short term.
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you
Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED]
Behalf Of Pete McNeil
Sent: Tuesday, June 06, 2006 9:26 AM
To: Message Sniffer Community
Subject: [sniffer]A design question - how many DNS based tests?
Hello Sniffer Folks,
I have a design question for you...
How many
to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com
PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed
Hello Nick,
Thanks.
That's all good then :-)
_M
Tuesday, June 6, 2006, 10:46:55 AM, you wrote:
Pete McNeil wrote:
Hello Nick,
What is your false positive rate with that pattern?
Hmm lets go to the MDLP for yesterday :)
SS
the blacklist tests. And free is good.
On the same system, I noted that this made Sniffer about half as
effective as fresh SURBL/URIBL testing, but I had no way to compare their
overlap.
Interesting.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
(on both the spam and ham sides of the equation),
improving response time, increasing SNFs flexibility and breadth,
reducing complexity, maintenance administration, and improving speed
efficiency.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
it must be local based on
what I've seen so far.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail
. It is a new variant
of the one that started yesterday. It has quite a bit of bandwidth
behind it as well.
Rate Graph Image attached.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
msgperhour48.jsp.png
Description: PNG image
however.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
getchart.jsp.png
Description: PNG image
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail
on the graph are lower than they
might normally be... the shape of the graph is the important part of
the image. The flow rates analysis (link at top) shows the shelf
starting at 0100 and building.
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
getchart.jsp.png
our license
to the new setup after we finish testing?
Yes.
If you have a valid license and you move to a new platform you can
take that license with you. One license per MTA is all that we
require.
Thanks!
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
to these quickly and (from your perspective)
automatically.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail
.
Certainly, submitting samples to spam@ (or preferably your local spam
submission point polled by our bots) will put these messages in front
of us if we have not already created rules for them.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC
the previous 24 hours things were _relatively_ quiet.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
getchart.jsp.png
Description: PNG image
#
This message is sent to you because you are subscribed to
the mailing list
Hello sniffer,
Just testing.
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL
it...
It's not set up yet (I've been distracted working on other SNF stuff)
but I will have scripting in place to handle the above within a few
minutes.
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
This E-Mail came from the Message Sniffer mailing list. For information
to handle the above within a few
minutes.
The code is now in place and has been tested.
Best,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
PROTECTED]
CS [mailto:[EMAIL PROTECTED]
CS On Behalf Of Pete McNeil
CS Sent: Friday, May 05, 2006 9:32 AM
CS To: Darin Cox
CS Subject: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer
CS On Friday, May 5, 2006, 11:02:00 AM, Darin wrote:
DC Not just drugs, but some others too have been
On Friday, May 5, 2006, 11:02:00 AM, Darin wrote:
DC Not just drugs, but some others too have been slipping through the past
DC couple of days. We've reported a little under 40 in the past couple of
DC days.
We saw a bit of a lull, then a rash of new campaigns bunched together
with some new
We've had that rule before and had to pull it for false positives.
_M
On Friday, May 5, 2006, 11:41:50 AM, John wrote:
JTL FYI, I created a Declude Filter:
JTL Subject END NOTCONTAINS news
JTL BODY25 CONTAINShttp://geocities.com/
JTL Been catching every one
On Friday, May 5, 2006, 1:08:14 PM, John wrote:
JTL Well, I am at the point that I could care less about geocities false
JTL positives. If GeoCities is going to allow this much spam junk then I could
JTL care less about allowing them.
That's fine.
There are probably a number of systems that
positive messages from you:
SF Failed to deliver to '[EMAIL PROTECTED]'
SF mail loop: too many hops (too many 'Received:' header fields)
SF - Original Message -
SF From: Pete McNeil [EMAIL PROTECTED]
SF To: Matt sniffer@SortMonster.com
SF Sent: Wednesday, April 19, 2006 7:03 PM
SF Subject: Re
On Wednesday, April 19, 2006, 11:05:15 AM, Jeff wrote:
JA Peter,
JA I have taken over the network administration for Neptune Chemical Pump Co.
JA Could I get a manual for the sniffer software. That is how to use set up
JA and confirm it is still configured correctly.
You can find the root
On Wednesday, April 19, 2006, 7:20:01 PM, Matt wrote:
M
M Pete,
M
M I tried replying to some FP reports and I received back some loop reports
from your gateway:
M
M
M
M
M Failed to deliver to '[EMAIL PROTECTED]'
M mail loop: too many hops (too many 'Received:' header fields)
I'm
if it is easier) you can remove the
rule-panic entry.
