Happy New Year:
Can you elaborate on the Sniffer implementation please? a) Is the annual cost of Sniffer now included with Declude? b) If we have no "custom" rule-base, there would be no reason not to use the Declude rule-base? c) What's the technical implementation of the SNF and SNFIP directives? In the past, this was a "command line" launch of the Sniffer.exe from Declude. Have you implemented this as a call to their API DLL directly from within Declude? If so, one would expect better performance and reliability - making it another reason to switch? d) Can we use the new SNF and SNFIP directives - but still use our own rulebase, if we chose too? Can you elaborate on IPNOSCAN please? Finally, POSTINIFIX is a poor name for that directive, since it has absolutely nothing to do with Postini - the problem has existed for a long time. I think in November we had all determined that the problem was an age-old problem with Declude correctly parsing valid (standards compliant) Received headers that contain more than one IP address. According to the standard it seems perfectly VALID for a single RECEIVED header to contain TWO IP addresses, one in the FROM clause and one in the BY clause? Obviously, Declude would need to inspect the IP address in the "FROM" clause and ignore any IP addresses that it encounters in/after the "BY" clause? I think retiring the "postinifix" name and picking a more general directive name 'RcvHdrFix' would avoid that people leave this turned off just because they are not using Postini. Best Regards, Andy From: [email protected] [mailto:[email protected]] On Behalf Of David Barker Sent: Monday, January 04, 2010 9:54 AM To: [email protected]; [email protected]; [email protected] Subject: [Declude.JunkMail] Release 4.10.42 Declude 4.10.42 JM ADD Add IMail support for SQL Database. Declude can check the SQL DB for Autowhitelist JM ADD IPNOSCAN for IMail JM ADD Add a new directive POSTINIFIX uses either ON or OFF in the declude.cfg file. Postini is a large managed email service which amends the header structure. The Postini fix helps Declude correctly identify Postini headers. To configure use POSTINIFIX ON JM ADD Add the Recipient, mailfrom and subject information to the blklst.txt file. The format blklst.txt file is Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa iled JM ADD IPBYPASS can be configured with CIDR JM ADD New Header directive XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email. JM ADD Integrated Message Sniffer with Declude. Will use Declude rulebase. (If you are a current Message Sniffer user this does not apply to you unless you want to switch and use the Declude rulebase) To configure the SNF files need to be edit by the user, where the [PATH] needs to be the actual path on your server. getRulebase.cmd SET SNIFFER_PATH=[PATH]\declude\scanners\SNF\ Snf_engine.xml file <log path='[PATH]\declude\scanners\SNF\'/> <rulebase path='[PATH]\declude\scanners\SNF\'/> <workspace path='[PATH]\declude\scanners\SNF\'/> <update-script on-off='on' call='[PATH]\declude\scanners\SNF\getRulebase.cmd' guard-time='180'/> Global.cfg SNFIPCAUTION SNFIP x 4 5 0 SNFIPBLACK SNFIP x 5 10 0 SNFIPTRUNCATE SNFIP x 6 10 0 IPREPUTATION SNFIP x 5 10 -5 SNIFFER-TRAVEL SNF x 47 10 0 SNIFFER-INSURANCE SNF x 48 10 0 SNIFFER-AV-PUSH SNF x 49 10 0 SNIFFER-WAREZ SNF x 50 10 0 SNIFFER-SPAMWARE SNF x 51 10 0 SNIFFER-SNAKEOIL SNF x 52 12 0 SNIFFER-SCAMS SNF x 53 10 0 SNIFFER-PORN SNF x 54 10 0 SNIFFER-MALWARE SNF x 55 10 0 SNIFFER-ADVERTISING SNF x 56 10 0 SNIFFER-SCHEME SNF x 57 10 0 SNIFFER-CREDIT SNF x 58 10 0 SNIFFER-GAMBLING SNF x 59 10 0 SNIFFER-GENERAL SNF x 60 10 0 SNIFFER-SPAM SNF x 61 10 0 SNIFFER-OBFUSCATION SNF x 62 10 0 SNIFFER-IP-RULES SNF x 63 10 0 SNFTRUNCATE SNF x 20 10 0 EVA FIX Fix for Virus test not catching the eicar test due to e-mail formatting HJ ADD Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the included HijackNotify.eml into the \Declude directory. The email can be modified. DEC ADD Added variable %AUTH% to show the authenticated sender of the email David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:[email protected]> [email protected] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
