On Tuesday, November 30, 2004, 12:25:58 PM, Scott wrote:
SF I've noticed the trickle is a little larger as of late.
SF I attribute it to a potential surge in SPAM trying to get people to buy
SF before Christmas.
There is definitely that - and there have been a few odd surges
lately, where the
Yes,
I have seen three pieces of spam over and over again - two for drugs and one
porn. I am running the latest version, rules are up to date, no on the log
files, I am forwarding the emails to [EMAIL PROTECTED]
I was thinking about raising this issue so I am glad someone else is seeing
the
On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
CS Yes,
CS I have seen three pieces of spam over and over again - two for drugs and one
CS porn. I am running the latest version, rules are up to date, no on the log
CS files, I am forwarding the emails to [EMAIL PROTECTED]
CS I was
Pete, could you recap for us how to set up a Declude project to forward
non-sniffer-detected spam to a custom spamtrap address at SortMonster?
Perhaps two versions, one for normal spamtrap, and one for spam that meets
our chosen weight yet didn't trigger sniffer?
I can piece together snippets
I forwarded some yesterday to spam@ and then attached them and sent to
[EMAIL PROTECTED]
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Behalf Of Pete McNeil
Sent: Tuesday, November 30, 2004 9:56 AM
I started getting a large Number of files in my sniffer dir that end in
.FIN ( like a thousand a day) a few that end in .ABT ( may be 12) and one
.LOCK File. They never seem to go away.
I normaly saw a few, but they dissapere by them self after a few seconds.
These seem to be in large groups
Hello Sniffer Folks,
During a previous discussion in late September, it was generally
agreed that it was time to re-order the priority of the experimental
and generalized rule groups.
I am going to begin that work today.
The new ordering will be:
63: Experimental Received [IP]
On Thursday, December 2, 2004, 4:15:43 PM, Jim wrote:
JM Pete,
JM We have rules setup in declude based upon sniffer return codes 60 and 62 to
JM mark all messages with those tests as spam, however we do not have any 61 or
JM 62 return codes setup. Can you briefly explain what each of these
Where can i find examples of using exit codes to assign different weights
depending on groupes, when using sniffer with declude/imail ?
TIA
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Jim Matuska [EMAIL PROTECTED]
Sent: Thursday, December 02, 2004 9:59 PM
Subject:
On Friday, December 3, 2004, 8:53:26 AM, Joe wrote:
JW OK, I'm confused. First I admit I don't spend much time on Sniffer or
JW Declude settings, and I haven't learned the programs very well.
JW I used the default Sniffer config files. If I changed as indicated below
JW will it catch more
Title: Sniffer rulebase download server down?
Pete, I am no longer able to download my rulebase files on either of our Sniffer servers. When I execute my download script, I immediately get:
gzip: LicenseID.new.gz: unexpected end of file
Is the rulebase download server down? Thanks for
Pete,
Just downloaded the most recent version and the command line build
information says:
Build - v2-3.1 Oct 26 2004 22:03:06
I downloaded it twice from the help page.
Is there another link?
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
On Monday, December 6, 2004, 3:18:01 PM, Mark wrote:
MES Pete,
MES Just downloaded the most recent version and the command line build
MES information says:
MES Build - v2-3.1 Oct 26 2004 22:03:06
MES I downloaded it twice from the help page.
What is the URL to the help page? I want to correct
On Monday, December 6, 2004, 4:12:19 PM, Keith wrote:
KJ Pete,
KJ I saw one last week upon updating at:
KJ http://www.sortmonster.com/MessageSniffer/Installation/HowTo.html
KJ Under the heading:
KJ Where to start (with the demo!):
KJ I hope this helps.
All fixed. Thanks!
_M
Rob,
If you followed the walkthrough on the site, you should
have result code headersin your e-mail messages. Could you check if that's
the case?
Regards,
Michiel
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ~ ROB @ ZELLEM
~Sent: woensdag 8 december 2004 20:54To:
On Friday, December 10, 2004, 12:14:22 PM, Rick wrote:
RR If I make a change to any of the whitelist,blacklist, or trusted files, and
RR I'm using sniffer in a 'persistent' mode, do I have to restart anything to
RR pick up the changes?
