[MBF]Re: MBF releases new build of Declude 4.12.05

[John Doyle]

This message was originally HTML formatted.  View in a HTML capable client to 
see the original version.\r\n\r\n   David
 I updated declude to 4.12.05 this morning and added the NOHIT test
 It works for the exception of the fact that the weight does not seem to work
 it catches anything not caught by sniffer, but even with a weight lower than 
the set value
 ie:
 I set the weight at 18 and it seems to catch everything
 SNIFFERMOVE             NOHIT         SNIFFERCATCH                WEIGHT       
     18      0      0
 do you see anything wrong with my setup
 thanks
 John

 
 ---- Original Message ----
 From: "David Barker" david.bar...@mailsbestfriend.com
 Sent: 2/24/2014 8:41:58 AM
 To: community@mailsbestfriend.com
 Subject: [MBF]MBF releases new build of Declude 4.12.05

    



New files available from http://mailsbestfriend.com/downloads/ 



4.12.05  FIX - Removed Key check for Declude, no need to hack the Host file. 
Declude no longer requires a key to run. 

4.12.04  ADD - Created new test NOHIT 

4.12.03  ADD - Improved Hijack by monitoring the Authenticated user rather  
than the mailfrom address 



The NOHIT test is used to determine which tests did NOT trigger. The main 
purpose of this implementation was to create a feedback system to Message 
Sniffer ARM research to improve spam catch rates on new spam. The new test 
syntax below and is located in the global.cfg 

  TEST-NAME1             NOHIT          TEST-NAME2     WEIGHT          0       
0 

  TEST-NAME1      Your given name of the test NOHIT          Test Type 
TEST-NAME2     The name of the test you are tracking that did NOT trigger 
WEIGHT         The weight = when you would like this test to trigger 



Example of use (This test will trigger if SNIFFER is NOT triggered for emails 
over 30 points): 



SNF-FEEDBACK           NOHIT          SNIFFER         30      0       0 



Using this test we can identify messages that scored more than 30 points and 
did NOT trigger sniffer. We then use either a COPYTO or ROUTETO Action in the 
$default$.junkmail file to have these messages go to a specific inbox where ARM 
research periodically retrieves these messages and writes new rules to 
distribute to other Message Sniffer users.  



The entry in the $default$.junkmail would be: 



SNF-FEEDBACK   ROUTETO   x...@example.com 



Where xxxx is your license key for Message Sniffer.  Be sure to setup an email 
user with x...@example.com on your server and provide ARM research 
supp...@armresearch.com with the POP account details to access the account to 
retrieve messages. 



I am sure there are other great ways the NOHIT test can be used. Let us know if 
you have some ideas. 

David Barker
 Mails Best Friend 

Email     : david.bar...@mailsbestfriend.com
 Web      : www.mailsbestfriend.com
 Office    : 866.919.2075
 Mobile  : 978.518.6461