[sniffer] Re: All about GBUdb
OK, a couple of questions. If an IP is found to be BAD, the website states a non-zero code will be returned. Well, I know that those of us using Declude and using listed return codes other than non-zero will have a problem with this. Can this be set to a specific return code that we can then use with Declude? Same question on the UGLY, can it be set to return a specific return code so that we can use that with Declude? John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, October 06, 2007 6:06 PM To: Message Sniffer Community Subject: [sniffer] All about GBUdb Hello Sniffer Folks, At your convenience please review the following: http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.G BUdb This page describes one of the key features of the new SNF engine (currently in wide beta testing). GBUdb is an IP reputation system built on a collaborative learning engine. Each SNF node equipped with GBUdb learns the behavior of the message sources it encounters and shares that information with other SNF/GBUdb nodes in the cloud. This learning and sharing process happens in near real-time (zero-minute) and allows the new SNF engine to improve both filtering accuracy and system efficiency (with a little help from it's friends). Let us know if you have any questions or comments. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: False Positives
Hi Pete, Actually it is true ;-) http://kb.armresearch.com/index.php?title=Message_Sniffer.FAQ.FalsePositives#What_are_the_guidelines_for_sending_a_False_Positive.3F - Please include your license ID in your message and send the messages from your registered email address. Email from non-registered email addresses and email having no license ID may be ignored. It should be impossible to guess such a standard rule it is still unique to each system. We are also having trouble with your response to our false. Hello Pi-Web, Actually that's not true - the license ID is normally derived from information in the headers as the message is processed by special software on our system. This is a very rare case - and where any kind of white rule is concerned we like to keep each case specific and extremely difficult to guess. Any kind of standard white rule is a problem waiting to happen. Hope this helps, _M Monday, October 8, 2007, 11:45:46 AM, you wrote: Why not add the license code as local whitelist string in each database, the license code is normaly supplied in the false report mail anyway. Is there any way of getting false positives to you other than emailing them to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ? My dilemma is that I'm using the same SMTP server for sending email out as getting email in -- so outgoing email is getting spam checked using Message Sniffer -- This means my False Positive reports are getting quarantined before they can get out!! Any ideas on how to work around this problem? We should be able to create a local white rule for this purpose. Or, you could create a local white-list entry of some kind in your other filtering systems (those that call SNF). Send me a note off-list from the address system that you will use to submit false positives and include information on any other systems you will use to submit false positives to us. We will work through it to create an appropriate white rule for this purpose. Hope this helps, Thanks, _M -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: All about GBUdb
Hello John, Yes. The standard result codes for ugly IPs depend upon the range they fall in (based on their statistics): Ugly in Caution = 40 Ugly in Black = 63 Ugly in Truncate = 20 Note that the black range is identical to hard coded IP rules found in the SNF rulebase. IP rules are no longer being created. The GBUdb will now take over that function since it is more dynamic. Hope this helps, _M Tuesday, October 9, 2007, 2:15:36 AM, you wrote: OK, a couple of questions. If an IP is found to be BAD, the website states a non-zero code will be returned. Well, I know that those of us using Declude and using listed return codes other than non-zero will have a problem with this. Can this be set to a specific return code that we can then use with Declude? Same question on the UGLY, can it be set to return a specific return code so that we can use that with Declude? John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, October 06, 2007 6:06 PM To: Message Sniffer Community Subject: [sniffer] All about GBUdb Hello Sniffer Folks, At your convenience please review the following: http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.G BUdb This page describes one of the key features of the new SNF engine (currently in wide beta testing). GBUdb is an IP reputation system built on a collaborative learning engine. Each SNF node equipped with GBUdb learns the behavior of the message sources it encounters and shares that information with other SNF/GBUdb nodes in the cloud. This learning and sharing process happens in near real-time (zero-minute) and allows the new SNF engine to improve both filtering accuracy and system efficiency (with a little help from it's friends). Let us know if you have any questions or comments. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] SNFV2-9 Wide Beta now at version 1.4
Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Pete, Im a bit confused about the persistasnt mode settings. I don't remember installing a service for my current sniffer installation. I thought it just continued running after the first time it was called by my mail server. With the new release, do I have to install as a service? Thanks, Chris -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 5:54 PM To: Message Sniffer Community Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Hello Chris, Quite a while ago, SNF was based on cellular peer-server technology. Each time your MTA called SNF with a message it would look to see if any other instances were alive and if they were then they would coordinate together to save resources. A bit after that we created a persistent mode where you could start an instance that would run as a kind of lightweight service. That instance would stay alive all the time so as you called other instances to scan messages they would see the persistent instance and let it take care of the heavy work -- that way only one instance ever had to load the rulebase file. Once the persistent mode was available there was no reason to use SNF any other way so most folks set up a persistent instance and took advantage of the extra throughput on their systems. That is currently the accepted way to run SNF. The new version is a complete departure from the old ways. There is now a client