Goran, I'd be interested in Pete's technical answer, too.
The practical answer is that you should always go with the persistent
instance of Message Sniffer. From reading Pete's previous screeds and
monitoring the list here in the last year and from having my own
troubles, it's pretty clear to me
nd see how my system reacts.
>
> Goran Jovanovic
> Omega Network Solutions
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> > On Behalf Of Colbeck, Andrew
> > Sent: Thursday, February 23, 2006 11:39 AM
> > To: sniffe
Goran,
When you issue a reload you can tell that the new rulebase is being used
because the *.svr file's date and time will change to the current time.
Andrew 8)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
> Sent: Friday, F
Joe,
Are you using MDLP to autotune your weights in
Declude? If so, you can exclude invURIBL and other tests which you don't
want to change, whether because you think the weight is perfect, or because
their randomness doesn't fit MDLP's idea of a weighting
system.
Check out this snippet
Pete,
One of these was EarthLink [207.217.120.227], and one of these was
Google Mail [64.233.166.182].
SpamBag lists the EarthLink address as a source of bogus bounces, and I
posit that this would be the source of the mail to the spamtraps that
would trigger the F001 bot.
I would like to state t
Thanks, Pete!
For what it's worth, the rule 963461 hit 647 times here, and after
putting in the Rule Panic entries, stopping and starting my persistent
sniffer, and then re-queuing my messages held with this rule hit, 216 of
the messages were still deemed spam and were held by Declude (and maybe
M
> Certainly, submitting samples to spam@ (or preferably your
> local spam submission point polled by our bots) will put
> these messages in front of us if we have not already created
> rules for them.
I've just manually submitted the ~35 messages that my filters triggered
on for phishing that d
It's really from PostDirect.com aka YesMail.com ...
You can tell that it's authorized because the reverse DNS which ends in
PayPal.com (ok, that does set off alarm bells when it's someone else's
netblock) matches the forward lookup of the resulting address at PayPal.
Therefore, PayPal is delibera
> customer, they could easily set rDNS to whatever they wanted.
> Aol.com, paypal.com, ebay.com, chase.com ...
>
> -Jay
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
> Sent: Wednesday, May
oint are
> the Paypal DNS servers queried?
>
> John T
> eServices For You
>
> "Seek, and ye shall find!"
>
>
> > -Original Message-
> > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
> > Behalf
> Of
> > Colbeck,
David,
Are you using the free version of sniffer? Or did you deliberately change your
.exe name in your posting to sniffer.exe to hide your licence number?
I certainly expect that the rulebase lag with the free version will result in
lower Message Sniffer hit rates.
I've seen the free version
I use just shy of 60 DNS based tests against the sender, both IP4R and
RHSBL.
Perhaps 10-12 matter.
Due to false positives, I rate most of them relatively low and have
built up their weights as a balancing act. That act is greatly assisted
by using a weighting system and not "reject on first hit
> So no one has any idea what
the purpose of these emails
are?
The bad guys aren't telling. The good guys have lots
of theories, such as:
http://isc.sans.org/diary.php?storyid=1384
and also:
http://www.f-secure.com/weblog/archives/archive-062006.html#0894
which
in turn points
Both of which are reasonable, particularly given the recent
Blue Security debacle that showed that it was possible for the spammers as well
as the spammees to coordinate their information. It might be in a
spammer's best interest to pursue either of your
suggestions.
However, I still thin
Right... quotes are no good. That came to light in
the context of passing long file names (with spaces); the 8.3 format would be
preferred.
I've designed my folder structure such that none of the
folders had spaces in them; that just happened to be the way it turned
out and I'm glad I stu
(sniff) Aw, cut it out, Matt.
You're making me all weepy.
p.s. Pete, that's pretty darned
amazing!
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of MattSent:
Wednesday, June 07, 2006 3:58 PMTo: Message Sniffer
CommunitySubject: Re: [sniffer]Re[2]: [
Ditto.
I advise people to use Insert, Item. Far easier than explaining how to
drag and drop (or tie shoelaces).
I've noticed that whether the headers survive when they are sent to
another Exchange+Outlook company are a crap shoot.