Sorry for the trouble,
Hope this helps,
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer
rule pulled (963533) which was coded for a
binary segment of an image file. No hits have been reported on the
second rule at this time.
Best,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com
On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote:
DC Nope. None of them.
DC I haven't heard back from the replies to a couple of false positives on the
DC 10th, and we haven't heard anything from our submissions on the 16th (6) and
DC 17th (2). I don't remember if we've heard anything from
to investigate further and apply white
DC rules. The others were normal FP reports.
DC Thanks,
DC Darin.
DC - Original Message -
DC From: Pete McNeil [EMAIL PROTECTED]
DC To: Darin Cox sniffer@SortMonster.com
DC Sent: Tuesday, March 21, 2006 11:52 AM
DC Subject: Re[2]: [sniffer] False
On Monday, March 20, 2006, 3:58:03 PM, John wrote:
JTL It seems today that updates have been slow to retrieve, the last one being
JTL averaging 54 Kbps. Updates are triggered on the e-mail update notice.
I just retrieved your rulebase at an average of 267K/sec via my DSL.
My DL rate is 3Mbps -
to update, improve, and correct the wiki - it will,
in fact, be under constant development.
Have fun!
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message
On Friday, March 17, 2006, 11:53:58 AM, John wrote:
JTL What is the purpose of using a WIKI site?
A few things really -
* It's fast and easy to create, update, and correct the content.
Things happen quickly here and in the messaging security business in
general. It makes sense to use tools that
On Friday, March 17, 2006, 12:50:40 PM, John wrote:
JTL Pete, while I fully understand all of what you said, allowing any one
JTL registered to edit any page is leaving things wide open for abuse. Isn't
JTL there a way to set permissions on a section basis? Example, I should not
JTL have the
On Thursday, March 16, 2006, 5:18:00 PM, Roger wrote:
RM I just found out that when you are reporting received spam to
RM [EMAIL PROTECTED], you should remove the Received: header added by your
RM mail server. Otherwise you might create a rule that filters all mail from
RM your mail server.
On Friday, March 10, 2006, 2:00:42 PM, John wrote:
JTL I am seeing a log of spam with a subject line of with fw: or re: followed
by
JTL the username portion of the reciepient. Any way to create a rule for this?
There's nothing simple we can do for this one based on that alone - at
least not
.
This may cause rulebase file sizes to change noticeably.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un
On Thursday, March 9, 2006, 8:48:43 AM, Nick wrote:
NH Hi Pete -
NH Pete McNeil wrote:
Hello Sniffer Folks,
The F001 Rule Bot has been adjusted.
NH Is it possible for you to recommend a percentage of accuracy or maybe
NH better stated a percentage of delete weight for each rule? I am
On Tuesday, March 7, 2006, 5:00:33 PM, Heimir wrote:
HE Why is this not filtered?
HE Every one of them contains the word
HE Domains4u
HE I have reported several but they are still coming in.
Actually, they are now (I tried coding the message and duped out on
the domain rules).
Domains4u is
On Tuesday, March 7, 2006, 4:58:35 PM, Harry wrote:
HV
HV
HV at the moment I run the following test in declude
HV
HV SNIFFER external nonzero
HV D:\IMail\Declude\sniffer\xx.exe persistent 13 0
HV
THIS IS WRONG!
You should not have the persistent command line option
been few IP rules
at all since we disabled the old bots).
The algorithms used in this bot have been tested manually for 2
weeks with no false positives.
Expect an increase in your rulebase size while F001 catches up with
current spamtrap data.
Thanks,
_M
Pete McNeil (Madscientist
updates should equate to lower spam leakage for new
spam.
You do not need to take any action on this. This note is for your
information only.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist
On Monday, March 6, 2006, 3:13:53 PM, Jay wrote:
JSHNL There's been at least one FP ;)
JSHNL --
JSHNL Rule - 861038
JSHNL NameF001 for Message 2888327: [216.239.56.131]
JSHNL Created 2006-03-02
JSHNL Source 216.239.56.131
JSHNL Hidden false
JSHNL Blocked false
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC We just reviewed this morning's logs and had a few false positives. Not
DC sure if these are due to the new rulebot, but it's more than we've had for
DC the entire day for the past month.
