RE: [sniffer] Rule Strength Analysis Window Change.

2004-02-10 Thread Madscientist
I found myself wondering why the message suddenly got through so I did some digging. Turns out the message that got through was sent via 65.32.5.133 which was another Experimental IP rule that had just been pulled. I'm guessing the rule was in place when your previous notes were sent. The

[sniffer] Sniffer, mxguard

2004-02-11 Thread Stephen S Zappardo
I've installed trial versions of both mxguard and sniffer. What happens to a message when it is scored as spam? I still see all of my spam coming through. Thanks, Stephen This E-Mail came from the [EMAIL PROTECTED] mailing list. For information and (un)subscription instructions go to

RE: [sniffer] Autoupdating rule file

2004-02-12 Thread Patrick Rateliff
Title: Message I am working out the details on a Python script that will be triggered by a program alias to update. The script is based on the Python programming (www.python.org) language and hope to be completed with it today. There are a few files located at

RE: [sniffer] Autoupdating rule file

2004-02-12 Thread Michiel Prins
I use WGET, which is available for free on the internet. This is my script: c: cd \MDaemon\Sniffer wget http://sniffer:[EMAIL PROTECTED]/Sniffer/Updates/12345678.snf -O serial.tst if exist 12345678.tst goto Test goto Done :Test snf2check.exe

Re: [sniffer] Autoupdating rule file

2004-02-12 Thread Madscientist
At 10:49 AM 2/12/2004, you wrote: On Feb 12, 2004, at 8:58 AM, Timothy C. Bohen wrote: Anyone willing to send me a script that I can use? Sure, here's mine written in Perl. It knows enough to check the timestamps so it doesn't fetch files when unecessary, keeps a backup copy, and does

[sniffer] Recent hotmail false positives and click atdmt

2004-02-12 Thread Madscientist
Hello folks, Rule 11075 in the gray hosting group has been temporarily suspended. This is one of our strongest rules which has been in place for more than 500 days. Microsoft recently began using this service to post an advertising link at the bottom of all of their messages. We have been

[sniffer] Tanx / Bagle.b

2004-02-17 Thread Madscientist
Hello folks, The new worm Tanx / Bagle.b seems to be spreading quickly. We have added a rule to Sniffer for this and we are currently pushing it out to all rulebases. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation. Chief SortMonster, www.SortMonster.com. Vox

Re: [sniffer] Referrals page.

2004-02-17 Thread David Gregg
Pete, We interface with your product very well. Please consider adding our *mxGuard for IMail* website to your list: http://www.mxguard.com/postmaster Regards, David Gregg dgSoft Internet Services +1.949.584-1514 --- mxGuard for IMail Server based spam and virus protection for under $100

[sniffer] rule idea

2004-02-17 Thread Herb Guenther
At one time we had floated the idea of a rule that would mark any email that was more than 24-48 hrs ahead or behind the actual current time and date as spam. I just got two You've been invited to a blind date messages that were dated last summer. 99.9% of these off date messages are spam,

Re: [sniffer] rule idea

2004-02-17 Thread Matt
Please don't, my Grandmother probably couldn't get through then :) The more solid the basis for the rules, the higher the score I can give to the test. Most spammers nowadays will have a time that is only off by a few hours when they hard code the headers for a zombie attack, however once you

Re: [sniffer] Referrals page.

2004-02-17 Thread Madscientist
Now I understand. Certainly - we will add the referral link. Thanks! _M At 02:56 PM 2/17/2004, you wrote: In that case, I should rephrase my request: In addition to our software product for IMail, we also offer email services to individuals and businesses. http://www.mxguard.com/individual

[sniffer] SLOW False Positive Processing

2004-02-20 Thread Darrell LaRock
_M / Support, This week I have noticed that the processing of our false positives are not occurring as quickly as they previously were. This is the second time this week where I havent had a response to my false positive and had to send a note about it. I sent in a false positive

RE: [sniffer] System status...

2004-02-20 Thread Brian R. Watters
Pete, Sorry to here .. Been there done that .. Never fun .. Hope it goes fast and you get some sleep. Brian R. Watters Senior Director http://www.americanbroadbandservice.com [EMAIL PROTECTED] 866-827-4638 ext. 0205 559-420-0205 direct 559-272-5266 fax This message and any attachment(s)

[sniffer] System Status Update...