Generally speaking, if the message is handled by Outlook, it's n
It was broken code in the latest Bagel/Beagle:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.fc.ht
ml
Andrew 8)
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe,
Pete, I plan to use it or something similar in non-production once I set
up a new test system.
A quick test with a batch file worked fine.
Although I'm no programmer, I have reviewed the source and saw no
obvious logical problems or coding flaws.
Rigorous testing on the command line showed that
That's good news, Bill.
Can I be the first to point out that in your example, you're still
calling ShowMe.exe and not WeightGate.exe so you will be appending to
c:\ShowMe.log with every call?
And for those new to the party, I'll explain that what Bill is doing
with his modified configuration is t
Harry, there is a "standard" script that Bill Landry shepherded into
being. Check out the info at the Message Sniffer Wiki here:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetai
ls.AutoUpdates
The description of what a good download script should do is there, plus
a zip f
FWIW I take the belt and suspenders
approach.
The rulebase notification by email does trigger a Message
Sniffer update script on my system, but I don't rely on it solely. In
addition, I also use an "at" schedule every four hours.
As in Markus' (and Bill's) sample, I use the -N parameter
The last thing before I leave for the weekend...
I finally got around to updating my download/upload script so that I can
upload compressed logs.
In the course of doing that, I found that my upgraded version of wget
has changed its behaviour; as of the 1.10.x series, if you specify -O to
specify
Would that be the "Laugh" in the subject line pharmaceutical spam
campaign?
That was mentioned by Dave Doherty on the Declude.JunkMail mailing list,
and when I checked my logs I found many hundreds with clear variations
on the keywords in the text, e.g. there is a joke about lawyers and they
are u
Column 7 is the one that contains the rule that was hit. In this case,
it was 1100444.
Column 8 is the one that contains the group. In this case, it was 60
"Ungrouped Black Rules" (Sniffer General).
Andrew 8)
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL P
I'm attaching an old message to this list which may come in
handy. It's from my perspective, which is using Declude and IMail, with
the spam messages in d:\imail\spool\spam and needing to be moved to
d:\imail\spool to be re-scanned. Now that I use a newer version of
Declude, my paths are d
I had a similar problem with Hotmail once upon a time; the
details were different, but the remedy was the same.
I run a caching DNS server on my outbound DNS host, so I
simply added a DNS zone for Yahoo.com on it, and populated only enough
MX record information so that I could reliably get
That's good news, Pete.
And with the WeightGate executable and source thrown in at no extra
charge!
Andrew 8)
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
> Sent: Monday, October 23, 2006 9:26 AM
> To: Message Sniffer Com
For another organization's graph of spam trends as received by them,
check out the updated graphs at TQM cubed:
http://tqmcube.com/tide.php
Their graph shows a sharp uptick at the end of June 2006.
Andrew 8)
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROT
I like your new sig, John.
How's this for an addendum?
"Experience is that which you acquire, just after you
needed it."
Andrew 8)
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Thursday, October 26, 2006 8:13 AMTo:
Message
This diary entry over at the Internet Storm Center points to an
increased volume of traffic from probable zombies, and they posit that
the increase in this traffic would coincide with the spam increase that
people are seeing.
http://isc.sans.org/diary.php?storyid=1828
Their graph shows a sharp ra
> If you don't mind, does WeightGate add any noticeable
> CPU cycles to run on top of running Sniffer? Thanks for the aid.
On a 100,000 emails per day on a 2.8 GHz Xeon, no, it doesn't.
Andrew 8)
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On
Serge, what return value are you using for this snifferwhitelist?
The official and current list of return codes is here:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetai
ls.ResultCodes
If you're using "0", then don't do that, because zero is also used for
"no result". Ac
Harry, you change your email notifications by sending an email to the
support@ address and requesting it.
The Wiki has documentation for setting up the automatic download based
on these notifications here, for Ipswitch IMail:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDeta
Postini posts some statistics here, but their conclusions can lag by
months:
http://www.postini.com/stats/index.php
"global spam traffic" is a big concept... Postini did however process
over 650 million messages in the last 24 hours.
Andrew.
> -Original Message-
> From: Message Sniffer
> Would it be a good idea in a future version to delete files
> that are older than a certain date automatically?
I disagree.
