[sniffer] Re: ANN: Availability of 5xxSink 0.5.00, IIS SMTP event sink for text-file recipient validation
> And thank you Sandy, No prob. Post any Qs. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Snf2check.exe on FreeBSD
Hello Dan, Monday, June 19, 2006, 5:30:15 PM, you wrote: > I'm using sniffer on FreeBSD, plugging into Spamassassin. I am trying > to write a good autoupdate cron script that works as well on my FreeBSD > box as did the one I used to have on my Imail box. I can download the > Sniffer DB, but I can't use snf2check.exe in my cron script. When I > manually run the script logged in as root, and it gets to the line: > /var/spool/snfilter/snf2check.exe /var/spool/snfilter/filename.snf > authcodexxx > The file checks out OK, however when it runs from cron (as root) it > always gets ERROR RULE AUTH. Does anyone have an autoupdate script that > is meant to run on a *nix-type system? Or does anyone know a solution > to my problem? There is no reason I can think of for this not to work except perhaps for a permissions problem. Error rule auth would generally indicate that the file was corrupt, or that the authentication string is incorrect. All update scripts should use snf2check.exe before pressing the new rulebase file into production or else you may cripple your scanner with a bad file. (the SNF scanner does a less comprehensive check to maintain speed). All that said, on this page you can find PerlAutoUpdates and a few others which might help: http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.SubmittedScripts Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Update pacing...
Hello Harry, Monday, June 19, 2006, 4:47:14 PM, you wrote: > My script does not check for update first. Is there a sample that does do > that that you can point me to? This page describes automated updates and lists several scripts. http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.AutoUpdates The one I recommend most for Winx based systems is ImailSnifferUpdateTools.zip Don't let the name fool you - if you are NOT using IMail the scripts are still great --- you will only need to find another way to call them if your system does not provide a "program alias" functionality. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Snf2check.exe on FreeBSD
I'm using sniffer on FreeBSD, plugging into Spamassassin. I am trying to write a good autoupdate cron script that works as well on my FreeBSD box as did the one I used to have on my Imail box. I can download the Sniffer DB, but I can't use snf2check.exe in my cron script. When I manually run the script logged in as root, and it gets to the line: /var/spool/snfilter/snf2check.exe /var/spool/snfilter/filename.snf authcodexxx The file checks out OK, however when it runs from cron (as root) it always gets ERROR RULE AUTH. Does anyone have an autoupdate script that is meant to run on a *nix-type system? Or does anyone know a solution to my problem? Thanks, Dan Horne CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Update pacing...
Harry, there is a "standard" script that Bill Landry shepherded into being. Check out the info at the Message Sniffer Wiki here: http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetai ls.AutoUpdates The description of what a good download script should do is there, plus a zip file with an IMail orientation. Andrew 8) > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand > Sent: Monday, June 19, 2006 1:47 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Update pacing... > > My script does not check for update first. Is there a sample > that does do that that you can point me to? > > Thank you > > Harry Vanderzand > inTown Internet & Computer Services > 519-741-1222 > > > > > > -Original Message- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > > Sent: Monday, June 19, 2006 4:15 PM > > To: Message Sniffer Community > > Subject: [sniffer] Update pacing... > > > > Hello Message, > > > > We have just reduced our rulebase update pacing from 150 > minutes to > > 120 minutes. > > > > This means rulebase updates will now arrive 20% faster. > > > > If you are using a scheduled task to retrieve your updates, please > > adjust your timing appropriately. (about every 60 minutes > should be > > reasonable provided your script checks for an updated file before > > performing the download). > > > > If you are triggering your updates based on the arrival of our > > update notification messages then you need not take any additional > > action - the change will be automatic. > > > > Thanks, > > > > _M > > > > -- > > Pete McNeil > > Chief Scientist, > > Arm Research Labs, LLC. > > > > > > # > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to > > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch > > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > > administrative queries to <[EMAIL PROTECTED]> > > > > > > > > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> To switch to the INDEX mode, > E-mail to <[EMAIL PROTECTED]> Send administrative > queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Update pacing...