2004-02-20 Thread Pete McNeil
Hello folks, The primary database server went online with full data at 2100. Full synchronization and testing was completed by 2300. Spamtraps have been cleared. False submissions have been cleared. Another full compile is underway. Thanks for your patience and your support! _M This E-Mail came

RE: [sniffer] F-Prot and netsky

2004-02-24 Thread Michiel Prins
Mike, No ideas on f-prot, but justsomething we do: Weuse a combination of 2 virusscanners, McAfee (updated automatically with dailydat every day, automatic install of extra.dat emergency datspossible from version 7 and up) and Kaspersky, which I update every hour. Using this combo, we

RE: [sniffer] F-Prot and netsky

2004-02-24 Thread Mike VandeBerg
Thanks for the replies folks, I think I may just stay with F-Prot. But one thing is still confusing me.. Why did some people get a def file on the 18th that caught netsky, but mine didn't. On the 20th, I even went so far as to re-install f-prot which initially installs a July 02 def file, and ran

RE: [sniffer] F-Prot and netsky

2004-02-24 Thread Landry William
Title: Message ClamAV works very well, and is lightening fast when run daemonized (clamd).It's also hard to beat the price! I run is along with F-Prot and McAfee's uvscan, and Clam seems to keep up with the commercial scanners as far as virus updates. Bill -Original

[sniffer] Moving follow up...

2004-03-02 Thread Madscientist
Hello Sniffer Folks. The critical portions of our move have been completed. We had very few outages. We are not expecting any more. False and Spam processing schedules will stabilize over the next day or so. Thanks for your support! _M This E-Mail came from the Message Sniffer mailing list. For

Re: [sniffer] Bagle J others

2004-03-03 Thread Madscientist
At 01:33 PM 3/3/2004, you wrote: On Mar 3, 2004, at 12:44 PM, Madscientist wrote: We have adopted the current policy at least for the short term: 1 ) We block all potentially hazardous extensions including .zip. Can these virus rules be bypassed? We have real virus checking and don't want our

[sniffer] Rules Question

2004-03-03 Thread Keith Johnson
I am using Declude and have indiv. Sniffer Tests and lets say the following gets tripped in an email SNIFFER-WHTLIST result code 000 SNIFFER-PORNresult code 054 Which would take precedence over the other, as far as which would be the final code passed to Declude? Thanks, Keith This

Re: [sniffer] Rules Question

2004-03-03 Thread Madscientist
At 04:55 PM 3/3/2004, you wrote: I am using Declude and have indiv. Sniffer Tests and lets say the following gets tripped in an email SNIFFER-WHTLIST result code 000 SNIFFER-PORNresult code 054 Which would take precedence over the other, as far as which would be the final code passed to

RE: [sniffer] Rules Question

2004-03-03 Thread Keith Johnson
Thanks for the aid. One last question, you mentioned: In a case where a white rule is present and a black rule is present the white rule will always win So if the White Rule fired 000, it would override a Porn Rule of 54? If so, how are these White Rules entered? Thanks, Keith

RE: [sniffer] Rules Question

2004-03-03 Thread Madscientist
White rules are entered either upon request or in response to a false positive report with your permission. In some cases we will enter a white rule based on our own research or in response to a false positive report if we feel a core white rule would be more appropriate. We add core white

[sniffer] updater script for Linux

2004-03-05 Thread Bill Boebel
Has anyone written a good Sniffer updater script for Linux which has the error checking like the one for Windows has? Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] updater script for Linux

2004-03-05 Thread Madscientist
I'm not sure - but I think there are user submitted perl based update scripts on the help page that probably do all of this: http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.html Hope this helps, _M At 11:05 PM 3/5/2004, you wrote: Has anyone written a good Sniffer updater

[sniffer] Config When Using Sniffer With Declude...

