I think this classification really just gives the admin the control over how strict it is instead of it just being a less reliable test that is scored lower. Naturally, that may not matter in a particular setup, but it matters in mine because this is a lot of the stuff that I am trying to pass.
Matt
Colbeck, Andrew wrote:
Nick:
Here's an example from my global.cfg to test the very-generous demo setup of Sniffer:
# It provides content inspection. See www.sortmonster.com
#Note that the only value normally returned for our non-registered version is 0=clean and 63=bad
SNIFFER external nonzero "D:\MailSniffer\sniffer2.exe xnk05x5vmipeaof7" 8 0
#Malware & Scumware Greetings - Rules associated with greeting exe's where you agree to spam for them. Rules associated
#with dangerous message content or known virii. NOTE: this group is not intended as a virus scanner!... but it is intended
#to capture those that can be obviously spotted in order to enhance virus scanning capabilities on some systems... for example,
#our updates _may_ be faster in some cases provided we hear about a filterable virus/worm early enough.
SNIFFERMALWARE external 55 "D:\MailSniffer\sniffer2.exe xnk05x5vmipeaof7" 99 0
#Grey Hosting - Domains and Tracking links used by bulk hosters that send legit as well as reported spam content.
#chtah etc... Block first, white-rule later. We don't go out and hunt these hosters down, rather when a message is reported
#to us as spam if the links/sources etc... are from a grey hosting facility then we _may_ create a generalized rule for that
#spam within this group. Some rules end up in this group after repeated experiences with them which lead us to the "grey hosting" conclusion. SNIFFERGREY external 60 "D:\MailSniffer\sniffer2.exe xnk05x5vmipeaof7" 3 0
You would of course set the weights to whatever you like. You would also need the appropriate action settings in your global.cfg and/or $default$.junkmail files, e.g:
SNIFFER WARN
SNIFFERMALWARE WARN
SNIFFERGREY WARN
I got this information from the sortmonster.com support pages, plus, Pete McNeil's previous posts in this forum.
Andrew 8)
-----Original Message-----
From: nick [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 1:20 PM
To: [EMAIL PROTECTED]
Subject: RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32
Pete -
From: "Pete McNeil" <[EMAIL PROTECTED]> >One thing you should definitely do with sniffer is to weight group 60 >lower than the others. Group 60 is the gray hosting group which will >cause many false positives if not countered with appropriate white >rules. If you make this adjustment you should see very few false >positives.
I would if I knew how..; actually I do not know what "Group 60 " is or better said how I could score differently. Is it because I am only uing the demo setup?
Note: - I am *very* happy with Sniffer. Especially since I am only using the demo. Thanks for making it available!
-Nick Hayer
>
>_M
>
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list. To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail". The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
