On 10/24/2011 3:47 PM, Colbeck, Andrew wrote:
<s u='20111024192740' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
<s u='20111024194111' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
C:\MessageSniffer>SNFClient.exe -test 92.231.217.255
Ok, you're working with a different message here (different IP).
If you turn on GBUdb data logging then it will tell you what IP it
beleived to be the source.
http://www.armresearch.com/support/articles/software/snfServer/config/node/logs/scan/xml.jsp
http://www.armresearch.com/support/articles/software/snfServer/logFiles/activityLogs.jsp#XML
example like:
<s u='20070508012348' m='/spool/msg0123456789.msg' code='69'
error='ERROR_MSG_FILE'/>
<s u='20070508012349' m='/spool/msg1123456789.msg' s='48' r='1234567'>
<m s='48' r='1234567' i='2394' e='2409' f='m'/>
<m s='48' r='2234567' i='2501' e='2515' f='m'/>
<m s='48' r='1234567' i='2394' e='2409' f='f'/>
<p s='10' t='8' l='3294' d='84'/>
<g o='1' i='101.201.31.04' t='u' c='0.12345' p='0.3342983' r='Caution'/>
</s>
Hope this helps,
_M
--
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044
x7010
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