2004-03-09 Thread EI8HT LEGS Technical Support
Hello All, I am running Sniffer with Declude and was wanting to get some ideas on how everyone has Declude setup. Currently I just have the basic setup as follows. SNIFFER external nonzero d:\imail\declude\sniffer2_2\winx\snifferprog.exe sniffer auth 10 0 I hold anything with a weight of 10m

[sniffer] Call for beta testers... snfrv2r3b1

2004-03-17 Thread Pete McNeil
Hello folks, I know folks are anxious to get their hands on this version so I'm going to play this beta round a little looser than usual. Version 2-3b1 implements a persistent mode feature for our cellular peer-server technology. Launching a persistent instance of Message Sniffer has the

RE: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-17 Thread Madscientist
I am still working a problem at our hosting facility (a t1 is down) so it will be a while before I can get back to the list, however I wanted to clear this one up to minimize confusion. A persistent server instance uses a dynamic poll timing algorithm to minimize system loads while maximizing

Re: [sniffer] SLM files

2004-03-17 Thread Madscientist
At 03:30 PM 3/17/2004, you wrote: I have Imail 7.07 running on Win2000, with Declude Junkmail I come up with errors scanning .SLM files. Does sniffer use SLM files to process the messages. Attached a snip from my log files Sniffer scans whatever file is passed to it with the expectation that it

RE: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-18 Thread Michiel Prins
Paul, Did you have the persistent sniffer.exe running when this log was generated? Groet, (regards) -- ing. Michiel Prins bsc [EMAIL PROTECTED] SOS Small Office Solutions / Reject / Wannepad 27 - 1066 HW -Amsterdam t.+31(0)20-4082627 -

Re: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-18 Thread Pete McNeil
At 08:08 PM 3/17/2004, you wrote: What is the number after Polled waited: That is the number of milliseconds the persistent server waited to poll the working directory for more jobs. This number will increase each time no jobs are found. When a job is found the persistent server will not wait

[sniffer] Bagle.Q rule added

2004-03-18 Thread Pete McNeil
We have just added a rule for the Bagle.Q worm derived from data at the following link: http://www.auscert.org.au/render.html?it=3957 The rule should be present in your next update. A full rule-base compile is under way. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-18 Thread Matt
Ok, I think I did it. Only took a minute (thanks Bill). Here are some more precise directions, but consider them to be "beta" directions (please correct them if you find a problem): 1) Install the Windows 2000 Resource Kit, or download and install the INSTSRV.exe and SRVANY.exe files in a

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-18 Thread Matt
Pete, Although inconclusive, some screen caps of Task Manager seems to show a dramatic reduction in many of the peaks with the service turned on. It's hard to tell the exact impact due to the virus scanners not always being called, and SKIPIFWEIGHT settings disabling a mountain of custom

Re: [sniffer] High False Positives

2004-03-25 Thread Pete McNeil
There was a bad rule yesterday. It was removed almost immediately but it looks like you missed the update until 1000pm. It takes a while to compile rulebase updates. Since you mention 4pm and 10pm I'm guessing you have your updates scheduled. A better method would be to trigger updates based on

Re: [sniffer] Help

2004-03-25 Thread Matt
Have you tried a reboot? Checked your error logs? Made sure that DNS and all of your E-mail services are running? Is there even a chance that you will be able to receive this message? Matt Richard Farris wrote: I just did an Windows NT update and now I cant get any email...when I turn

[sniffer] log upload trouble

2004-03-25 Thread Glenn \\\\ WCNet
I've been having trouble for the last 24 hrs or maybe a bit more with log uploads failing. The FTP either fails to connect, or it does connect and the upload begins and then fails after a small percentage done. Uploads are scheduled every 6 hours. Yesterday afternoon I tried renaming the log

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
That is possible. I'm still looking for an alternate repeatable cause. _M At 08:43 PM 3/24/2004, you wrote: I see over a 1000 of these ERROR_BAD_MATRIX entries in my Sniffer log file today, as well. Is this due to the ruleset issue from earlier today? Bill -Original Message- From:

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Heimir Eidskrem
I am having the same problem when I download the update and run snf2check H. - Original Message - From: Landry William [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 2:57 PM Subject: RE: [sniffer] Error_Bad_Matrix I run snf2check.exe against every .snf file

Re: [sniffer] Spam storm?

2004-03-25 Thread Sheldon Koehler
This has been a bad week here! A big increase in total email volume, a huge increase in false positives as well as a huge increase in spam getting past our filters. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023

Re: [sniffer] Spam storm?