Having MessageSniffer delete the old files would hide the problem. With
the messages left behind, you have a valuable symptom that something is
wrong with your infrastru
... Not in my neck of the network.
Andrew.
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Computer House Support
> Sent: Monday, March 19, 2007 3:19 PM
> To: Message Sniffer Community
> Subject: [sniffer] Re: SPAM Storm?
>
> Is it me,
Thanks for the heads up, Pete.
I use MessageSniffer as part of a weighting system with Declude.
I had 69 total hits on Monday and Tuesday for these two rule IDs.
Of those I had:
27 being Deleted as very spammy
4 being Passed as very hammy
31 total not held
Of the 38 that were held,
My last upload averaged a lame 6 KB/s.
My last download varied widely in the speed obtained:
0K .. .. .. .. .. 17.85
KB/s
50K .. .. .. .. ..9.58
KB/s
100K .. .. .. .. ...
Thanks for the update, Pete.
Over on the Declude JunkMail support mailing list, it's like déjà vu all over
again.
Andrew 8)
p.s. For the many of us here that don't subscribe to that list... The small
number of recently active messages have been re-queued to the list several
times.
> -
Hey, Pete!
Here's Steve Linford's posting about the most-recent Denial of Service
against SpamHaus:
http://groups.google.ch/group/news.admin.net-abuse.email/msg/28d49877cc8
dbc2d
Meanwhile, the SARE and URIBL seem to be responsive now while suffering
under the same campaign, but their website
See this article at the Internet Storm Center:
http://isc.sans.org/diary.html?storyid=3012
Pump and dump scams now in PDF
Published: 2007-06-20,
Last Updated: 2007-06-20 21:33:39 UTC
by Maarten Van Horenbeeck (Version: 1)
Apparently the groups behind what we know as pump and dump spam have
foun
Thanks for reporting this, Pete!
My numbers were more extreme than Pi-Web's.
That bad rule triggered on 18,023 messages yesterday.
Due to the rest of my spam software, two-thirds were either passed (as
presumed ham) or deleted (as very spammy).
So the one-third that was held, I re-scanned toda
Pete, one of the questions I had right away when I looked at the
documentation accompanying the software package was about the
communication channel.
The documentation clearly pointed out that ports 25 is the default and
that 80 is selectable, but didn't go further. I just answered my own
question
The Ugly value returned by the beta Message Sniffer you're using with
the "Good, Bad and Ugly" database has a result code of 40, and this code
is missing from your list.
(The White value overlaps with result code 0, which internally to
Message Sniffer will mask any other "spam" result code on you
For what it's worth, it is working for my two licences.
I received email update notifications at:
90 minutes ago
3 18 minutes ago
4 38 minutes ago
6 hours 13 minutes ago
Andrew 8)
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Frederi
It appears that both the "reload" and the "rotate" options in the
sniffer executable are still accepted by SNFClient.exe but are
deprecated, as neither parameter appears in the help or in the
contextual help when SNFClient.exe is run without parameters.
Andrew.
_
Thanks for the response, Pete!
I was using both parameters in my scheduled pattern download script,
which would tell Sniffer that there was a new pattern, and would rotate
the logs before uploading them back to you.
With the new (beta) version, both extras have become redundant, so I've
removed
Paul, since you're working in a Windows world, check out Alligate from
alligate.com as a Windows platform based email gateway.
I've put Alligate in front of my Declude setup and it drastically
reduced the number of emails I had scan for content and sender in
Declude, and gained back a lot of disk
I've never used it, Pete.
My first reaction was... don't go to a third party (XYNTService, SrvAny,
FireDaemon) just make the executable a full fledged Windows Service.
I do realize that you'd be reluctant to do that given the additional
complexity of the code, none of which is portable to the *ni
pong ...
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of John T
Sent: Monday, May 26, 2008 9:08 AM
To: Message Sniffer Community
Subject: [sniffer] Test
Ping
Testing as I have not received any list messages for a while.
John T
eService
... and it also means that OCR based spam filtering is succesful enough
for the spammers to adopt CAPTCHA-style text-obfuscation-in-images as an
evasion method.
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Wednesday
Pete, if we have a significant number of hits, they'll be from all kinds
of IP sources.