and a service. The client software knows how to talk to the server software and that's about all it does. The server software does all of the scanning and other heavy tasks. Now, for most folks, this is a fairly simple transition. They will replace their persistent instance with the new server software and they will begin calling the new client software the same way they used to call SNF. The client will pass the scan request on to the server and will return the customary result code. If you've never run a persistent instance using srvany, Firedaemon, or some other tool then that part will be new to you. Hope this helps, _M Tuesday, October 9, 2007, 7:36:02 PM, you wrote: Pete, Im a bit confused about the persistasnt mode settings. I don't remember installing a service for my current sniffer installation. I thought it just continued running after the first time it was called by my mail server. With the new release, do I have to install as a service? Thanks, Chris -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 5:54 PM To: Message Sniffer Community Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Ok I guess I had a basic understanding of how the old way and new way works, that makes it much clearer. I hadn't messed with it until now I'm looking at the new version b/c I am getting a lot of spam thru the floodgates lately, more and more. I tried creating a service with srvany but it was throwing an error when I was starting the service. Any special arguments you are supposed to put in the path that the service runs? Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 3com IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV HP Computers/Servers Printers -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 8:13 PM To: Message Sniffer Community Subject: [sniffer] Re: SNFV2-9 Wide Beta now at version 1.4 Hello Chris, Quite a while ago, SNF was based on cellular peer-server technology. Each time your MTA called SNF with a message it would look to see if any other instances were alive and if they were then they would coordinate together to save resources. A bit after that we created a persistent mode where you could start an instance that would run as a kind of lightweight service. That instance would stay alive all the time so as you called other instances to scan messages they would see the persistent instance and let it take care of the heavy work -- that way only one instance ever had to load the rulebase file. Once the persistent mode was available there was no reason to use SNF any other way so most folks set up a persistent instance and took advantage of the extra throughput on their systems. That is currently the accepted way to run SNF. The new version is a complete departure from the old ways. There is now a client and a service. The client software knows how to talk to the server software and that's about all it does. The server software does all of the scanning and other heavy tasks. Now, for most folks, this is a fairly simple transition. They will replace their persistent instance with the new server software and they will begin calling the new client software the same way they used to call SNF. The client will pass the scan request on to the server and will return the customary result code. If you've never run a persistent instance using srvany, Firedaemon, or some other tool then that part will be new to you. Hope this helps, _M Tuesday, October 9, 2007, 7:36:02 PM, you wrote: Pete, Im a bit confused about the persistasnt mode settings. I don't remember installing a service for my current sniffer installation. I thought it just continued running after the first time it was called by my mail server. With the new release, do I have to install as a service? Thanks, Chris -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 5:54 PM To: Message Sniffer Community Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
So, two questions Can sniffer now run without Declude or the like on an Imail system? Can the server piece be on a different machine? Thanks! (And if its obvious no, I haven't yet read the documentation on the new sniffer yet) On Oct 9, 2007, at 8:13 PM, Pete McNeil wrote: Hello Chris, Quite a while ago, SNF was based on cellular peer-server technology. Each time your MTA called SNF with a message it would look to see if any other instances were alive and if they were then they would coordinate together to save resources. A bit after that we created a persistent mode where you could start an instance that would run as a kind of lightweight service. That instance would stay alive all the time so as you called other instances to scan messages they would see the persistent instance and let it take care of the heavy work -- that way only one instance ever had to load the rulebase file. Once the persistent mode was available there was no reason to use SNF any other way so most folks set up a persistent instance and took advantage of the extra throughput on their systems. That is currently the accepted way to run SNF. The new version is a complete departure from the old ways. There is now a client and a service. The client software knows how to talk to the server software and that's about all it does. The server software does all of the scanning and other heavy tasks. Now, for most folks, this is a fairly simple transition. They will replace their persistent instance with the new server software and they will begin calling the new client software the same way they used to call SNF. The client will pass the scan request on to the server and will return the customary result code. If you've never run a persistent instance using srvany, Firedaemon, or some other tool then that part will be new to you. Hope this helps, _M Tuesday, October 9, 2007, 7:36:02 PM, you wrote: Pete, Im a bit confused about the persistasnt mode settings. I don't remember installing a service for my current sniffer installation. I thought it just continued running after the first time it was called by my mail server. With the new release, do I have to install as a service? Thanks, Chris -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 5:54 PM To: Message Sniffer Community Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php? title=Message_Sniffer.GettingStarted .Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to sniffer- [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] [This E-mail scanned for viruses by Declude] [This E-mail scanned for viruses by Declude] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] timing for production
We generally don't do anything system wise during the 4th quarter unless absolutely necessary. 1) If we don't upgrade to production if/when it comes out later this year, will we be ok? 2) Is release to production Q4 event?? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Updates to log rotation scripts