2004-03-25 Thread Computer House Support
We've found that when we do a manual download, everything works fine. It's the automatic download on the Windows 2000 server that seems to corrupt things. M. Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March

RE: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-25 Thread Pete McNeil
I think the problem is in the file extension. It should not be .com, but rather .cmd. Hope this helps, _M At 12:32 PM 3/25/2004, you wrote: Hi, When I try to run the .com file, I get an error. I have attached the error dialog box and a copy of the .com file (name altered to .co_) that I am

Re: [sniffer] Help

2004-03-25 Thread Pete McNeil
MicroNeil Voice Line: 703-779-4909 _M At 01:30 PM 3/25/2004, you wrote: I got it.I am on to something so I might figure it outif I dont is there a number I can call.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From:

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
I've been looking at that. The problem seems to be related to downloads, not generation. That is, every rulebase that I use locally has been clean throughout this episode. Also, folks who manually download the rulebase seem to be able to correct the problem. I'm not sure yet what is different

RE: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
snf2check.exe will catch a partial download but it will not catch corruption in the middle of the file. _M At 03:57 PM 3/25/2004, you wrote: I run snf2check.exe against every .snf file downloaded. I just checked it again manually, and no errors were reported. I now have almost 3500

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
By 8pm we had done at least 6 that I was part of. _M At 04:32 PM 3/25/2004, you wrote: How many updates have happened today...I have only received 1 today.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil [EMAIL

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Matt
Pete, FYI, I was trying to set up log uploads yesterday night and it took me a while to figure out that the FTP connection was unreliable from my server. Packets were being dropped/munged somewhere. I also noted a much lower hit rate on SNIFFER-PHARMACY yesterday, but no indication of

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
I'm exploring that possibility - though there is nothing in the logs. I've seen some instability on the Sprint T1 though it seems stable now. Sprint made an announcement that they were going to change their routing and that seems to coincide with these new events. Perhaps instability on that

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
At 06:25 PM 3/25/2004, you wrote: We also saw many BAD_MATRIX errors last night. If the problem was 'wget', shouldn't the snf2check utility detect a corrupt file? Also, we did a manual update yesterday afternoon and there were no 'wget' error messages. The problem got corrected sometime between

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
snf2check.exe makes the assumption that if the entire file is there and the head and tail of it can be verified that it must have survived the transfer. Clearly something is happening where that is not the case - something new. One possibility that has been suggested is that we could gzip

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
At 06:51 PM 3/25/2004, you wrote: Looks like a bandwidth issue to me, since even doing the download manually, my connection stalled 5 times before I could complete a successful download. And the download speeds were atrocious, many times in bytes/second rather than even kb/second - and my

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
I'm getting to be pretty sure it's Sprint. After bouncing the router there have been 109 carrier transitions in 3 hours. That's insane. I will be pounding on them. _M At 11:44 PM 3/25/2004, you wrote: Pete, FYI, I was trying to set up log uploads yesterday night and it took me a while to

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
snf2check does a byte length and partial checksum by default. The first and last few kbytes of the file are encrypted in sequence using Mangler. If any single bit of those two segments is missing or altered then the file will fail to authenticate. The only thing missing is a CRC for the middle

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 01:57 AM 3/26/2004, you wrote: I once noticed that transferring data through TCP/IP is NOT error-free, if the connection is very slow. At least not if it is going through Microsoft's software (Windows). Me 2. One possibility that has been suggested is that we could gzip these files. That

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
Thanks for the insight. You're also sharing a maxed out T1 so I'm not sure how to interpret that data - I suppose that 10K isn't awful if 10 other systems are hitting it at once. I have to stop my testing now. I've got Sprint queued up to do some intrusive testing so I have to bring the line

RE: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 03:39 AM 3/26/2004, you wrote: -Original Message- From: Pete McNeil [mailto:[EMAIL PROTECTED] Since we're both up at this insane hour. Would you mind making a test? I've just shut down the Sprint line - so we're running through Savvis exclusively. If I'm right about the connectivity

Re: [sniffer] Spam storm?

2004-03-26 Thread Kirk Mitchell
At 07:42 AM 3/26/04 -0500, Russ Uhte (Lists) wrote: Pete, Just wanted to interject a couple observations. I'm connected to the Internet through a 15Mb frac ds/3 from ATT and a T1 from Sprint. I of course of no way of telling which pipe our automated downloads are coming from. However, I too

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 07:42 AM 3/26/2004, you wrote: Pete, Just wanted to interject a couple observations. I'm connected to the Internet through a 15Mb frac ds/3 from ATT and a T1 from Sprint. I of course of no way of telling which pipe our automated downloads are coming from. However, I too have noticed

RE: [sniffer] Spam storm?

