[sniffer] Re: QUE Files in Sniffer directory
Make sure you're running in persistent mode. -- Original Message -- From: "Kami Razvan" <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" Date: Sat, 21 Apr 2007 18:45:54 -0400 >Sorry the last email was sent early.. > > > >I also see a lot of files in the Sniffer directory with .que extension. > > > >I have deleted the old ones but there is about 1700 of them still in the >directory that are for today.. > > > >Kami > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Lots of Spam getting through last two days
My secondary is catching most but I'm seeing quite a few sliding though Sniffer. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] .pdf Attachments
What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
What platform is the server running? I had problems running Win2003 and the latest sniffer, had to back up one ver to make it work. -- Original Message -- From: "Alberto Santoni" <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" Date: Thu, 28 Jun 2007 20:42:08 +0200 >Pete, > >after a day the SNF doesn't work yet ... what else can I try? >I have checked all that possible > >With my best regards >Alberto Santoni >--- >ASPita Sprl >Grande rue au Bois, 196 - 1030 - Brussels >+32(0)2 217 85 28 office >+32(0)2 735 78 65 fax >+32(0)476 53 88 34 mobile >Skype: Aspita.be >--- > > >> -Original Message- >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On >Behalf >> Of Pete McNeil >> Sent: 27 June 2007 23:44 >> To: Message Sniffer Community >> Subject: [sniffer] Re: After Updating MXGUARD >> >> Hello Alberto, >> >> Wednesday, June 27, 2007, 5:15:58 PM, you wrote: >> >> > Hello >> >> > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any >more >> > >> > I have the Sniffer in persistent mode and loaded with Srvany >> > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX >> >> > Which tests can I do to understand the problem ? >> >> It turns out that those files have always been there - but most of >> them (not the SRV) went away very quickly. >> >> Most likely during your transition your SNF workspace got clogged with >> a lot of these and that is causing some problems. >> >> First thing to do is to shut down SMTP & SNF (your persistent >> instance) and clear out all of those job files. Each file represents a >> sing scan job - the extension represents the status. With everything >> shut down there should be none of these files so it's safe to delete >> them. >> >> Once that is done you can start things up again and everything should >> work normally. >> >> If not then the normal testing procedures should help you discover the >> problem quickly. >> >> Hope this helps, >> >> _M >> >> >> -- >> Pete McNeil >> Chief Scientist, >> Arm Research Labs, LLC. >> >> >> # >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >> To switch to the DIGEST mode, E-mail to ><[EMAIL PROTECTED]> >> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >> Send administrative queries to <[EMAIL PROTECTED]> > > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Address
Some of the spammers are apparently using my email address as the sender. Any way to defeat that or capitalize on it? I get several bounces a week from all over the world. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
I'm running Win2003server, Imail 8.05 with MXGuard and Sniffer. How do I install the upgraded files? It was a couple years ago when I set this up originally. I read through and it says to rename the executables and put them in the sniffer dir. With the server/client mode, is this still what I need to do? -- Original Message -- From: Pete McNeil <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" Date: Tue, 9 Oct 2007 17:54:15 -0400 >Hello Sniffer Folks, > >We have worked through some minor bugs and added some new features. > >The newest version of the beta is 1.4. > >http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta > >Please upgrade your snf_engine.xml and SNFServer.exe files from the >latest distribution when you get a chance. > >* Adds support for scanning Communigate Pro message files directly. > >* Tightens up XCI handler code. > >* Removes problematic/redundant XCI watchdog code which caused trouble >on some MDaemon systems. > >Source & MDaemon folks-- a revised alpha distribution will be updated >shortly with the new changes incorporated. > >Thanks, > >_M > >-- >Pete McNeil >Chief Scientist, >Arm Research Labs, LLC. > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Spam no using CAPTCHA!
