Thanks for the aid. One last question, you mentioned: In a case where a white rule is present and a black rule is present the white rule will always win So if the White Rule fired 000, it would override a Porn Rule of 54? If so, how are these White Rules entered? Thanks, Keith
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Madscientist
Sent: Wed 3/3/2004 6:01 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [sniffer] Rules Question
At 04:55 PM 3/3/2004, you wrote:
>I am using Declude and have indiv. Sniffer Tests and lets say the
>following gets tripped in an email
>
>SNIFFER-WHTLIST result code 000
>SNIFFER-PORN result code 054
>
>Which would take precedence over the other, as far as which would be the
>final code passed to Declude?
There is some confusion about this.
A zero result from Message Sniffer as seen by Declude could mean that a
white rule has fired, or it could mean that no rules matched at all.
In the first case - where an actual white rule has fired, the Message
Sniffer log will show a "White" entry and the "Final" result will reflect
that white rule. In this case, the white rule takes precedence. Declude
will see a 0 result code.
In the second case - where no rules matched, the Message Sniffer log will
show a "Clean" entry and Declude will see a zero result.
So, from Declude's perspective it will see a zero result in both the
"Clean" and the "White" case. As a result, your SNIFFER-WHTLIST result code
000 test will fire.
In a case where a white rule is present and a black rule is present the
white rule will always win. So, if Sniffer saw both rules match a message
it would return a zero result.
SNIFFER-WHTLIST is a misnomer. It's probably not a good idea to name the
zero result test this way because most of the time a zero result doesn't
mean "White" but instead means "Clean".
If you wish to have the white rules in your rulebase separated out then we
could code those to a 1 result and then you would be able to legitimately
create a SNIFFER-WHTLIST test checking for a result of 1.
I will point out here that this has been tried once or twice and in both
cases the user switched back almost immediately because the results were
confusing.
In Sniffer we use white rules to force a "non result" more than we ever use
them to indicate a true "white" result.
Hope this helps,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
<<winmail.dat>>