I'm not sure I completely understand.
If there are changes
I think the files you mentioned are for mxGuard only. They are separate from
Message Sniffer and do not require you to restart anything.
Craig
it's the 'definition' of what is my rulebase that is unclear here.
Specifically, if I add a domain name in the file 'whitelist.sender' in my
mxguard
On Friday, December 10, 2004, 1:11:48 PM, Rick wrote:
RR it's the 'definition' of what is my rulebase that is unclear here.
RR Specifically, if I add a domain name in the file 'whitelist.sender' in my
RR mxguard directory (under my imail directory), will this be recognized
RR without restarting
it's the 'definition' of what is my rulebase that is unclear here.
Specifically, if I add a domain name in the file 'whitelist.sender' in my
mxguard directory (under my imail directory), will this be recognized
without restarting my sniffer process? I'm not changing the 'cfg' file in
this
Title: Message
Well,
an indirect way to do this is to use the (undocumented?) Declude
directive:
rsp
set off TESTNAME
as the
first bit of text in your test message. That won't actually trigger
sniffer, but it will for the purpose of making your JunkMail think that the test
has been
Anyone else having that problem?
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
Me too
[EMAIL PROTECTED]
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 15, 2004 7:44 PM
Subject: [sniffer] Download server is really slow..
Anyone else having that problem?
Chuck Schick
Warp 8, Inc.
(303)-421-5140
According to the logs there was a run on the server at this time...
apparently quite a few servers downloading at the top of the hour -
all competing.
If you use a scheduled task for getting your rulebase files, please
stagger your download schedule according to the chart here:
On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote:
MH Pete,
MH FWIW, it appears that I just had a bad download. I re-downloaded it, and
MH it's running w/o errors. Thx.
One other quick note/reminder. Use the snf2check utility on your
downloaded rulebase files before putting them in
Greg,
Yes, I should have inserted a "probably" or otherwise taken more care
with my words. I didn't mean for my reply to be contentious.
Anyway, here's a sample of what I am talking about. I've isolated most
major bulk-mail providers from the rest of my Hold E-mail which
constitutes about 2%
I would tend to agree with you that these are false
positives. Eweek, Infoworld, Birthday Express, Best Buy, Chadwicks cause regular
spam tagging here.
If it is a company I've heard of and the links and
such point back to that company, I usually give it the benefit of the
doubt.
-
Hello sniffer,
I am curious to know if anyone is running sniffer on the 2.6 kernel
of Linux? Specifically SuSe 9.2. Please contact me off list.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from
Katie,
Take a copy of the failed message and submit it to [EMAIL PROTECTED]
with your lcinese base ID and they will tell you why it failed and setup a
whiterule to prevent it from being tagged in the future.
Darrell
On Monday, December 13, 2004, 3:40:41 PM, ~ wrote:
~RZ~ Hey everyone...
~RZ~ How does this whole trial thing work? What is limited about it? How does
~RZ~ the spam rule file update? How long will it work? How do i change from the
~RZ~ old spam file to the new one?
Many questions One at a
ATTENTION ROB OF ZELLMAN PRINTING:
Turn off read receipts.
Fix the problem with your server rejecting replies to the very read receipts
you request.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Pete,
FWIW, it appears that I just had a bad download. I re-downloaded it, and
it's running w/o errors. Thx.
---
Marc
MH I downloaded the sniffer demo a couple of days ago and finally installed
it
MH to run as an external test w/Declude today. I ran it all morning w/o any
MH problems. This
On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote:
MH Pete,
MH FWIW, it appears that I just had a bad download. I re-downloaded it, and
MH it's running w/o errors. Thx.
Great!
That makes sense too - unfortunately there's no sure way to separate
the two cases (corrupted file or bad
Pete and other Sniffer Customers,
I've been having a lot of issues with false positives in the General
category, and I'm in search of a better way to handle such things after
making little progress without a large time commitment to the issue
that this creates.
The General category seemingly
Pete,
PM One other quick note/reminder. Use the snf2check utility on your
PM downloaded rulebase files before putting them in service. This will
PM ensure that you have a complete file that is not corrupted.