2004-03-26 Thread Peer-to-Peer, LLC
Have you considered isolating this by type of mail server? We run MDaemon and no error_bad_matrix in our log files over the past week. We use wget on Win2000 server over a Verizon network. Just a thought. Paul Roulier -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

Re: [sniffer] Error_Bad_Matrix

2004-03-26 Thread Pete McNeil
At 09:10 AM 3/26/2004, you wrote: On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote: ERROR_BAD_MATRIX is definitely a corrupted rulebase file. A manual download should solve the problem. Should not snf2check.exe detect this? If the sniffer can detect it, it seems that the checker should too.

RE: [sniffer] Spam storm?

2004-03-26 Thread EI8HT LEGS Technical Support
We have also seen some slow downloads here, but we are currently on a 256k connection from CoreComm/Voyager, but we are updating to a full T1 in the next couple of weeks thru someone different. 03/26/04 10:20:37 Fast traceroute sortmonster.com Trace sortmonster.com (216.88.37.62) ... 1

Re: [sniffer] Error_Bad_Matrix

2004-03-26 Thread Pete McNeil
That's one option we're considering. _M At 10:34 AM 3/26/2004, you wrote: Maybe it is time to look at a new snf2check.exe. One that has some checksum ability. Say you download two files not one. One with the rules and the other a checksum file. Just a thought on how to keep corrupt rules from

Re: [sniffer] Spam storm?

2004-03-26 Thread Sheldon Koehler
It's starting to come together now. Wget on windows + errors on the Sprint line since the move = corrupted downloads for folks who end up routing through sprint along the way? Could be. We use Windows 2k, Wget and have our connection at our end from Sprint... Sheldon Sheldon Koehler,

[sniffer] Application popup error smtp32.exe imail1.exe

2004-03-26 Thread Oswaldo Leon
I've been getting the error message below for the past two weeks. I get it for both smtp32.exe and imail1.exe Application popup: smtp32.exe - Application Error : The application failed to initialize properly (0xc142). Click on OK to terminate the application. I did a search on ipswith's

Re: [sniffer] Help

2004-03-26 Thread Pete McNeil
This seems like a rulebase thing. We spoke on the phone. If the problem isn't solved by getting a fresh rulebase then we should go hunting for a rule. Send a note to yourself with sniffer on, then grab the sniffer log entries for the captured message and send them to us at [EMAIL PROTECTED] I'll

Re: [sniffer] Application popup error smtp32.exe imail1.exe

2004-03-26 Thread Pete McNeil
At 02:26 PM 3/26/2004, you wrote: I've been getting the error message below for the past two weeks. I get it for both smtp32.exe and imail1.exe Application popup: smtp32.exe - Application Error : The application failed to initialize properly (0xc142). Click on OK to terminate the application.

[sniffer] Sprint T1 problem - reduced production rate.

2004-03-26 Thread Pete McNeil
Hello folks, We have traced the source of the corrupted rulebase problem to our Sprint T1 line. This line has been shutdown until the problem can be resolved. This has reduced our available bandwidth but should prevent further corrupted downloads. In order to reduce traffic and improve

[sniffer] Sprint T1 - back to normal.

2004-03-26 Thread Pete McNeil
Hello folks, I have just finished work with Sprint Verizon on the T1 and we now have a clean circuit. I have opened it up for traffic and all appears to be back to normal. Please let me know if there are any lingering symptoms. I will restore the second rulebase compiler to active duty

[sniffer] Standard False Positive Response codes.

2004-03-27 Thread Pete McNeil
Hello folks, To facilitate process automation in larger email systems we have developed a coding scheme and a number of standardized response codes for handling false positive submissions. This will allow you to route our responses to your false positive submissions automatically. I have

Re: [sniffer] Help

2004-03-27 Thread Richard Farris
Everything looks good here now...not only was my rulebase corrupted but my upline provider which does some initial spam filtering for me was having trouble with their filter (nothing to do with sniffer)...so I was broken in two places...thanks for all the help.. Richard FarrisEthixs

Re: [sniffer] Help

2004-03-27 Thread Pete McNeil
That's good news. Thanks! _M At 01:12 PM 3/27/2004, you wrote: Everything looks good here now...not only was my rulebase corrupted but my upline provider which does some initial spam filtering for me was having trouble with their filter (nothing to do with sniffer)...so I was broken in two

