On Thursday, October 28, 2004, 7:55:09 PM, Sanford wrote: >> Picture if you will an MTA with Message Sniffer installed where an >> archive is generated automatically using a compressed format.
SW> The compression part is one thing I'm not too clear on, and. . . >> that is, the matching message as an attachment to a report message >> that describes the original envelope and the list of matching >> patterns. SW> . . . I don't think e-mail is the right transport, since the results SW> can run in the gigabytes, but. . . >> Might this be a useful product do you think? SW> . . . yes! Interresting - let me clarify. I am working on a mechanism that would store held spam in a single file with a companion index file. One of these per day. Each message is packaged with it's envelope (in IMail D + Q file), compressed with gzip (or equiv) and appended to the file with an index to the ID. This will allow Message Sniffer to retrieve and deliver the message whenever it is called for. Since each message is compressed before storage and there is only one file per day the archival task for holding spam won't overwhelm most file systems. Step back for a moment and consider flipping a switch so that all messages are archived and marked. Under normal conditions held spam would be retrieved and sent to the requesting user. Under SOX conditions an alternate utility is used that searches for the appropriate keywords at "sniffer speeds" through all appropriate archives in the library. When a match is found, the message is attached to a report message and delivered to the requested mailbox. Email going to email boxes, one message per message so that they can be reviewed in the same way email might normally be reviewed (threading, chronology, From/To, etc -- all the stuff usually found in email clients). Of course, the messages could just as easily be decompressed and stored in an XML file suitable for import to a database of choice - but I digress. Point is, an existing mechanism can be extended to satisfy multiple needs. For example, SOX is not the only reason a company might want to dig into it's email archive --- there are lots of reasons both good and bad. I like the idea. I will extend the spec to accommodate hooks for the new features. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