My script does not check for update first. Is there a sample that does do that that you can point me to? Thank you Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Monday, June 19, 2006 4:15 PM > To: Message Sniffer Community > Subject: [sniffer] Update pacing... > > Hello Message, > > We have just reduced our rulebase update pacing from 150 minutes to > 120 minutes. > > This means rulebase updates will now arrive 20% faster. > > If you are using a scheduled task to retrieve your updates, please > adjust your timing appropriately. (about every 60 minutes should be > reasonable provided your script checks for an updated file before > performing the download). > > If you are triggering your updates based on the arrival of our > update notification messages then you need not take any additional > action - the change will be automatic. > > Thanks, > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Update pacing...
Hello Message, We have just reduced our rulebase update pacing from 150 minutes to 120 minutes. This means rulebase updates will now arrive 20% faster. If you are using a scheduled task to retrieve your updates, please adjust your timing appropriately. (about every 60 minutes should be reasonable provided your script checks for an updated file before performing the download). If you are triggering your updates based on the arrival of our update notification messages then you need not take any additional action - the change will be automatic. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: New purchase question
On Jun 19, 2006, at 2:17 PM, Pete McNeil wrote: Declude folks posted a combination rule that seems to be working well for them. Here is an excerpt from that post: If you are going to add that filter to your system, my advice is to give it a very low weight. Others said it worked great for them, but I was seeing a very high percentage of false positives with it. I'm currently testing a modification of the filter to see if this new version works better for me. Thanks, Greg Evanitsky ACS, Inc. (717) 248-2720 ext. 5113 # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: New purchase question
Hello Paul, SNF does not yet see things that are not there - only those things that are. We have been coding some rules for these empty, broken messages, but the trouble is that the systems we support often add headers of their own before SNF sees the message and it is difficult to predict what those headers are. Upcoming features will solve this problem, but at the moment we have no solid solution. Declude folks posted a combination rule that seems to be working well for them. Here is an excerpt from that post: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Monday, June 19, 2006 1:37 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Blank body & Subject Looks like the following filter is working well. Using the HOLD action to verify filter success/failure. Caught 32 in the last 5 minutes. Global.cfg FILTERMSC filter D:\SmarterMail\declude\msc.txt x 0 0 msc.txt HEADERS 30 NOTCONTAINS from: HEADERS 30 NOTCONTAINS subject: $default$.junkmail FILTERMSC HOLD D:\smartermail\spool\msc We will continue to look for rules to compensate in the mean time. Thanks, _M Monday, June 19, 2006, 1:21:30 PM, you wrote: > I'm getting swamped with emails that have > No TO address, no SUBJECT, and no BODY > I'm using MxGuard and don't see a way to block these. > Does sniffer return a code if there's no body? No subject AND no body? > That would be handy, if it did. > Paul Fuhrmeister > [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: ANN: Availability of 5xxSink 0.5.00, IIS SMTP event sink for text-file recipient validation
Thanks! And thank you Sandy, Paul Fuhrmeister [EMAIL PROTECTED] -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, June 14, 2006 8:48 PM To: Message Sniffer Community Subject: [sniffer] Re: ANN: Availability of 5xxSink 0.5.00, IIS SMTP event sink for text-file recipient validation Sandy actually released an updated version that allows for that. http://www.mail-archive.com/declude.junkmail@declude.com/msg27158.html Darrell fpReview - Review held mail the easy way. http://www.invariantsystems.com # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: New purchase question
I'm getting swamped with emails that have No TO address, no SUBJECT, and no BODY I'm using MxGuard and don't see a way to block these. Does sniffer return a code if there's no body? No subject AND no body? That would be handy, if it did. Paul Fuhrmeister [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>