Re: [sniffer] Test

2004-03-29 Thread Fred
Didn't happen this time, nevermind! Frederic TaraseviciusInternet Information Services, Inc.http://www.i-is.com/810-794-4400mailto:[EMAIL PROTECTED] - Original Message - From: Fred To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:42 PM Subject: [sniffer] Test

Re: [sniffer] Test

2004-03-29 Thread Pete McNeil
:-) At 04:31 PM 3/29/2004, you wrote: Didn't happen this time, nevermind! Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:[EMAIL PROTECTED] - Original Message - From: Fred To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004

RE: [sniffer] Microsoft Entourage Clients

2004-04-05 Thread Nick Marshall
We've noticed that too just today... Nick Marshall Giacom World Networks Ltd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Rateliff Sent: 05 April 2004 16:41 To: [EMAIL PROTECTED] Subject: [sniffer] Microsoft Entourage Clients I have

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Michiel Prins
Hmmm, log file from sniffer shows significant increase in performance (up to 50% faster, see below). However, according to my own logs, the total time that sniffer takes is way longer. During non-persistent operation about 300 ms on top of what sniffer logs, which could be because of loading

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Matt
Pete, I haven't been following this thread closely but latest generation SCSI drives can be below 4 ms seek times as rated by their manufacturers. FYI, I haven't seen any issues with the persistent Sniffer beta run as a resource kit service besides some expected brief delays according to the

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Frederick Samarelli
What is the best and proper way to setup Persistent mode on a windows 2000 computer and run as a service. Fred - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 8:30 PM Subject: RE: [sniffer] Final beta (b2) for snfrv2r3

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Pete McNeil
Sniffer is adaptive. You can turn the persistent instance on and off at will. Simply stop the service - a reboot is not needed. If the persistent instance is turned off then the remaining instances will organize themselves in the usual way. I don't have it running as a service, I started the

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Tom Baker | Netsmith Inc
My findings are that persistent is offering great benefits, havnt tried an excessively harsh test yet, but i'm about to do that. Just ran sniffer in both persistent and non-persistent modes with over 1,000 mesages in the overflow and MaxQueProc at 50. This pegs out my CPU between 90% 100%

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Kirk Mitchell
At 09:11 PM 4/7/04 -0400, Pete McNeil wrote: sniffer.exe stop - will stop the persistent server by sending it a message file. Run 'sniffer.exe stop' at the command line and your persistent instance will exit cleanly on it's own. [ replace sniffer.exe with the name of your executable of course

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Frederick Samarelli
This worked great. Thanks. - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 8:46 PM Subject: Re: [sniffer] Final beta (b2) for snfrv2r3 At 08:36 PM 4/7/2004, you wrote: What is the best and proper way to setup Persistent

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Pete McNeil
Tried the above and got an error message. Tried: sniffer.exe xxauthenticationxx stop and it paused a few seconds and returned to command prompt, so I'm guessing that it stopped. That doesn't sound quite right. In the distribution there are some .CMD files that show examples of the commands:

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Robert Grosshandler
Since you're up, sorry to ask, where's the beta? Didn't save the e-mail. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, April 07, 2004 9:23 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Final beta (b2) for snfrv2r3

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-08 Thread Michiel Prins
Preliminary tests show there's no I/O problem but I'll do some additional benchmarking here and get back to you on this. Groet, (regards) -- ing. Michiel Prins bsc [EMAIL PROTECTED] SOSSmallOffice Solutions /Reject / Wannepad 27 - 1066 HW -

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-08 Thread Kirk Mitchell
At 05:42 AM 4/8/04 -0400, Pete McNeil wrote: http://www.keyconn.net/misc/sniffer.htm I'll bet you are using b1 - this first 2-3beta does not implement the command interface. Yes, I had b1 in use, trying b2 now. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect

[sniffer] Log file in GMT?

2004-04-09 Thread Michiel Prins
Pete, My Sniffer log file logs times which are two hours early. I supspect that it's because Amsterdam is in GMT+2. Why does sniffer not log local time? Groet, (regards) -- ing. Michiel Prins bsc [EMAIL PROTECTED] SOS Small Office Solutions / Reject /

Re: [sniffer] Log file in GMT?