Yeap..that is exactly what I did when I went back and looked at the files
included in
Pete:
It is Sunday night at 10 minutes after the hour and the download server is
still very slow - so I am not too sure there is just a run on the server.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
On Monday, December 20, 2004, 1:13:52 AM, Chuck wrote:
CS Pete:
CS It is Sunday night at 10 minutes after the hour and the download server is
CS still very slow - so I am not too sure there is just a run on the server.
I will check the logs to verify.
_M
This E-Mail came from the Message
Pete,
I'm downloading right now and its very slow.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Monday, December 20, 2004 6:39 AM
To: Chuck Schick
Subject: Re[4]: [sniffer] Download server is really slow..
On Monday,
Hello,
I'm trying at the moment, Wget says 50-90 K/s (started at 40, went quick up
to 90 and now going down to 50K/s)
Alex
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
Pete McNeil wrote:
On Monday, December 20, 2004, 7:58:57 AM, Alexander wrote:
HA Hello,
HA I'm trying at the moment, Wget says 50-90 K/s (started at 40, went quick up
HA to 90 and now going down to 50K/s)
There are times - especially at the top of the hour - where there are
quite a few downloads
On Monday, December 20, 2004, 8:49:50 AM, Russ wrote:
snip/
Avoiding that time period and following the staggered schedule we have
suggested will help quite a bit. Even better if updates can be
triggered by our update notifications since this allows our system to
pace downloads and use the
Pete,
Our subscribers can forward spam they receive to our [EMAIL PROTECTED]
address, which gets forwarded to you guys. Some spammers have been sending
e-mail messages directly to the [EMAIL PROTECTED] address (cutting out the
middle men I guess). One spammer, www. c a s i n o b a r .com, has
On Tuesday, December 21, 2004, 6:20:40 AM, System wrote:
SA Pete,
SA Our subscribers can forward spam they receive to our [EMAIL PROTECTED]
SA address, which gets forwarded to you guys. Some spammers have been sending
SA e-mail messages directly to the [EMAIL PROTECTED] address (cutting out the
on 12/21/04 8:21 AM, Pete McNeil wrote:
The second possibility is that we've skipped the message for some
safety reason (trying to avoid false positives) though it seems
unlikely in this case.
Once I see it I will be able to tell more.
Would adding direct to spam in the subject make these
Hello Sniffer Folks,
Backscatter from rejected virii and joe-jobs has become a very
significant problem.
Up to now we have tried as much as possible to avoid coding for
NDRs and other such backscatter - though some pattern matches have
been unavoidable.
Generally it is a very bad
It sounds good to me, Pete.
May I humbly suggest that this be a new result code, e.g. 046? Until
now, Message Sniffer has been very parsimonious with the new categories,
but this looks like one that will be here for a long time.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
On Tuesday, December 21, 2004, 12:51:19 PM, Andrew wrote:
CA It sounds good to me, Pete.
CA May I humbly suggest that this be a new result code, e.g. 046? Until
CA now, Message Sniffer has been very parsimonious with the new categories,
CA but this looks like one that will be here for a long
Given that the precision is difficult to assign under the single result
framework, I don't doubt the choice. Might I suggest creating a
sub-group for the three main types of backscatter so that individuals
can turn them off as a group instead of one rule at a time. Note that
the three groups
On Tuesday, December 21, 2004, 1:13:15 PM, Matt wrote:
M Given that the precision is difficult to assign under the single result
M framework, I don't doubt the choice. Might I suggest creating a
M sub-group for the three main types of backscatter so that individuals
M can turn them off as a
FYI,
I'm still debating myself about what to do with this stuff. I'm hoping
that it will go away, albeit slowly, and I presently rarely take action
to correct any issues with this E-mail, though I do reprocess some
individual messages. Seems that many of the C/R providers have gotten
better
OK, being a new (and very happy) customer ...
For example, we will be introducing rules that watch for bounces
that contain large numbers of failed addresses - indicating a
probable dictionary attack / joe-job ...
What is a joe-job? Spam from Billy Bob?
Send coffee...
