Thanks Linda. I guess I should not have dismissed the "that would be too easy"
thought next time.
-Original Message-
From: "Linda Pagillo" <lpad...@gmail.com>
Sent: Wednesday, July 26, 2017 12:50pm
To: "Message Sniffer Community" <sniffer@sortmo
HI John. The best way to do this would be to create a filter in Declude
with the following line and score it how you like by changing the 0 to a
value:
HEADERS 0 PCRE (?im:X-GBUdb-Analysis.+New)
Thanks!
On Tue, Jul 25, 2017 at 2:01 PM, John Tolmachoff <
johnl...@eservicesforyou.com> wrote:
>
Hi Pete,
Would you mind sharing your calculations of confidence and probability? I'm
looking at the stats for p=1.0 and curious about the low confidence values.
I would have expected high confidence where there were no good samples and a
lot of bad... or do I have something backwards?
Hello Richard,
Wednesday, December 31, 2008, 11:49:35 AM, you wrote:
Does the snf XML command interface for GBUdb work? I was considering pumping in bad IPs as I find them into the GBUdb and also short-circuiting spam processing by calling the GBUdb to determine the status of an IP to
Hello Richard,
Thursday, December 4, 2008, 3:27:51 PM, you wrote:
Is the GBUdb currently sharing information as described in the documentation?
Yes.
Do the GBUdb XCI commands detailed within snf_xci.xml work through the tcp interface?
Yes.
The SNFClient utility
Ok. We are seeing a large amount of spam lately that is not being picked up
through snf and most of it has the from and the to set the same. Are you
seeing anything similar?
On Thu, Dec 4, 2008 at 2:37 PM, Pete McNeil [EMAIL PROTECTED]wrote:
Hello Richard,
Thursday, December 4, 2008,
Hello Richard,
Thursday, December 4, 2008, 3:41:34 PM, you wrote:
Ok. We are seeing a large amount of spam lately that is not being picked up through snf and most of it has the "from" and the "to" set the same. Are you seeing anything similar?
We have seen a lot of spam formed
Hi Pete,
You can drop the record for the IP from GBUdb with SNFClient -drop IP,
but if the system is not configured properly then the IP will quickly rise
back into the truncate list.
The IP address in question was a third party IP address, not related to us,
not a gateway. It was not in the
Hello Andy,
Tuesday, October 7, 2008, 2:40:01 PM, you wrote:
Hi Pete,
You can drop the record for the IP from GBUdb with SNFClient -drop IP, but if the system is not configured properly then the IP will quickly rise back into the truncate list.
The IP address in question was a third
3:41 PM
To: Message Sniffer Community
Subject: [sniffer] Re: GBUdb False Positives vs. Rule IDs
Hello Andy,
Tuesday, October 7, 2008, 2:40:01 PM, you wrote:
Hi Pete,
You can drop the record for the IP from GBUdb with SNFClient -drop IP,
but if the system is not configured properly
Hello Michael,
Tuesday, June 17, 2008, 4:48:54 PM, you wrote:
Pete,
How soon should we expect to see a new gbx file after a dump?
If you are using the default settings then it should appear after
about an hour. By default GBUdb creates a snapshot of it's database
every 3600 seconds.
gbudb
Hi Rob,
You can add the IPs to GBUdbIgnoreList.txt if you want sniffer to ignore the
IPs.
Pete,
I have some questions about GBUdb
FIRST QUESTION:
I have several clients who forward over e-mails from ISP accounts. I
have a system whereby I can pick out the original sending server IP. I
Hello Rob,
Tuesday, January 22, 2008, 11:09:10 AM, you wrote:
Pete,
I have some questions about GBUdb
This may help:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.GBUdb
FIRST QUESTION:
I have several clients who forward over e-mails from ISP accounts. I
Pete McNeil wrote:
This may help:
http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.GBUdb
I did read that first. It was helpful. I'll keep referring back.
We are developing an auto-drill-down feature for GBUdb to assist in
automatically training GBUdb in this way.
Hello Rob,
Tuesday, January 22, 2008, 1:11:00 PM, you wrote:
snip... about auto-drill-down/
I'm not confident that this will handle the forwarded messages
scenarios that I described, which I have ready custom programmed for
the specific narrow range of ways that this currently happens with
15 matches
Mail list logo
