[sniffer] Re: upgraded to 3.0
Hello Bonno, Friday, July 18, 2008, 2:27:59 PM, you wrote: > Hi, Well I did it, upgraded to 3.0 as well. The automatic rule panic feature and all the other stuff seemed a good idea. :-) Setting it up turned out to be straight forward, just follow the instructions. Ran into just 2 things and one question. Thanks for the details. > 1) Forgot to set correct path to identity file, was set to a nonexisting path. Started server. --- C:\IMail\declude\Sniffer3>c:\IMail\declude\Sniffer3\SNFServer3.0.exe c:\IMail\declude\Sniffer3\snf_engine.xml SNF Server Version 3.0 Build: Jun 26 2008 13:25:19 SNFMulti Engine Version 3.0 Build: Jun 26 2008 13:25:06 Launching with c:\IMail\declude\Sniffer3\snf_engine.xml Unhandled Exception: snf_LoadNewRulebase() Zero length SecurityKey Thrown! --- Should have said something like "error in path to identity file" I will consider adding an error case for a missing identity file. As a side note, there are a lot of ways to provide identity information to the SNF engine -- so that's why it throws this exception. An error message for a bad identity file path will be specific to that case. > 2) On page http://www.armresearch.com/support/articles/software/snfServer/core.jsp resultcode 63 is still listed as "Received IPs from spamtraps & research." in stead of "Black.." Question: Is there still a log file for me to ZIP every night or is all logging now at ARM research? The new version provides us with rule-hit statistics when it checks in to share GBUdb data and check for new rules. Once you are running the new version you do not need to upload log files. > p.s. Aren't we at version 3.01? This one I just downloaded still reports 3.0 as it's version. Ot was that just the *nix version? The change to 3.01 in the *nix distribution is not required for Win* systems which are all pre-compiled. The change was to remove "casting" in one line of code concerned with printing out thread status when in debug mode. The effect of the change is: * It prevents 64 bit GNU compilers from complaining about a loss of resolution. Specifically casting a pointer to (int) which on a 64 bit system essentially drops half of the data. (64 bit pointer, 32 bit integer). * It changes the output format of the thread ID slightly when running in debug mode. The updated version displays thread object numbers in HEX while the 3.00 version displays them as decimal (base 10) integers. Since the change does not effect any critical functions we didn't see the need to make a new release for the other (non source) distributions. When the next general revision is produced this change will be rolled in. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] upgraded to 3.0
Hi, Well I did it, upgraded to 3.0 as well. The automatic rule panic feature and all the other stuff seemed a good idea. :-) Setting it up turned out to be straight forward, just follow the instructions. Ran into just 2 things and one question. 1) Forgot to set correct path to identity file, was set to a nonexisting path. Started server. --- C:\IMail\declude\Sniffer3>c:\IMail\declude\Sniffer3\SNFServer3.0.exe c:\IMail\declude\Sniffer3\snf_engine.xml SNF Server Version 3.0 Build: Jun 26 2008 13:25:19 SNFMulti Engine Version 3.0 Build: Jun 26 2008 13:25:06 Launching with c:\IMail\declude\Sniffer3\snf_engine.xml Unhandled Exception: snf_LoadNewRulebase() Zero length SecurityKey Thrown! --- Should have said something like "error in path to identity file" 2) On page http://www.armresearch.com/support/articles/software/snfServer/core.jsp resultcode 63 is still listed as "Received IPs from spamtraps & research." in stead of "Black.." Question: Is there still a log file for me to ZIP every night or is all logging now at ARM research? p.s. Aren't we at version 3.01? This one I just downloaded still reports 3.0 as it's version. Ot was that just the *nix version? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Hello Darin, Friday, July 18, 2008, 1:12:39 PM, you wrote: > Hmmm... I don't think the rule was already pulled. We update our rulebase upon receipt of the notification of a new rulebase being available, and according to our logs the rule was in until at least 11:24am EDT. The rule bots would have queried the database for rules 20-40 minutes before you you received it. The rule may have still been in place at that time. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Hello Darin, Friday, July 18, 2008, 1:07:56 PM, you wrote: > Yes. The rule is inert. However, according to the logs the rule would have been hit 27 more times had we not added the rule panic. Thanks for clarifying. If it were something else I'd want to get on that right away ;-) _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Hmmm... I don't think the rule was already pulled. We update our rulebase upon receipt of the notification of a new rulebase being available, and according to our logs the rule was in until at least 11:24am EDT. Darin. - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Friday, July 18, 2008 12:12 PM Subject: [sniffer] Re: Problem with Sniffer-Porn rule this morning Hello Darin, Friday, July 18, 2008, 9:37:18 AM, you wrote: > Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. The rule has been pulled already. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Yes. The rule is inert. However, according to the logs the rule would have been hit 27 more times had we not added the rule panic. Darin. - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Friday, July 18, 2008 12:16 PM Subject: [sniffer] Re: Problem with Sniffer-Porn rule this morning Hello Darin, Friday, July 18, 2008, 11:39:47 AM, you wrote: > We had 18 hits on it from ~6:40-9:30am EDT before putting in the rule panic, 5 of which reached our hold weight. We've had 27 more hits since adding the rule panic. When a rule panic is in place the rule should be inert. Please check your snf_engine_cfg.log to see if the rule panic was picked up in your configuration. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Hello Darin, Friday, July 18, 2008, 11:39:47 AM, you wrote: > We had 18 hits on it from ~6:40-9:30am EDT before putting in the rule panic, 5 of which reached our hold weight. We've had 27 more hits since adding the rule panic. When a rule panic is in place the rule should be inert. Please check your snf_engine_cfg.log to see if the rule panic was picked up in your configuration. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Hello Darin, Friday, July 18, 2008, 9:37:18 AM, you wrote: > Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. The rule has been pulled already. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Problem with Sniffer-Porn rule this morning
We had 18 hits on it from ~6:40-9:30am EDT before putting in the rule panic, 5 of which reached our hold weight. We've had 27 more hits since adding the rule panic. Darin. - Original Message - From: Colbeck, Andrew To: Message Sniffer Community Sent: Friday, July 18, 2008 11:30 AM Subject: [sniffer] Re: Problem with Sniffer-Porn rule this morning I also have hit this. A single hit, also from AOL. Andrew. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, July 18, 2008 6:37 AM To: Message Sniffer Community Subject: [sniffer] Problem with Sniffer-Porn rule this morning Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. Darin.
[sniffer] Re: Problem with Sniffer-Porn rule this morning
I've just used proper channels and submitted the message and the snippet from the MessageSniffer log to the false@ email address. I've also added this: to the section of the snf_engine.xml file on each of my servers. Andrew. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, July 18, 2008 8:31 AM To: Message Sniffer Community Subject: [sniffer] Re: Problem with Sniffer-Porn rule this morning I also have hit this. A single hit, also from AOL. Andrew. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, July 18, 2008 6:37 AM To: Message Sniffer Community Subject: [sniffer] Problem with Sniffer-Porn rule this morning Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. Darin.
[sniffer] Re: Problem with Sniffer-Porn rule this morning
Any word on this? Darin. - Original Message - From: Darin Cox To: Message Sniffer Community Sent: Friday, July 18, 2008 9:37 AM Subject: [sniffer] Problem with Sniffer-Porn rule this morning Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. Darin.
[sniffer] Re: Problem with Sniffer-Porn rule this morning
I also have hit this. A single hit, also from AOL. Andrew. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, July 18, 2008 6:37 AM To: Message Sniffer Community Subject: [sniffer] Problem with Sniffer-Porn rule this morning Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. Darin.
[sniffer] Problem with Sniffer-Porn rule this morning
Pete, There appears to be a problem with rule 1984485 this morning. I'm getting a number of FP hits on it from AOL users. Darin.