Should we dump the GBUdb? If so, how?
The documentation is perfectly clear on how to tweak an IP or dump an IP
in the GBUdb, but doesn't mention a wholesale clearing of it.
Andrew.
-Original Message-
Thanks, Pete.
I had very few actual hits; I have lots of lines that indicate the rule
panic in place, but the number of actual hits is quite small.
How I found my hits:
cd /d C:\MessageSniffer
gawk "($6 == \"Final\") && ($7 == 1940812)" *.20080617.log
Andrew.
-Original Message-
Fr
Thanks, Pete.
I had four actual false positives on one server, versus 324 unique hits
for the bad rule.
So yes, I'd say that the autopanic feature worked quite well.
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Tu
Congratulations on shipping, Pete!
Andrew 8)
p.s. Hey, I love the new mascot. Much cuter than the old SortMonster...
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Thursday, June 26, 2008 12:24 PM
To: Message Sniffer Commun
I also have hit this. A single hit, also from AOL.
Andrew.
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Darin Cox
Sent: Friday, July 18, 2008 6:37 AM
To: Message Sniffer Community
Subject: [sniffer] Problem with Sniffer-Porn rule th
m: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Friday, July 18, 2008 8:31 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Problem with Sniffer-Porn rule this morning
I also have hit this. A single hit, also from AOL.
It works for me. Thanks, Pete!
I used the documentation here:
http://www.armresearch.com/support/articles/software/snfServer/config/au
toUpdates.jsp
I wanted a simplified system that more closely reflected what the vendor
ships, so I've stopped using my home-grown wget based script which was
I recently used snfclient.exe to "whitelist" the IP address (actually a
whole /24) of a mailing list manager that my users deem to be
trustworthy.
snfclient.exe -set 64.62.197.53 good - -
You might argue the merits of this IP address, but that's not why I'm
writing...
I deliberately left alon
Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Pete McNeil
Sent: Thursday, April 30, 2009 1:14 PM
To: Message Sniffer Community
Subject: [sniffer] Re: overriding the GBUdb
Colbeck, Andrew wrote:
I recently used snfclient.exe to "whitelist" the IP address
(actuall
Thanks for the heads-up, Pete.
For what it's worth, I had a hit on only one message on each of my
gateways, from different senders.
The "Sniffer General" result code wasn't weighted high enough on my
Declude system to hold either message because they came from senders
with "clean" implementations
Checking my logs, I see two failures with subsequent retries which were
successful after 10 minutes and 13 minutes respectively. That's far
better than my previous bespoke script!
Mon 07/06/2009 0:27:45.64 getRulebase.cmd called by SNFServer.exe due
to presence of UpdateReady.txt file
Mon 07/0
Niiice, Pete.
Andrew 8)
-Original Message-
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Pete McNeil
Sent: Wednesday, July 29, 2009 2:51 PM
To: Message Sniffer Community
Subject: [sniffer] SNFMilter released and a few other updates...
Hello Sniffer
The scores over here for the messages that trigger on rule 2654821
today:
spam that hit the rule: 4
... and were porn: 0
ham that was held by my weight system: 5
ham that was allowed by my weight system: 3
subsequent panic log lines: 139
Thanks for the heads up, Darin.
I was able to re-queue
All clear here, Pete.
Thanks for both of the notices,
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Pete McNeil
Sent: Thursday, November 26, 2009 8:45 AM
To: Message Sniffer Community
Subject: [sniffer] Bad rule alert: 2784910
For what it is worth, there are zero hits on my two servers for this
Rule. I looked back through the last 7 days.
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Darin Cox
Sent: Tuesday, April 06, 2010 9:48 AM
To: Message Sniffe
I'm not seeing any spike in inbound connections or accepted message
counts.
Actually, it's lower than Friday's volume and about the same as
Thursday.
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Peer-to-Peer (Support)
Sent: Mo
I looked at the effectiveness of this test and I like what I'm seeing.
The volume isn't high, but it is making a difference in the "edge cases"
that are close to my "hold weight".
