[sniffer] Change in default settings
Hello Message Sniffer Folks, We're recommending a change in the default settings for message sniffer in order to improve our response times for new campaigns. The change is small and enhances our virtual spamtrap technology so that we see new spams sooner and with greater sampling coverage. If you locate this block of code in your snf_engine.xml file: black on-off='on' symbol='63' edge probability='0.8' confidence='0.2'/ edge probability='0.8' confidence='1.0'/ truncate on-off='on' probability='0.9' peek-one-in='3' symbol='20'/ sample on-off='on' probability='0.8' grab-one-in='3' passthrough='no' passthrough-symbol='0'/ /black You will notice that your settings are probably slightly different. The changes we would like you to make are: peek-one-in='3' grab-one-in='3' Your current settings most likely use higher numbers for these settings. Once you make the change and save your file then Message Sniffer should pick up the changes right away - you do not need to restart Message Sniffer when making adjustments to your configuration. Please let us know if you have any questions. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Change in default settings
On 5/9/2011 3:43 PM, Peer-to-Peer (Support) wrote: Hi Pete, Just double checking: My snf_engine.xml file does not have any 'single quotes' around any numbers or characters. See attached as an example. What you have there in that png is your configuration log -- it is SNF's interpretation of your configuration file. The actual configuration file does use single quotes (unless you changed it). _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Change in default settings
Pete, for sample on-off='on' I wrote myself this note... !-- We can sample during a peek if passthrough = yes -- ... Is it still valid? Your sample and my own configuration have: passthrough=no On the balance of it, I suspect my own note is wrong, so it would be nice if you could verify it one way or the other. Andrew. -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Monday, May 09, 2011 11:56 AM To: Message Sniffer Community Subject: [sniffer] Change in default settings Hello Message Sniffer Folks, We're recommending a change in the default settings for message sniffer in order to improve our response times for new campaigns. The change is small and enhances our virtual spamtrap technology so that we see new spams sooner and with greater sampling coverage. If you locate this block of code in your snf_engine.xml file: black on-off='on' symbol='63' edge probability='0.8' confidence='0.2'/ edge probability='0.8' confidence='1.0'/ truncate on-off='on' probability='0.9' peek-one-in='3' symbol='20'/ sample on-off='on' probability='0.8' grab-one-in='3' passthrough='no' passthrough-symbol='0'/ /black You will notice that your settings are probably slightly different. The changes we would like you to make are: peek-one-in='3' grab-one-in='3' Your current settings most likely use higher numbers for these settings. Once you make the change and save your file then Message Sniffer should pick up the changes right away - you do not need to restart Message Sniffer when making adjustments to your configuration. Please let us know if you have any questions. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Change in default settings
On 5/9/2011 4:53 PM, Colbeck, Andrew wrote: Pete, for sample on-off='on' I wrote myself this note... !-- We can sample during a peek if passthrough = yes -- ... Is it still valid? Your sample and my own configuration have: passthrough=no On the balance of it, I suspect my own note is wrong, so it would be nice if you could verify it one way or the other. The passthrough option is for local sampling. We have used it occasionally on our spamtrap processors, but not for some time. Passthrough takes any messages that would have been samples and instead of sending them to the virtual spamtrap network it lets them go through with a specific result code. Presumably the local system would see the special result code and treat the message differently. Please leave passthrough='no' Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Change in default settings
Great. I'll remove the erroneous comment I made in my configuration files. FWIW, I've set both peek-one-in='3' and grab-one-in='3' as the new recommended default. Andrew. -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Monday, May 09, 2011 3:05 PM To: Message Sniffer Community Subject: [sniffer] Re: Change in default settings On 5/9/2011 4:53 PM, Colbeck, Andrew wrote: Pete, for sample on-off='on' I wrote myself this note... !-- We can sample during a peek if passthrough = yes -- ... Is it still valid? Your sample and my own configuration have: passthrough=no On the balance of it, I suspect my own note is wrong, so it would be nice if you could verify it one way or the other. The passthrough option is for local sampling. We have used it occasionally on our spamtrap processors, but not for some time. Passthrough takes any messages that would have been samples and instead of sending them to the virtual spamtrap network it lets them go through with a specific result code. Presumably the local system would see the special result code and treat the message differently. Please leave passthrough='no' Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