Chris
This E-Mail
Title: Message
-Original Message-From:
Chris Ulrich [mailto:[EMAIL PROTECTED]]
OK, being a new (and very happy) customer ...
For example, we will be introducing rules that watch for
bounces that contain large numbers of failed addresses -
indicating a probable dictionary attack /
Title: Message
I'm currently using Sniffer via Imail and Declude.
We all know that Ipswitch has lost their mind and is abandoning the small ISP,
and now it seems that Declude has lost their way. The new version of
Declude is tied to a single MAC address. That counts me out since I run
Title: Message
I currently use mxGuard. It works great
for me with F-Prot, ClamAV, and Message Sniffer. Declude has more configuration
options, but for the price mxGuard is hard to beat. Plus the cost is low enough
that you can afford to purchase more than one copy if you have multiple
snip/
JW Does anyone have a complete list of mail servers that have
JW direct support for Sniffer? The Imail / Declude thing is too much
JW to deal with and I'm going to make a change.
http://www.sortmonster.com/MessageSniffer/Installation/HowTo.html
There are others also, not officially
Title: Message
Joe,
In their defense, I don't think that they necessarily knew any better
than to have approached it this way. I don't necessarily get that the
new ownership has worked from the IT side of the business before and
understands security and trust as a corporate administrator
Title: Message
There's a Sniffer plugin for MDaemon v8.0 (MD 8.0 is still
in beta)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe
WolfSent: woensdag 22 december 2004 15:42To:
[EMAIL PROTECTED]Subject: [sniffer] Sniffer
updates...
I'm currently using Sniffer via Imail
Title: Message
Joe, I will back up Matts
comments. Declude has/is indeed suffering from less than honest/moral
individuals/companies and they are correct in taking steps to protect their
products and company.
Only the method they are using is being
questioned.
Believe me, those of
Title: Message
After much debate we decided to abandon
Declude/Imail and switch to Mdaemon and will migrate sniffer to the new
platform.
Jim Matuska Jr.Computer Tech2, CCNANez
Perce TribeInformation Systems[EMAIL PROTECTED]
- Original Message -
From:
Joe Wolf
To: [EMAIL
Title: Message
I may have missed this if it was discussed.
But my last conversation with IPSwitch is that as a current user of IMail I can
continue to purchase support and keep getting updates to the IMail portions
without going to the new product. The person told me that the
Collaboration
Title: Message
Scott Fosseen wrote:
I may have missed this if it was
discussed. But my last conversation with IPSwitch is that as a current
user of IMail I can continue to purchase support and keep getting
updates to the IMail portions without going to the new product. The
On Wednesday, December 22, 2004, 12:06:17 PM, Matt wrote:
M Scott Fosseen wrote:
snip/
M So my understanding is that IMail will still be updated for existing users.
M ...sure, for a 40% increase in cost for your support contract,
M and absolutely no guarantee that they won't again
Title: Message
John,
I've always respected your opinions. I've respected
Scott at Declude as well, but I don't think he has much to say about what
happens there anymore.
The powers to be at Declude obviously look at their
customers as theives trying to steal their product. I have installed
Pete:
It appears on weekends the sniffer downloads are really slow. I am
downloading at 14 minutes past the hour and I am about 1/20 th of the normal
speed.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
This E-Mail came from the Message Sniffer mailing list. For information and
On Monday, December 27, 2004, 1:17:21 AM, Chuck wrote:
CS Pete:
CS It appears on weekends the sniffer downloads are really slow. I am
CS downloading at 14 minutes past the hour and I am about 1/20 th of the normal
CS speed.
That is an unusual observation - I don't think weekends have anything
Is anyone else seeing a huge flood of spam over the
weekend? I have received a ton of it since Friday, a lot of it is not
being picked up by sniffer either.
Jim Matuska Jr.Computer Tech2, CCNANez
Perce TribeInformation Systems[EMAIL PROTECTED]
On Monday, December 27, 2004, 10:24:00 AM, Jim wrote:
JM Is anyone else seeing a huge flood of spam over the
JM weekend? I have received a ton of it since Friday, a lot of it is
JM not being picked up by sniffer either.
