Andy Schmidt wrote:
Hi Pete,
I saw their announcement.
Dave says they are using THEIR rule base (not the one specific to the
Sniffer customer).
Yes. They have an OEM license now which allows them to embed Message
Sniffer in their products with their own rulebase. This is simpler for
OEMs because it removes a lot of variables -- they can control and
predict what is in place so there is less guesswork if a problem arises.
Also distribution is simpler because they can install the complete
system at once... etc.
Any hints what I have to do (on the Sniffer side) to move over to their
service? Which part of my current stand-alone installation do I have to
"undo" (e.g., the Sniffer service?)
Yes.
I've looked up your account and at present your rulebase does not
contain any custom rules or exclusions. (This is also the case for the
vast majority of SNF customers).
At the moment they do not provide a way for you to use an alternate
rulebase -- it is very likely this is a feature they will add soon.
To switch over to Declude's embedded SNF you will need to:
* Turn off your current SNFServer - it will conflict with the embedded
version.
* Remove any external calls to SNF from your global.cfg file.
* Configure your Declude installation as recommended by Declude
-- Update their snf_engine.xml file for their embedded version as directed.
-- Update their getRulebase.cmd script for their embedded version as
directed.
-- Tune the global.cfg file to use the embedded SNF tests to suit your
needs.
, what about the "update" script
They use a slightly different update script. You will need to use their
version. If you have modified yours to do other tasks (such as notify
you or trigger other events) then you will need to make the same
modifications to their update script.
and the
uploading of log files?
When running version 3 or above there is no need to upload log files.
The SNF engine updates rulebase statistics and exchanges IP reputation
data approximately once per minute while checking for rulebase updates.
Declude's OEM rulebase is currently identical to the rulebase used by
the vast majority of SNF customers.
What is different is that with the embedded SNF engine your system will
be able to handle messages more efficiently, you will have easier access
to the IP reputation system, and your installation will be less complicated.
Please let me know if I missed anything.
Thanks,
_M
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