2004-04-09 Thread Pete McNeil
Sniffer logs times in GMT so that all events can be easily coordinated. This will become increasingly important as we roll out collaborative AI features in the coming months. Thanks, _M At 04:37 AM 4/9/2004, you wrote: Pete, My Sniffer log file logs times which are two hours early. I supspect

[sniffer] log file growing

2004-04-09 Thread andyb
HI, My log file used to write to a new file everyday, now it is writing to the same file... I didn't change anything, how do I fix it? Thanks, andy This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to

Re: [sniffer] log file growing

2004-04-09 Thread Pete McNeil
At 12:18 PM 4/9/2004, you wrote: HI, My log file used to write to a new file everyday, now it is writing to the same file... I didn't change anything, how do I fix it? This is confusing. Message Sniffer has always written to a single log file that does not change. External utilities could be

Re: [sniffer] log file growing

2004-04-10 Thread Pete McNeil
H, If we were triggering it - then that would have been our update notification message. If that's stopped working then you might want to look at your rulebase to see that it's up to date... What you're looking for is a program alias that launches your update script. That's the best place

Re: [sniffer] log file growing

2004-04-12 Thread Pete McNeil
Usually the log rotation is handled in a different .cmd. I guess it could have been cobbled together but I don't recall doing it. You can get the starter scripts here: http://www.sortmonster.net/Sniffer/Updates/WindowsTools.zip ftp://ftp.sortmonster.net/Sniffer/Updates/WindowsTools.zip A

[sniffer] OT: Call for beta testers

2004-04-12 Thread Sanford Whiteman
All, MailMage is seeking beta testers for our latest utility, MilterSink. MilterSink is a highly configurable DLL event sink for Microsoft's IIS SMTP service (a.k.a. MS SMTP) allowing for the integration of command-line content scanners. Originally designed to wrap our SPAMC32

Re: [sniffer] OT: Call for beta testers

2004-04-12 Thread Sanford Whiteman
All, While no one has protested, it's possible that the beta invitation might have looked like a commercial plug to some of you. We initially thought of indicating otherwise outright, but decided that it that might look as if _we_ had protested too much. grin For the record, this

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-13 Thread Michiel Prins
Pete, The speed problem has been found. McAfee Netshield 4.51 was making our server RIDICULOUSLY slow, despite the fact that we tried excluding the Sniffer folder and even disabling the service from the tray-icon. Upgrading to Virusscan Enterprise 7.x fixed our problem and our performance

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-13 Thread Pete McNeil
That's fantastic news... Another mystery bites the dust! _M At 09:56 AM 4/13/2004, you wrote: Pete, The speed problem has been found. McAfee Netshield 4.51 was making our server RIDICULOUSLY slow, despite the fact that we tried excluding the Sniffer folder and even disabling the service from

Re: [sniffer] log file growing

2004-04-13 Thread andyb
Ok, There is a logrotate.cmd that you modified for me. I don't know why it isn't kicking off automatically like it was before, but it isn't. It had been running automatically for months. How do you recommend doing that so that you get the log files when you want them? Thanks, Andy

Re: [sniffer] log file growing

2004-04-13 Thread andyb
It is working, I tested it from the command line. What time of day do you want it run? - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 7:06 PM Subject: Re: [sniffer] log file growing First, give it a test by launching

Re: [sniffer] log file growing

2004-04-14 Thread Pete McNeil
Any time is fine. How about 0100 ET. - I'm pretty sure that spot is mostly empty. _M At 09:17 PM 4/13/2004, you wrote: It is working, I tested it from the command line. What time of day do you want it run? - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent:

Re: [sniffer] Download Problem

2004-04-14 Thread Pete McNeil
We had some major BGP flapping with both Sprint and Savvis. Nobody has gotten to the bottom of it yet and it settled down around 0200. No errors or warnings since then. _M At 10:37 PM 4/13/2004, you wrote: Pete. I am seeing major download problems of the SNF file tonight. Any problems with

[sniffer] logrotate

2004-04-14 Thread Bonno Bloksma
Hi, In the default logrotate.cmd script is a move in stead of a ren command. Is there any special reason for that? As Ren is an internal command and move an external command I would have expected Ren to be used. p.s. Did my comment about an updated AutoSNF.cmd file make it to you Pete? I

  1   2   3   4   5   6   7   8   9   10   >