In particular, I'm finding that it is triggering on pump and dump DKIM
spam from fresh netblocks that would otherwise
reasonable, that the text could look like this:
"GBUdb Cloud Truncate c > 0.2, p > 0.9 for [205.188.84.131]"
I'll send the whole header to support@ in case you are interested in
this particular IP.
Andrew.
-Original Message-
From: Message Sniffer Community [mailt
I have seen one hit, and it looks like a false positive to me. Sent as a
sample to the false@ address.
Thanks for the heads-up, Darin.
Andrew.
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Darin Cox
Sent: Tuesday, August 17,
Pete, now that Microsoft has taken down the Rustock botnet, what's your
telemetry say about spam volumes? Any significant change?
http://blogs.technet.com/b/microsoft_blog/archive/2011/03/18/taking-down
-botnets-microsoft-and-the-rustock-botnet.aspx
http://krebsonsecurity.com/2011/03/rustock-bo
Pete, for
sample on-off='on'
I wrote myself this note...
... Is it still valid? Your sample and my own configuration have:
passthrough=no
On the balance of it, I suspect my own note is wrong, so it would be
nice if you could verify it one way or the other.
Andrew.
-Original Message---
On
Behalf Of Pete McNeil
Sent: Monday, May 09, 2011 3:05 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Change in default settings
On 5/9/2011 4:53 PM, Colbeck, Andrew wrote:
> Pete, for
>
> sample on-off='on'
>
> I wrote myself this note...
>
>
>
&g
Time to thwart a spam run from a fresh IP address: less than 18 minutes.
The first three emails from: 216.223.207.0/25 were allowed past
MessageSniffer but fewer than 18 minutes into the spam run, the content
triggers rule group 60, rule id 4224795.
(It is coupon spam, but probably fake affiliate
Given the attached header text, would this snippet in snf_engine.xml
help me to train GBUdb on the email clients' IP address from this
specific ISP?
I tested by querying:
SNFClient.exe -test 216.218.29.230
And then re-testing the spam, and then querying GBUdb again. The second
test showed that "
ginal Message-
From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On
Behalf Of Colbeck, Andrew
Sent: Monday, October 24, 2011 11:47 AM
To: Message Sniffer Community
Subject: [sniffer] Training GBUdb on the client IP for telus.net
Given the attached header text, would this snipp
Another test, this time to update the X-AOL-IP: header, which in my last
few false-negatives have the standard X-Originating-IP: header ... I
don't know if AOL has deprecated the X-AOL-IP: header or whether it is
used under different client circumstances.
Thanks,
Andrew.
Received: from
sage Sniffer Community
Subject: [sniffer] Re: Training GBUdb on the client IP for telus.net
On 10/24/2011 3:20 PM, Colbeck, Andrew wrote:
>
: Message Sniffer Community
Subject: [sniffer] Re: Training GBUdb on the client IP for aol.com
On 10/24/2011 3:21 PM, Colbeck, Andrew wrote:
>
As far as I know that one still works.
_M
--
Pete McNeil
Chief Scientist
ARM Resea
Message Sniffer Community [mailto:sniffer@sortmonster.com] On
Behalf Of Pete McNeil
Sent: Monday, October 24, 2011 1:01 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Training GBUdb on the client IP for aol.com
On 10/24/2011 3:47 PM, Colbeck, Andrew wrote:
> r='4432448
>From SNFclient.exe.err I saw these errors repeated for every message
processed:
20120107155711, arg1=C:\IMail\spool\proc\work\D016759002.smd : Could Not
Connect!
The srvany.exe was running, but the SNFserver.exe wasn't, or wasn't
healthy. Each SNFclient.exe had to read the .gbx file itself a
My two cents: I saw zero hits for this rule.
I count myself lucky, because we see a lot of purchase order emails and
of course, the fake P.O. scams too.
Andrew.
From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On
Behalf Of Pete McNeil
Sent:
Via the GnuWin32 tools on my Windows server:
C:\MessageSniffer>grep -P "Match\t" munged.2012062?.log | cut -f7 |
usort | uniq -c | usort -k2 -n -r 2>nul | head
2 4991501
8 4991483
8 4991462
8 4991459
8 4991457
8 4991456
8 4991446
6 4991286
3 49
9 5000187
2 5000186
1 5000170
3 4999799
1 4999618
6 4999419
1 4999415
4 4999088
Andrew 8)
-Original Message-
From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On
Behalf Of Colbeck, Andrew
Sent: Thursday, June 21, 2012 9:15 AM
To:
Answer: pretty darn fast for a system that I think is slow anyway
I think my MTA is a busy system, and I know that it's not MessageSniffer
that keeps the server busy. A glance with Task Manager or Process
Explorer shows very little CPU time is spent by MessageSniffer.
