Nick:
Here's an example from my global.cfg to test the
very-generous demo setup of
Sniffer:
#
It provides content inspection. See www.sortmonster.com
#Note that the only
value normally returned for our non-registered version is 0=clean and
63=bad
SNIFFER
external
nonzero "D:\MailSniffer\sniffer2.exe
xnk05x5vmipeaof7" 8
0
#Malware & Scumware Greetings - Rules associated with
greeting exe's where you agree to spam for them. Rules associated
#with
dangerous message content or known virii. NOTE: this group is not intended as a
virus scanner!... but it is intended
#to capture those that can be obviously
spotted in order to enhance virus scanning capabilities on some systems... for
example,
#our updates _may_ be faster in some cases provided we hear about a
filterable virus/worm early enough.
SNIFFERMALWARE
external 55
"D:\MailSniffer\sniffer2.exe
xnk05x5vmipeaof7" 99
0
#Grey Hosting - Domains and Tracking links used by bulk hosters
that send legit as well as reported spam content.
#chtah etc... Block first,
white-rule later. We don't go out and hunt these hosters down, rather when a
message is reported
#to us as spam if the links/sources etc... are from a
grey hosting facility then we _may_ create a generalized rule for that
#spam
within this group. Some rules end up in this group after repeated experiences
with them which lead us to the "grey hosting" conclusion.
SNIFFERGREY
external 60
"D:\MailSniffer\sniffer2.exe
xnk05x5vmipeaof7"
3 0
You would of course set the weights to whatever you like. You would also need the appropriate action settings in your global.cfg and/or $default$.junkmail files, e.g:
I got this information from the sortmonster.com support pages, plus, Pete McNeil's previous posts in this forum.
Andrew 8)
-----Original Message-----
From: nick [mailto:[EMAIL PROTECTED]]
Sent: Friday,
January 09, 2004 1:20 PM
To: [EMAIL PROTECTED]
Subject: RE:
Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of
SPAMC32
Pete -
From: "Pete McNeil"
<[EMAIL PROTECTED]>
>One thing you should definitely do
with sniffer is to weight group 60
>lower than the others. Group 60 is the
gray hosting group which will
>cause many false positives if not countered
with appropriate white
>rules. If you make this adjustment you should see
very few false
>positives.
I would if I knew how..; actually I do
not know what "Group 60 " is or better said how I could score differently. Is it
because I am only uing the demo setup?
Note: - I am *very* happy with
Sniffer. Especially since I am only using the demo. Thanks for making it
available!
-Nick
Hayer
>
>_M
>
>---
>[This E-mail was
scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail
mailing list. To
>unsubscribe, just send an E-mail to
[EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail". The
archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This
E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe
Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