DC Rules
DC --
DC 873261
DC 866398
DC 856734
On Monday, March 6, 2006, 6:09:43 PM, Matt wrote:
M Pete,
M Does this mean that you are somehow supporting incremental rule base
M updates, or is it that the compiler is just much faster so we will get
M the same number of updates, but generally get them 40-120 minutes
M earlier in relation to
On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote:
snip
CA I would like to state that I don't need Message Sniffer to
CA identify servers that send bogus postmaster notifications. This
CA would be entirely due to false positives such as the three
CA examples above.
CA Given that spammers
On Saturday, February 25, 2006, 1:38:53 PM, Joe wrote:
JW
JW
JW I would actually prefer that MDLP autotune the weight for
JW invURIBL, but since the weights are managed by invURIBL and not
JW Declude I don't know how this will work.
I'm not familiar enough with invURIBL to know how it is
On Friday, February 24, 2006, 7:13:47 AM, Jeff wrote:
JP Do I need to modify anything in my Declude configuration file where it calls
JP the SNIFFER test in order for this to function ??
No. You set up a persistent instance outside of Declude and the other
SNF instances adapt automatically.
_M
On Friday, February 24, 2006, 10:31:25 AM, Goran wrote:
GJ Hi,
GJ I just got my service up and running using Matt's post
GJ http://www.mail-archive.com/sniffer@sortmonster.com/msg00169.html
GJ It was simple especially since I already the resource kit installed.
GJ Now I know that this I
On Thursday, February 23, 2006, 5:48:55 AM, Kevin wrote:
KR So when I asked how I would send in false positives, someone mentioned
KR that I should look up the appropriate log entry and send that in. That
KR brings up another question. My log file is 270MB and climbing. I've
KR never opened it
On Thursday, February 23, 2006, 11:30:02 AM, Goran wrote:
GJ Hi,
GJ Is there any good rule of thumb, in terms of messages processed per
GJ minute/hour/day when you should move to a persistent instance of
GJ Sniffer?
I would suggest using the persistent mode unless you have a reason not
to. (In
On Thursday, February 23, 2006, 11:53:51 AM, LLC wrote:
JISL I'm investigating the persistant mode and read the info on the web site.
JISL Can't make heads or tails of it.
JISL How do enable persistant mode on a Windows 2003 Server? The web site
speaks
JISL hypothetically, but the information
On Thursday, February 23, 2006, 12:59:24 PM, Goran wrote:
GJ Pete,
To run in persistent mode, simply launch an instance of SNF from the
command line with the word persistent in place of the file to scan.
licenseid.exe authentication persistent
GJ I am calling Sniffer from Declude. Could
On Thursday, February 23, 2006, 1:07:07 PM, Goran wrote:
GJ Pete,
GJ I have seen a couple of times that the file
GJ C:\External\Sniffer\my license-20060221071316x386D4931-2352.SVR
GJ Is open and cannot be backed up.
GJ What is this file? I assume that I do not need to be worried since the
GJ
I'm a little behind. I'm going to do false positives in the next 10
minutes. I only have 20 to do it should go fast. Sorry for the delay.
Thanks,
_M
On Tuesday, February 21, 2006, 9:40:07 AM, Andy wrote:
AS Hi,
AS I filed this false positive report a day ago and never heard back.
AS Just
On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote:
AS Sorry - didn't mean to be pushy. I just thought that false positives are
AS worse than missed spam, so I had assumed that they would always be at the
AS top of the queue.
It is a very tough balancing act. Don't feel bad at all - you're
On Tuesday, February 21, 2006, 11:16:43 AM, Andy wrote:
snip/
AS The only other suggestion I have is to create a 24 hour 'queue' display on
AS the web site. All you need to show is a column of the sender domain names of
AS the email (not the entire sender email address). If I submit a false
AS
On Wednesday, February 15, 2006, 8:53:27 AM, Heimir wrote:
HE Anyway to stop this spam.
HE We are getting hundreds of them.
HE I have personally gotten 23.
It's a challenging one... there is almost no data, and the geocities
link is constantly different.
I've written another abstract to cover
On Wednesday, February 15, 2006, 11:02:11 AM, Bonno wrote:
BB Hi Pete,
BB []
If you wish, it is possible to create a local black rule for any
geocities link. On many ISP systems this would cause false positives,
but on more private systems it may be a reasonable solution.
BB I think I
401 - 500 of 922 matches
Mail list logo