What updates/file name changes would be necessary for the log rotation scripts? How can we monitor the status of SNF in real time, via the XML pages? Is there such a thing as an XML reader? --- [This E-mail scanned for viruses by Declude Virus] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Hello Chris, Tuesday, October 9, 2007, 8:30:37 PM, you wrote: Ok I guess I had a basic understanding of how the old way and new way works, that makes it much clearer. I hadn't messed with it until now I'm looking at the new version b/c I am getting a lot of spam thru the floodgates lately, more and more. I tried creating a service with srvany but it was throwing an error when I was starting the service. Any special arguments you are supposed to put in the path that the service runs? It's hard to guess without seeing the errors. Since I have to guess I might guess that you want to use full paths for both the SNFServer.exe and the snf_engine.xml file. You will also want to check that SNFServer will run with full permissions on it's working directories (as configured) and that it has at least read, write, delete, create permissions in the directory where it will look for messages. I also suggest running SNFServer first from the command line so that you can see that it works and gain confidence in the settings. SNF is pretty good about producing errors in logs etc that are useful and meaningful. If you look closely it should tell you just where to look for any problems. Please shut it down cleanly using the client (SNFClient.exe -shutdown) to avoid creating any messes. SNF is pretty good about taking care of unexpected shutdowns etc, but it's always best to give it a smooth shutdown rather than yanking it out by the roots unannounced. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Hello Greg, Tuesday, October 9, 2007, 8:28:57 PM, you wrote: I'm running Win2003server, Imail 8.05 with MXGuard and Sniffer. How do I install the upgraded files? It was a couple years ago when I set this up originally. I read through and it says to rename the executables and put them in the sniffer dir. With the server/client mode, is this still what I need to do? No. When you did your last upgrade you were still working with the peer-server technology and branded executables. The new SNF does not work that way. The readme files cover this. The basic idea in your configuration will be: * Install the new SNF files in their own directory. * Carefully adjust the new SNF configuration files. * Run the SNFServer -- most likely from the command line at first so you can watch it run and no errors go hidden for long. * When you are ready, adjust your MXGuard configuration so that the path to the SNF executable points to the NEW SNFClient.exe. * If/When you want to switch back for any reason simply adjust the settings back to normal in your MXGuard configuration. The new SNF will run along side the old without interference. You can then switch back and forth just by calling the correct program to scan your messages - either the old SNF program or the new SNFClient. You do not need to rename any of the program files with the new version. If you do there will not be a problem but it is not necessary and not recommended. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Hello Richard, Tuesday, October 9, 2007, 8:50:08 PM, you wrote: So, two questions Can sniffer now run without Declude or the like on an Imail system? We have a program that we use on our spamtrap servers to plug SNF directly into IMail, however it is very limited in it's abilities. Can the server piece be on a different machine? No, the server piece must be on the local machine. Thanks! (And if its obvious no, I haven't yet read the documentation on the new sniffer yet) RT oh yeah. Important stuff in there. Don't miss it. ;-) _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: timing for production
Hello Robert, Tuesday, October 9, 2007, 8:59:58 PM, you wrote: We generally don't do anything system wise during the 4th quarter unless absolutely necessary. 1) If we don't upgrade to production if/when it comes out later this year, will we be ok? You will be ok, but you won't be having as much fun as those who did upgrade ;-) Seriously though -- the core scanning technology and the rulebase is not significantly different between the old and new versions. That said, the new version contains some minor improvements to the pattern matching engine and there has been a minor change to the way we construct our rulebase. We are no longer coding any new IP rules. The static IP rules in the core rulebase are deprecated as are the bots that created them. This happened a while ago. Over time the existing IP rules will become less effective and will in many cases be removed. The new version's GBUdb component will more than compensate for this loss. In fact the decision to deprecate the IP based rules system was based in part on the knowledge that the new version would be out soon to compensate. Systems that fail to upgrade will see more leakage (increasing over time) than those that do upgrade to the new system not only because the new system is more effective but also because the pattern rulebase is not getting new IP rules. 2) Is release to production Q4 event?? The current beta has already been an alpha in production environments for a very long time (especially the critical pieces). If we don't see any problems with the beta (and none are expected) then the current code base will be certified for production very quickly - definitely a Q4 event. There may be auxiliary elements that are still in flux for a little longer than that -- such as documentation (which is always an on-going project) and hopefully installers for some platforms. However, I expect the actual software will be certified very quickly given it's history. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] New SNF2-9b1.4.MDaemon released.
Hello Sniffer Folks, The new MDaemon beta (SNF2-9b1.4.MDaemon.zip) is available here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta Those of you who have an alpha version running will want to use the following from the new beta: * Use the new DLL. * Use the new snfmdplugin.xml (be sure to update it correctly from your existing configuration file). A number of new features require new or changed configuration elements. Also the default GBUdb ranges have been altered slightly from the configuration used in the alpha. The change log describes the relevant changes to the engine. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]