SNIFFER external nonzero "sniffer.exe authcode" 1 0
SNIFFER-SCAMS external 053 "sniffer.exe authcode" 2 0 SNIFFER-PORN external 054 "sniffer.exe authcode" 2 0 SNIFFER-MALWARE external 055 "sniffer.exe authcode" 3 0 SNIFFER-OBFUSC external 062 "sniffer.exe authcode" 2 0
Actually, this should work fine. Declude JunkMail checks to see that the command line is the same (the "sniffer.exe authcode", which is the same in all the above lines), and if so, it only runs the test if it has not yet been run (or if it has, it uses the exit code from when it was run). Declude JunkMail then handles the weights.
So in this case, if Message Sniffer returned an exit code of anything except 0, the SNIFFER test would be triggered. If it returned 53, both the SNIFFER test and the SNIFFER-SCAMS test would be triggered.
It should work in the same way as having multiple ip4r tests, one of which looks for "*" and others which look for specific return IPs.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---- This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
