Re: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
SNIFFER external nonzero sniffer.exe authcode 1 0 SNIFFER-SCAMS external 053 sniffer.exe authcode 2 0 SNIFFER-PORN external 054 sniffer.exe authcode 2 0 SNIFFER-MALWARE external 055 sniffer.exe authcode 3 0 SNIFFER-OBFUSC external 062 sniffer.exe authcode 2 0 Actually, this should work fine. Declude JunkMail checks to see that the command line is the same (the sniffer.exe authcode, which is the same in all the above lines), and if so, it only runs the test if it has not yet been run (or if it has, it uses the exit code from when it was run). Declude JunkMail then handles the weights. So in this case, if Message Sniffer returned an exit code of anything except 0, the SNIFFER test would be triggered. If it returned 53, both the SNIFFER test and the SNIFFER-SCAMS test would be triggered. It should work in the same way as having multiple ip4r tests, one of which looks for * and others which look for specific return IPs. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
FWIW, we use the Sniffer tests in this way. We assign 2/3 our hold weight to SNIFFER nonzero, then if it also fails the porn, scams, malware tests it gets the other third. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 10, 2005 7:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests SNIFFER external nonzero sniffer.exe authcode 1 0 SNIFFER-SCAMS external 053 sniffer.exe authcode 2 0 SNIFFER-PORN external 054 sniffer.exe authcode 2 0 SNIFFER-MALWARE external 055 sniffer.exe authcode 3 0 SNIFFER-OBFUSC external 062 sniffer.exe authcode 2 0 Actually, this should work fine. Declude JunkMail checks to see that the command line is the same (the sniffer.exe authcode, which is the same in all the above lines), and if so, it only runs the test if it has not yet been run (or if it has, it uses the exit code from when it was run). Declude JunkMail then handles the weights. So in this case, if Message Sniffer returned an exit code of anything except 0, the SNIFFER test would be triggered. If it returned 53, both the SNIFFER test and the SNIFFER-SCAMS test would be triggered. It should work in the same way as having multiple ip4r tests, one of which looks for * and others which look for specific return IPs. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Thanks everyone who responded on and off-list. Yes, log files, headers - everything indicates that Declude functions as designed. Since I was un-categorically told that this was as mis-configuration and subject to Delude's error handling, I felt I better double-check my knowledge how Declude was designed to work. Sorry for the false alarm. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Monday, January 10, 2005 11:45 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests FWIW, we use the Sniffer tests in this way. We assign 2/3 our hold weight to SNIFFER nonzero, then if it also fails the porn, scams, malware tests it gets the other third. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Title: Message Hi Scott: My config file has: SNIFFER external nonzero "sniffer.exe authcode" 1 0 SNIFFER-SCAMS external 053 "sniffer.exe authcode" 2 0 SNIFFER-PORN external 054 "sniffer.exe authcode" 2 0 SNIFFER-MALWARE external 055 "sniffer.exe authcode" 3 0 SNIFFER-OBFUSC external 062 "sniffer.exe authcode" 2 0 I had someone contact me regarding these lines, stating: "Everything points to your current config which is definitely non-standard" and " it does represent a misconfiguration, and how it behaves is reliant on the error handling within Declude. You can't set a test to "nonzero" and also to specific result codes and assume that it will be handled appropriately. The "nonzero" config trumps the others, and there has never been any indication that things will be handled appropriately when you add more result codes with the same config." Although my mail headers and stats show that these lines function exactly as intended - I want to avoid dismissing someone who simply may have more insight than me. Please advise, if my config is indeed a MISconfiguration as this party is stating to categorically, and if I cannot set a test to "nonzero" and also to specific results codes. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
