Re: [sniffer] Reporting - was: spam leakage up

[Matt]

Pete, If the data is normalized, tab delimited seems like the most widely available choice.  I've never played with XML, and although it might be more useful in many places, in others it presents overhead, especially as far as a learning curve goes. It may also be that real-time reporting isn't that widely sought after, especially on systems where Sniffer is just one part of an overall system.  For me there would be no real value to this except for a rare occasion that I'm researching a problem or my interest is peaked (which isn't a good justification for work).  Those that desire real-time functionality may well be more experienced DB admins or programmers and may be able to handle whatever format that you throw at them. Matt Pete McNeil wrote: We are working on specs for real-time reporting out of Sniffer and haven't had a lot of feedback on the XML based format. We were looking at this format because, in theory anyway, it's easy to port into a database or even directly into a web page or other format. Am I guessing right that the reason we didn't get a lot of feedback is because not many folks can really use XML data in practice? Should we adopt a different format for a "real-time scoreboard" output file? Tab delimited? CSV? --- perhaps directly to HTML? (if HTML then I will continue with the XML concept and use DOM to read the XML as a data island and format the output - anybody have experience with this - it seems harder in practice than the examples let on.) Any thoughts would be appreciated. Thanks, _M (The idea of a "scoreboard" was to create some useful indicators that could be read in near real-time - without a lot of heavy lifting. At the time it seemed there was a pressing need for this kind of functionality. I'm beginning to wonder - I don't want to spend effort on something that nobody really cares about. There are plenty of other features planned that we could focus on. I need some feedback. Thanks!) On Thursday, June 24, 2004, 12:02:06 PM, Aaron wrote: AC> Thanks Herb but we don't have Coldfusion. AC> Looks great tho! AC> Aaron AC> www.vantech.net AC> On Jun 24, 2004, at 8:55 AM, Herb Guenther wrote: I wrote a coldfusion page that parses the logs into a sql database every night, and then the display page you saw.  If you have a coldfusion server I would be happy to give you the code. Herb Aaron J.Caviglia wrote: Herb, How did you generate that SPAM report? Thanks, Aaron Caviglia www.vantech.net On Jun 24, 2004, at 8:46 AM, Herb Guenther wrote: wow, that is even worse than we are seeing, we are at about 80%, but should really be at about 85% if all were tagged.  Here is our last weeks stats, we did not see an increase in volume, so much as the amount gettig thru in the last couple days and continuing today. Herb SPAM Report Statistics are based on the last 6,150,612 email messages received. You are viewing Server 1 Stats View Server 2 stats Statistic 06/17 06/18 06/19 06/20 06/21 06/22 06/23 Weekly Total Daily Avg. <image.tiff>Delivered Messages 34,291 30,762 22,331 22,484 31,245 33,588 33,582 208,283 25,311 <image.tiff>Good Messages 6,493 5,101 1,595 1,721 6,209 6,772 6,170 34,061 5,221 <image.tiff>Spam Messages 27,798 25,661 20,736 20,763 25,036 26,816 27,412 174,222 20,090 <image.tiff>Spam Percent 81% 83% 92% 92% 80% 79% 81% 84% 79% <image.tiff>Mal Formed Headers 3,845 4,277 3,193 3,555 4,094 4,286 4,459 27,709 4,949 <image.tiff>Spam Headers 4,544 4,081 3,665 3,367 4,800 5,712 6,129 32,298 3,308 <image.tiff>Spam Routing 6,351 5,697 5,200 5,613 5,718 6,072 5,616 40,267 3,375 <image.tiff>No Reverse DNS 6,864 7,787 6,529 6,729 7,742 6,783 5,023 47,457 2,446 <image.tiff>White Listed 1,157 968 116 162 1,237 1,245 1,229 6,114 785 <image.tiff>General Spam 1,021 958 736 851 1,012 1,045 1,122 6,745 1,490 <image.tiff>Experimental 1,543 1,190 951 970 1,284 1,342 1,472 8,752 900 <image.tiff>Obfuscation 240 183 158 189 196 336 151 1,453 352 <image.tiff>Grey Hosts 355 196 29 33 213 343 315 1,484 166 <image.tiff>Gambling 272 202 263 261 215 303 161 1,677 124 <image.tiff>Refinancing/Loans 2,293 2,216 1,809 1,659 2,167 2,013 1,975 14,132 1,765 <image.tiff>Business opportunities 1,989 1,991 1,546 1,547 1,990 2,089 2,163 13,315 1,464 <image.tiff>Ink and toner cartridges 159 124 41 91 100 89 63 667 121 <image.tiff>Pornography 2,296 1,874 2,189 1,798 2,120 2,224 2,333 14,834 1,731 <image.tiff>Send money scams 57 63 66 57 85 84 82 494 65 <image.tiff>Online pharmacies 6,792 6,098 5,419 4,907 5,766 5,526 5,767 40,275 5,684 <image.tiff>Cable/Satellite descramblers 1,250 1,340 1,190 1,384 1,277 1,710 1,554 9,705 867 <image.tiff>Norton/McAfee offers 17 61 4 7 11 19 25 144 68 <image.tiff>Insurance quotes, etc. 706 493 374 354 526 552 547 3,552 649 <image.tiff>Travel/vacation offers 216 135 82 61 87 160 121 862 238 <image.tiff>Viruses Detected 649 440 223 201 537 498 493 3,041 344 <image.tiff>Virus Vulnerabilities 581 431 365 304 531 518 580 3,310 406 Dan Stratton wrote: Yes I have seen an increase in spam not tagged by sniffer or in a lot of cases by any other of the declude tests that I am using. I also have notice quite a large increase in overall spam and attribute at least some of the leakage to this increase. Some day's I am seeing 94% spam and 6 % legitimate email which I find incredible. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Herb Guenther Sent: Thursday, June 24, 2004 7:51 AM To: [EMAIL PROTECTED] Subject: [sniffer] spam leakage up In the last couple days we are seeing quite an increase in the amount of spam leaking past sniffer and declude. Anyone else seeing this? Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================