I threw some grepping
A modern Xeon dual core, also within VMware:
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 37 Stepping 1, GenuineIntel
The oldest virtualized CPU is:
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 7, GenuineIntel
Both identify as Xeon E5xxx m
Title: Message
A member of my company with an important title complains about
mail being slow, and that her business associates can't reach her. It goes
up the corporate ladder until it peaks and comes much further down to my
level.
The
problem? A single email from a "Golf Channel" partn
If I might butt in ...
If you fire up Task Manager on a windows machine (or your favourite ps tool
elsewhere), and set the View, Update Speed to High, then sort by the name in
reverse, you will see multiple sniffer.exe and one with a PID that doesn't
change. That's your persistent instance.
What
Whups, I missed out an important "NOT" in the second-to-last paragraph.
Corrected version is below:
-Original Message-----
From: Colbeck, Andrew
Sent: Wednesday, October 20, 2004 10:29 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Re[2]: [sniffer] Version 2-3.0i8 published.
Exactly, Michiel.
And Jorge, it may be stating the obvious, but you may well have to check the
tickbox at the bottom of Task Manager to "Show processes from all users". I
said sniffer.exe merely as an example, the actual executable will be [your
licence here].exe or snfrv2r3.exe if you're using t
Well, to play devil's advocate ...
A poor man's way to run IMail and Message Sniffer without Declude could
certainly be done without a massive re-write. I'm not going to claim that
it would be *reliable* or *flexible* but you could certainly mimic what
Declude does and change one registry key to
Title: Message
Bill,
you the man!
I was
just polishing my own script based on comments made by you and Bonno at the end
of the week! My modest efforts are attached as a .txt
file.
A few
comments from my own efforts:
The
wget compress option to save me and Pete some bandwidth isn't w
Andy, I just ran into this. You have to issue:
snfrv2r3.exe rotate
or
snfrv2r3.exe [authcode] rotate
I found that it fails if I didn't have the ".exe" specified.
Andrew 8)
-Original Message-
From: Andy Schmidt [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 31, 2004 6:19 PM
To: [EM
Oh, yeah. I had two problems. The other was that I was running "tail" on
the log file, and it wouldn't rotate, ending with an errorlevel = 63.
Andrew 8)
-Original Message-
From: Andy Schmidt [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 31, 2004 6:19 PM
To: [EMAIL PROTECTED]
Subject:
uncompressed rulebase files are about 14mb, but compress down to just under
4mb before the download. I am use using GNU Wget 1.9.1, so you might try
this version or see if there is an updated version of the wget that you are
using.
Bill
-Original Message-F
e it for a day, you can slow your mail
server down by letting sniffer append new log lines to an ever-growing 800+
MB text file!
Andrew ;)
-Original Message-----
From: Colbeck, Andrew
Sent: Sunday, October 31, 2004 6:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [sniffer] LogRotate no
executable from the download archive.
I think that covers it. Happy to help!
Andrew 8)
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 31, 2004 8:24 PM
To: Colbeck, Andrew
Subject: Re[2]: [sniffer] LogRotate no longer working?
On Sunday, October 31
Somewhere at the beginning of this was, I think, Andy's mention of starting
the executable in persistent mode.
When I was manually playing with that, I also didn't want a COMMAND window
cluttering my desktop. So I used:
start /B LicenseID.exe authcode persistent
and put that in a batch file
Two days for Thanksgiving?!
American turkeys must have much more tryptophan than Canadian turkeys if
you need an extra day to sleep it off.
p.s. More favourite acronyms:
RGE (Resume Generating Event)
TLA (Three Letter Acronym)
Andrew 8)
-Original Message-
From: Pete McNeil [mailto:[EMA
1 - 100 of 158 matches
Mail list logo