Hi Pete: Thanks for jumping in.
1. >> The SNF engine performs the SNF2CHECK task before it accepts a new rulebase << I'm a little confused - the script replaces the rulebase - without checking. So what happens if the rulebase is bad. By the time the engine "checks" the good one is already rename and the bad one is already called ".snf" if exist %LICENSE_ID%.old del %LICENSE_ID%.old if exist %LICENSE_ID%.snf rename %LICENSE_ID%.snf %LICENSE_ID%.old rename %LICENSE_ID%.new %LICENSE_ID%.snf 2. I assume I can still just update the XML file to move the logfiles, rulebase and workspace to its own subfolders to keep things tidy and for improved maintainability? <log path='[PATH]\declude\scanners\SNF\logs\'/> <rulebase path='[PATH]\declude\scanners\SNF\rulebase\'/> <workspace path='[PATH]\declude\scanners\SNF\work\'/> Best Regards, Andy -----Original Message----- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Friday, March 19, 2010 1:22 PM To: firstname.lastname@example.org Subject: Re: [Declude.Virus] How to disable CommTouch Zerohour (for testing) On 3/19/2010 11:26 AM, Andy Schmidt wrote: > Thanks - downloaded and installed. > > I'll have to take a look at the integrated Sniffer. I got pulled away and > never got back to it. > > I'll have to take a good luck at the rulebase update - on first glace it > seems as if your script is leaving out the crucial SNF2CHECK to make sure > that the downloaded rulebase is valid BEFORE replacing it. So I'll have to > look at it very carefully. > Andy, The script cannot call snf2check for the embedded SNF because that would expose the OEM rulebase. The SNF engine performs the SNF2CHECK task before it accepts a new rulebase so it's ok to leave that out of the update script in OEM integrations of the SNF engine. In fact, the getRulebase.cmd script need not be used at all by an OEM -- they can use their own facility. However in this case I recommended strongly that Declude use a modified getRulebase script so that Declude customers could modify it to perform additional tasks in the way they are used to. Hope this helps, Best, _M --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.