To other Declude users with Sniffer:
I currently tag subject lines at 10 and delete at 20. Sniffer results are
scored at 9. No two tests currently result in more than 18 and therefore it
takes three failed tests to delete.
I am considering moving Sniffer to 10. This would tag the subjects
Thanks to everyone (and any to follow later). This has been helpful.
Jonathan, could you give me at least one example of coding Declude for a
particular Sniffer category? I have seen and understand the various Core
Rule Group Result Codes, but am not sure how to separate those out for
: [sniffer] Declude and Sniffer
on 7/20/05 11:06 AM, John Carter wrote:
I have seen and understand the various Core Rule Group Result Codes,
but am not sure how to separate those out for evaluation.
In your global.cfg add lines like the sniffer-scams line below
test name - category
My bad. Trying to multi-task isn't working today. :-)
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Wednesday, July 20, 2005 11:13 AM
To: John Carter
Subject: Re[2]: [sniffer] Declude and Sniffer
On Wednesday, July 20, 2005
Running Imail Declude
Currently the Sniffer update notice comes to my address. I have rule
established that copies the message to my inbox and forwards it on to the
program alias (snifferupdate@) which kicks off the process.
For each notice there is a tmp*.tmp file left in the spool. Is this
: Tuesday, November 15, 2005 1:22 PM
To: John Carter
Subject: Re: [sniffer] Left over tmp*.tmp files in spool
On Tuesday, November 15, 2005, 2:06:41 PM, John wrote:
JC Running Imail Declude
JC Currently the Sniffer update notice comes to my address. I have
JC rule established that copies the message
Agreed, my last report showed pretty slow times. All today were slower now
that I look at them. I normally see up to 1.3M with overall times around
800-900K.
John C
0K .. .. .. .. .. 36.79 KB/s
50K .. .. .. ..
Final\t828931 and Final.*828931 both found 850 entries in my current log
using Baregrep.
John C
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of David Sullivan
Sent: Tuesday, February 07, 2006 6:12 PM
To: sniffer@SortMonster.com
Subject: Re[2]: [sniffer]
I don't get into the sniffer logs like I should, but just noticed this. It
is 2/7/06 6:42 CST here, but my logs show 20060208004243, which would
indicate +6 hours off of Zulu, Greenwich, Coordinated Universal Time, or
whatever we are calling these days. Is that right, sniffer doesn't stamp
local
So, in my terms (simple), this rule only catches msg if the two drug names
are in that order and in all capitals, but not necessarily one immediately
following the other?
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Tuesday,
David
Drop the q/d files back into the \spool\proc directory. Declude will
reprocess them. If you put them in just the \spool, queue manager will send
them out in the next queue run, bypassing Declude.
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
A program like freeware Baregrep (http://www.baremetalsoft.com/baregrep/)
might be helpful to you.
Do you not regularly cycle your logs and submit them?
John C
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kevin Rogers
Sent: Thursday, February 23,
For a couple days I have seen a increase in general spam (lots of male
enhancements), but particularly Nigerian letters.
John C
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Computer House Support
Sent: Tuesday, May 23, 2006 9:35 AM
To: Message
You know we are dealing with some pretty sick puppies when it comes to these
spammers. It would be ironic if one is just doing this to play with our heads.
John C
-- Original Message --
From: Colbeck, Andrew [EMAIL PROTECTED]
Reply-To: Message Sniffer
14 matches
Mail list logo