I believe I can explain this phenomena.
Over weekends and holidays
Jim:
We saw just the opposite. The amount of Spam appeared to be down over the
holiday weekend. We saw less total volume and less spam in the spam traps.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Our updates seem to be taking a very long time. I am 85% updated and the
ETA shows 07:00. Is it me?
Kevin
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Kevin Stanford wrote:
Our updates seem to be taking a very long time. I am 85% updated and the
ETA shows 07:00. Is it me?
I see stuff like this come and go... Our updates are (finally)
triggered from the email notifications... Below is a snippet of the
last update that shows exactly what
I too am seeing really slow speeds, I'm running an update now and it is only
downloading at about 3k/sec. Pretty bad considering we have 2 T1's and a
DS3 none of which have much traffic on them this morning.
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL
It's actually getting worse now with a timed out
transfer and now under 1k a sec:
Resolving www.sortmonster.net...
done.Connecting to www.sortmonster.net[216.88.37.61]:80... connected.HTTP request sent, awaiting response... 200
OKLength: 11,104,576 [application/x-sortmonster]
19%
[==
On Monday, December 27, 2004, 12:46:19 PM, Landry wrote:
LW Are folks taking advantage of the wget compression option before
LW downloading their rulebase updates? If the slow download speeds are a
LW bandwidth saturation issue on the Sniffer end, this would certainly cut down
LW on the
Title: Re: Re[2]: [sniffer] Sniffer Updates
Automate harassment reminders to those of us not using it. :)
I think I'll go enable gzip tonight
-Original Message-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: Landry William sniffer@SortMonster.com
Sent: Mon Dec 27 12:36:06 2004
Title: Re: Re[2]: [sniffer] Sniffer Updates
Does anyone have any good instructions on how to
modify your update scripts to use gzip?
Jim Matuska Jr.Computer Tech2, CCNANez
Perce TribeInformation Systems[EMAIL PROTECTED]
- Original Message -
From:
Tom Baker |
Netsmith Inc
Hi,
The one thing I have not seen mentioned is the ability to do CONDITIONAL
downloads - which is crucial for timed downloads when most of the time
there may not even BE a more current .SNF file.
Just like your browser, the HTTP Request for your latest .SNF file should
ALWAYS provide the
Title: Re: Re[2]: [sniffer] Sniffer Updates
See http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.htmlfor
some sample scripts.
Bill
-Original Message-From: Jim Matuska
[mailto:[EMAIL PROTECTED]Sent: Monday, December 27, 2004 10:51
AMTo:
Curl is an awesome application that we also use for automating downloads.
Wget also supports conditional downloads based on time/date stamp when
using the -N switch. In ether case, please also use the compression support
built into each application, the sniffer rulebase files can be compressed
On Monday, December 27, 2004, 1:51:11 PM, Jim wrote:
JM Does anyone have any good instructions on how to modify your update
scripts to use gzip?
This is a good place to start:
http://www.sortmonster.com/MessageSniffer/Help/gzip.html
_M
This E-Mail came from the Message Sniffer mailing
Title: Re: Re[2]: [sniffer] Sniffer Updates
I made this one, which is probably also somewhere on the
sniffer site. Change directories and keys for your use:
d:
cd\Batch Files\Sniffer
wget http://sniffer:[EMAIL PROTECTED]/Sniffer/Updates/key.snf -O key.snf.gz --timestamping
Pete,
With all due respect - I think the download problem is self-inflicted,
because your web site is providing unsuitable examples to your customers!
Even with moderate bandwidth, your server would be able to handle tens of
thousands of hits a day. Checking if an updated file exists should
What am I missing in this thread?
I use an Imail program alias that
automatically runs a download script when I am notified by [EMAIL PROTECTED] when a new
rule base is available; therefore only a validation needs to be preformed.
I took this procedure from this list, so I know it
I agree entirely. If bandwidth has become an issue, it would be
resolved with a focus on producing very tight and easily customizable
scripts (a variables section in the top of the scripts). I believe that
going the VBScript route might be the best way to go, or at least I
believe that more
I agree that something needs to be done about the update scripts that are
inadvertently downloading the full rulebase all the time. I didn't even
know it but we were doing this until I went through our update script again
this morning and found it didn't have the -N option in Wget, so we were
Why do you not use a program alias and only download when you receive
notification that a new rule base is available? If everyone used gzip and
only downloaded when notified the bandwidth could be controlled by
staggering the notifications.