Re: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Title: Message If you are going to quote me, please do so without editing: If you aren't getting +95% hit rates on Sniffer, then something is wrong, and everything points to your current config which is definitely non-standard. I pointed out the config issues because it does represent a misconfiguration, and how it behaves is reliant on the error handling within Declude. You can't set a test to "nonzero" and also to specific result codes and assume that it will be handled appropriately. The "nonzero" config trumps the others, and there has never been any indication that things will be handled appropriately when you add more result codes with the same config. Matt Andy Schmidt wrote: Hi Scott: My config file has: SNIFFER external nonzero "sniffer.exe authcode" 1 0 SNIFFER-SCAMS external 053 "sniffer.exe authcode" 2 0 SNIFFER-PORN external 054 "sniffer.exe authcode" 2 0 SNIFFER-MALWARE external 055 "sniffer.exe authcode" 3 0 SNIFFER-OBFUSC external 062 "sniffer.exe authcode" 2 0 I had someone contact me regarding these lines, stating: "Everything points to your current config which is definitely non-standard" and " it does represent a misconfiguration, and how it behaves is reliant on the error handling within Declude. You can't set a test to "nonzero" and also to specific result codes and assume that it will be handled appropriately. The "nonzero" config trumps the others, and there has never been any indication that things will be handled appropriately when you add more result codes with the same config." Although my mail headers and stats show that these lines function exactly as intended - I want to avoid dismissing someone who simply may have more insight than me. Please advise, if my config is indeed a MISconfiguration as this party is stating to categorically, and if I cannot set a test to "nonzero" and also to specific results codes. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Title: Message Andy, why is every thread you start on here saying the message is personal? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Sunday, January 09, 2005 8:15 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests Sensitivity: Personal Hi Scott: My config file has: SNIFFER external nonzero sniffer.exe authcode 1 0 SNIFFER-SCAMS external 053 sniffer.exe authcode 2 0 SNIFFER-PORN external 054 sniffer.exe authcode 2 0 SNIFFER-MALWARE external 055 sniffer.exe authcode 3 0 SNIFFER-OBFUSC external 062 sniffer.exe authcode 2 0 I had someone contact me regarding these lines, stating: Everything points to your current config which is definitely non-standard and it does represent a misconfiguration, and how it behaves is reliant on the error handling within Declude. You can't set a test to nonzero and also to specific result codes and assume that it will be handled appropriately. The nonzero config trumps the others, and there has never been any indication that things will be handled appropriately when you add more result codes with the same config. Although my mail headers and stats show that these lines function exactly as intended - I want to avoid dismissing someone who simply may have more insight than me. Please advise, if my config is indeed a MISconfiguration as this party is stating to categorically, and if I cannot set a test to nonzero and also to specific results codes. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Title: Message Hm... good point. Let me check my Outlook defaults. It clearly makes no sense to use that flag when posting to a newsgroup... Is this causing problems? Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Monday, January 10, 2005 12:11 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple testsSensitivity: Personal Andy, why is every thread you start on here saying the message is personal? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Sunday, January 09, 2005 8:15 PMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Calling an Executable - evaluating in multiple testsSensitivity: Personal Hi Scott: My config file has: SNIFFER external nonzero "sniffer.exe authcode" 1 0 SNIFFER-SCAMS external 053 "sniffer.exe authcode" 2 0 SNIFFER-PORN external 054 "sniffer.exe authcode" 2 0 SNIFFER-MALWARE external 055 "sniffer.exe authcode" 3 0 SNIFFER-OBFUSC external 062 "sniffer.exe authcode" 2 0 I had someone contact me regarding these lines, stating: "Everything points to your current config which is definitely non-standard" and " it does represent a misconfiguration, and how it behaves is reliant on the error handling within Declude. You can't set a test to "nonzero" and also to specific result codes and assume that it will be handled appropriately. The "nonzero" config trumps the others, and there has never been any indication that things will be handled appropriately when you add more result codes with the same config." Although my mail headers and stats show that these lines function exactly as intended - I want to avoid dismissing someone who simply may have more insight than me. Please advise, if my config is indeed a MISconfiguration as this party is stating to categorically, and if I cannot set a test to "nonzero" and also to specific results codes. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
