[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

[Daniel Bayerdorffer]

Hi Pete,

Thanks for the update on this situation.

Just so I understand correctly, can we use the packages to install over a 
current installation that was compiled from source?

Thanks,
Daniel

- Original Message -
From: "Pete McNeil" 
To: "Message Sniffer Community" 
Sent: Thursday, December 3, 2015 6:07:11 PM
Subject: [sniffer] ShortMatch Resolved - Update your SNF software to remain 
immune.

Hi Sniffer Folks,

According to our latest data, the Short-Match FP problem has subsided -
most likely due to rule sequestration. We have not seen any significant
events in our detection software since 2100e last evening.

In the mean time we have updated the SNF software to check for
short-match events and treat them as rule-panic events. This renders
them inert so that if this kind of rulebase corruption occurs again the
SNF engine will be immune.

Please update your SNF software to this latest version using the links
below.

NOTE: The Windows installer is in the process of being redesigned and
does not have the latest software. This will take some time. If you are
using SNF on Windows and use(d) the installer then use this procedure to
update your software:

* Stop your SNF service (usually XYNT Service based).
* Copy your SNFServer.exe file to SNFServer.old
* Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or 
SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to
SNFServer.exe to replace your previous SNFServer.exe.
* Start your SNF service.

If you were using the 32 bit version (very likely) then replace it with
the 32 bit version. There really isn't any difference, but just in case
it's simpler to keep things the same. There is no benefit to running the
64 bit version -- It is not faster and is in fact less efficient due to
the use of extra large (64 bit) pointers that aren't necessary ;-) Some
folks really want a 64 bit version, so we have one.

Here are some links to updated versions:

http://www.armresearch.com/message-sniffer/download/updates/SNFServer-windows-7-prox32-3.1.0.exe
http://www.armresearch.com/message-sniffer/download/updates/SNFServer-windows-7-prox64-3.1.0.exe
http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.1.0.tar.gz
http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.1.1.tar.gz
http://www.armresearch.com/message-sniffer/download/updates/SNFMultiSDK_Windows_3.2.zip

And for the really adventurous:

http://www.armresearch.com/message-sniffer/download/packages/

In the packages link you will find all of the latest snapshots and some
old ones from our LabRats. The LabRats compile and test SNF for all of
the different platforms. You will find RPM and DEB packages as well as
tarballs and even the windows stuff that's posted in the updates links
above. Be sure to pick the latest version in all cases.

It will take a bit of time before all of the ordinary links on our web
site are updated with the latest software, so please use the above links
instead if you're going to update right now.

Best,

_M

-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

[Pete McNeil]

On 2015-12-03 21:24, Daniel Bayerdorffer wrote:
> Just so I understand correctly, can we use the packages to install over a 
> current installation that was compiled from source?

Probably not -- the deployment might not be exactly the same.

If you originally compiled from source then your easiest solution will
be to use the tarball and compile from source again. Then you can simply
replace the executable you have with the new one you make -- everything
is compatible and nothing will need to move.

If you use the packages you are essentially starting over. The packages
are deployed differently than the source instructions.

For example, to do the generic postfix integration with SNF Server you
would need to install two packages: the snf-server_ package and then the
snf-server-postfix_ integration package. If you wanted to roll your own
integration you might just install the snf-server_ package and then
build your own scripts and other software on top of that. It's a
different paradigm.

Hope this helps,

_M

-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

[Daniel Bayerdorffer]

Got it! I'll compile from source. Thanks for the detailed description.

- Original Message -
From: "Pete McNeil" <madscient...@armresearch.com>
To: "Message Sniffer Community" <sniffer@sortmonster.com>
Sent: Thursday, December 3, 2015 9:47:57 PM
Subject: [sniffer] Re: ShortMatch Resolved - Update your SNF software to remain 
immune.

On 2015-12-03 21:24, Daniel Bayerdorffer wrote:
> Just so I understand correctly, can we use the packages to install over a 
> current installation that was compiled from source?

Probably not -- the deployment might not be exactly the same.

If you originally compiled from source then your easiest solution will
be to use the tarball and compile from source again. Then you can simply
replace the executable you have with the new one you make -- everything
is compatible and nothing will need to move.

If you use the packages you are essentially starting over. The packages
are deployed differently than the source instructions.

For example, to do the generic postfix integration with SNF Server you
would need to install two packages: the snf-server_ package and then the
snf-server-postfix_ integration package. If you wanted to roll your own
integration you might just install the snf-server_ package and then
build your own scripts and other software on top of that. It's a
different paradigm.

Hope this helps,

_M

-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 


#
This message is sent to you because you are subscribed to
  the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>

#
This message is sent to you because you are subscribed to
  the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>