Woody Fussell
Wilbur Smith Associates
-Original
Does anyone have some simple instructions on how to setup to use a program
alias?
I'm using Bill Landry's script, have not had the time to look in to using a
program alias to download upon receipt of notifications.
Thanks,
Brian Gregory
President
Network Innovations Inc.
(913) 780-0494 x104
Brian Gregory wrote:
Does anyone have some simple instructions on how to setup to use a program
alias?
I'm using Bill Landry's script, have not had the time to look in to using a
program alias to download upon receipt of notifications.
I just setup a program alias about 2 weeks ago using this as
On Tuesday, December 28, 2004, 12:49:21 PM, Jim wrote:
JM I agree that something needs to be done about the update scripts that are
JM inadvertently downloading the full rulebase all the time. I didn't even
JM know it but we were doing this until I went through our update script again
JM this
So far it seems to be working, at least it doesn't seem to be downloading
the rulebase yet, I'll have to see if it does later when there is an updated
rulebase. My script uses a copy at the end rather than a move. It's listed
below for reference. Do you see any issues?
wget -N
Update, I just launched my script and it is downloading just fine. In my
case it was as simple as adding the -N option.
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Jim Matuska
Quick question if when you have a sucessful download if abcdef.new is
renamed than what is wget comparing on the next run of the script?
Darrell
Jim Matuska writes:
So far it seems to be working, at least it doesn't seem to be downloading
the rulebase yet, I'll have to see if it does later
While the output file is named .new, it IS comparing the file named in
the URL, in his case fp0o4jye.snf against a file with the same name in the
current directory. The output (-o) option only comes into play IF an
download is actually occurring (after the timestamp condition).
With CURL things
As far as I understand it wget is comparing the date stamp on the file in
the local directory to the date stamp on the file at sortmonster.net, if its
not don't download the file, if it is do download it.
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
Good point... I don't know why I didn't think of that... As soon as I
get in in the morning, I'm gonna change that... That's also one of the
reasons I posted to the list :) I'm always trying to make things harder
for myself ;)
Thanks,
Russ
Landry William wrote:
Russ, why go through all of
rename abcdefg.snf abcdefg.old
rename abcdefg.tst abcdefg.snf
copy /V /Y abcdefg.snf C:\sniffer\abcdefg.snf
:Done
I would use
copy /V /Y abcdefg.snf C:\sniffer\abcdefg.new
Rename C:\sniffer\abcdefg.snf abcdefg.old
Rename C:\sniffer\abcdefg.new abcdefg.snf
C:\sniffer\abcdefg.exe reload
-
rem this script is used to update sniffer rulbase
rem most of this was ibased on / inspired by what other users posted on this
list, I thanks everybody for their inputs
rem it calls wget, fgrep, imail1, gzip, snf2check
rem it checks for new files, and can be used by both alias trigger or
Attached is an updated instructions file to fix some typos and missed
information. I'll send out another update after receiving feedback from
others.
Bill
---
This message and any included attachments are from
Matt, you think too much.
;)
(From one who needs to implement better
scripts, including a triggered script for Sniffer.)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf
Title: Message
Thanks
for all of the suggestions, Matt. See my comments
below:
-Original Message-From: Matt
[mailto:[EMAIL PROTECTED] Sent: Tuesday, December 28, 2004 10:17
PMTo: sniffer@SortMonster.comSubject: Re: [sniffer]
Triggered rulebase update instructionsBill,I
Title: Message
John,
since you have not implemented a trigger program alias yet, would you be willing
to test the setup instructions and provide feedback?
Bill
-Original Message-From:
John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent:
Tuesday, December 28, 2004 10:30 PMTo:
Title: Message
Never mind, I reread your original post
and then checked my server and already had them installed.
Now I just wait for the next update to
occur.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
601 - 700 of 2914 matches
Mail list logo
