[sniffer] FW: [sniffer] Re: Message Sniffer DLL now used in Declude
Andy, Did you ever get the new Declude implemented on your mail server, so that Sniffer isn't an external test any longer? If so, was it hard to implement? Pete, With the new Declude with Message Sniffer built into it, would I still need to purchase a Sniffer license each year? Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 d...@gcrcompany.com -Original Message- From: Pete McNeil [mailto:madscient...@armresearch.com] Sent: Tuesday, January 05, 2010 9:51 AM To: Message Sniffer Community Subject: [sniffer] Re: Message Sniffer DLL now used in Declude Andy Schmidt wrote: Hi Pete, I saw their announcement. Dave says they are using THEIR rule base (not the one specific to the Sniffer customer). Yes. They have an OEM license now which allows them to embed Message Sniffer in their products with their own rulebase. This is simpler for OEMs because it removes a lot of variables -- they can control and predict what is in place so there is less guesswork if a problem arises. Also distribution is simpler because they can install the complete system at once... etc. Any hints what I have to do (on the Sniffer side) to move over to their service? Which part of my current stand-alone installation do I have to undo (e.g., the Sniffer service?) Yes. I've looked up your account and at present your rulebase does not contain any custom rules or exclusions. (This is also the case for the vast majority of SNF customers). At the moment they do not provide a way for you to use an alternate rulebase -- it is very likely this is a feature they will add soon. To switch over to Declude's embedded SNF you will need to: * Turn off your current SNFServer - it will conflict with the embedded version. * Remove any external calls to SNF from your global.cfg file. * Configure your Declude installation as recommended by Declude -- Update their snf_engine.xml file for their embedded version as directed. -- Update their getRulebase.cmd script for their embedded version as directed. -- Tune the global.cfg file to use the embedded SNF tests to suit your needs. , what about the update script They use a slightly different update script. You will need to use their version. If you have modified yours to do other tasks (such as notify you or trigger other events) then you will need to make the same modifications to their update script. and the uploading of log files? When running version 3 or above there is no need to upload log files. The SNF engine updates rulebase statistics and exchanges IP reputation data approximately once per minute while checking for rulebase updates. Declude's OEM rulebase is currently identical to the rulebase used by the vast majority of SNF customers. What is different is that with the embedded SNF engine your system will be able to handle messages more efficiently, you will have easier access to the IP reputation system, and your installation will be less complicated. Please let me know if I missed anything. Thanks, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: FW: [sniffer] Re: Message Sniffer DLL now used in Declude
Daniel Ivey wrote: Pete, With the new Declude with Message Sniffer built into it, would I still need to purchase a Sniffer license each year? Yes. However if you're using the built-in SNF you will get that from Declude. They may change their pricing at some point to include their OEM SNF license, or they may keep it separate-- so it's best to ask them about pricing as time goes on. _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Message Sniffer DLL now used in Declude
Andy Schmidt wrote: Hi Pete, I saw their announcement. Dave says they are using THEIR rule base (not the one specific to the Sniffer customer). Yes. They have an OEM license now which allows them to embed Message Sniffer in their products with their own rulebase. This is simpler for OEMs because it removes a lot of variables -- they can control and predict what is in place so there is less guesswork if a problem arises. Also distribution is simpler because they can install the complete system at once... etc. Any hints what I have to do (on the Sniffer side) to move over to their service? Which part of my current stand-alone installation do I have to undo (e.g., the Sniffer service?) Yes. I've looked up your account and at present your rulebase does not contain any custom rules or exclusions. (This is also the case for the vast majority of SNF customers). At the moment they do not provide a way for you to use an alternate rulebase -- it is very likely this is a feature they will add soon. To switch over to Declude's embedded SNF you will need to: * Turn off your current SNFServer - it will conflict with the embedded version. * Remove any external calls to SNF from your global.cfg file. * Configure your Declude installation as recommended by Declude -- Update their snf_engine.xml file for their embedded version as directed. -- Update their getRulebase.cmd script for their embedded version as directed. -- Tune the global.cfg file to use the embedded SNF tests to suit your needs. , what about the update script They use a slightly different update script. You will need to use their version. If you have modified yours to do other tasks (such as notify you or trigger other events) then you will need to make the same modifications to their update script. and the uploading of log files? When running version 3 or above there is no need to upload log files. The SNF engine updates rulebase statistics and exchanges IP reputation data approximately once per minute while checking for rulebase updates. Declude's OEM rulebase is currently identical to the rulebase used by the vast majority of SNF customers. What is different is that with the embedded SNF engine your system will be able to handle messages more efficiently, you will have easier access to the IP reputation system, and your installation will be less complicated. Please let me know if I missed anything. Thanks, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Message Sniffer DLL now used in Declude
Hi Pete, I saw their announcement. Dave says they are using THEIR rule base (not the one specific to the Sniffer customer). Any hints what I have to do (on the Sniffer side) to move over to their service? Which part of my current stand-alone installation do I have to undo (e.g., the Sniffer service?), what about the update script and the uploading of log files? Does that still apply, if it's under the Declude rule base? Best Regards, Andy -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Monday, January 04, 2010 8:34 PM To: Message Sniffer Community Subject: [sniffer] Message Sniffer DLL now used in Declude Hello Sniffer Folks, The Declude folks have announced version 4.10.42. With this version Declude now integrates Message Sniffer via our DLL. Benefits: * Improved performance -- Not an external test, so no program must be launched -- Uses the message already in RAM thus saving disk IO -- SNFMulti engine runs inside of the Declude service (one less program / service) -- No XCI calls required to request scans (reduced communications overhead) * Provides direct access to the GBUdb IP Reputation system for additional scoring options Here is a link to their announcement as archived on The Mail Archive http://www.mail-archive.com/declude.junkm...@declude.com/msg33094.html Best, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