Fortunately, from what I've read, CAPTCHA is about worthless if effectiveness counts. Frustrating for humans and not much of a barrier to the bots. -- Original Message -- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" Date: Wed, 11 Jun 2008 08:48:55 -0700 >... and it also means that OCR based spam filtering is succesful enough >for the spammers to adopt CAPTCHA-style text-obfuscation-in-images as an >evasion method. > > >Andrew. > > >-Original Message- >From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On >Behalf Of Pete McNeil >Sent: Wednesday, June 11, 2008 8:18 AM >To: Message Sniffer Community >Subject: [sniffer] Re: Spam no using CAPTCHA! > > >Hello Daniel, > >Wednesday, June 11, 2008, 9:19:47 AM, you wrote: > >> Hi Everyone, > >> I just sent a spam sample to Message Sniffer, that was using CAPTCHA, >it >> said CIALIS in the CAPTCHA. I'm curios to see what Pete thinks of this >new >> tactic? > >On first look it is simply another way to use an obfuscated image to >deliver their message and should be handled the same way. Use of >CAPTCHA software to create this obfuscated image is an interesting >choice -- it means people making good OCR resistant CAPTCHA generators >are now unintentionally helping the blackhats defeat OCR based spam >filtering. > >_M > >-- >Pete McNeil >Chief Scientist, >Arm Research Labs, LLC. > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] .xml Error
When I try to view the log files in the SNF directory, I get "XML Parsing Error: junk after document element" through Firefox. I get "The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later" when sent to IE. I assume these logs have some valuable info, how do I view them? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Opening truncate.gbudb.net
We had a hacker send bogus requests for login name, password and birth date to all our mail customers on one domain. 6 gave it up and made my life fun babysitting the mail server for the last week. Makes ya wonder how many give up credit card and bank info? The message did appear very legitimate, much better than average grammar, spelling and syntax. We never ask anyone for their BD but they probably forget that. One impacted customer wanted me to put back their original pw back in. Boss can't learn a new one! Sheesh.. -- Original Message -- From: "Colbeck, Andrew" Reply-To: "Message Sniffer Community" Date: Mon, 10 May 2010 09:03:27 -0700 >I looked at the effectiveness of this test and I like what I'm seeing. >The volume isn't high, but it is making a difference in the "edge cases" >that are close to my "hold weight". > >In particular, I'm finding that it is triggering on pump and dump DKIM >spam from fresh netblocks that would otherwise leak into my mailboxes. >Some of those also trigger SNIFFERSCAM. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: IP Change on rulebase delivery system
I've been blocking subnets to the mail server manually for the past 10 days or so. Scan the logs and look at common IP sources for spam. PITA but I've got it under control. One of the earlier schemes I noticed was from .pw and .in top level domains. What I'm seeing now are messages coming from assorted domains but from a common subnet and hosting company - some US based. I've had mail queued up for 20-30 mins before delivery before adding some firewall rules. My mail server is an i5 running Windows Server. -- Original Message -- From: Richard Stupek Reply-To: "Message Sniffer Community" Date: Thu, 23 May 2013 14:22:59 -0500 >Looks like I have this issue again (pegging 4 core cpu) and resetting the >process doesn't make a difference. Not sure what is causing it but it does >slow down spam detection to 40-50 seconds for many emails. Any ideas what >I can look at or do to resolve this? > > >On Fri, Mar 29, 2013 at 12:27 PM, Pete McNeil >wrote: > >> On 2013-03-29 12:59, Richard Stupek wrote: >> >>> well when all else fails restarting snf seems to have corrected the issue >>> for now. >>> >> >> In that case, it is likely that RAM fragmentation was involved. Dropping >> the process allowed the fragmentation to be cleared. (theory). >> >> >> Best, >> _M >> >> -- >> Pete McNeil >> Chief Scientist >> ARM Research Labs, LLC >> www.armresearch.com >> 866-770-1044 x7010 >> twitter/codedweller >> >> >> ##**##**# >> This message is sent to you because you are subscribed to >> the mailing list . >> This list is for discussing Message Sniffer, >> Anti-spam, Anti-Malware, and related email topics. >> For More information see http://www.armresearch.com >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> > >> To switch to the INDEX mode, E-mail to >> Send administrative queries to >> >> > >> >> > > -- Thanks, Greg AllureTech/CoffeyNet www.atwy.net 1546 E Burlington Ave Casper, WY 82601 307.473.2323 -- # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: What is your oldest production CPU?
Oldest here is an Intel i5-2500k -- Original Message -- From: "Darin Cox" Reply-To: "Message Sniffer Community" Date: Fri, 27 Dec 2013 10:04:12 -0500 >Hi Pete, > >Our oldest production servers still have 1.1 - 1.4 GHz P3's in them. >However, for mail our oldest are quad core 3Ghz Xeons. > >Darin. > >-Original Message- >From: Pete McNeil >Sent: Friday, December 27, 2013 9:43 AM >To: Message Sniffer Community >Subject: [sniffer] What is your oldest production CPU? > >Hello Sniffer Folks, > >We would like to know what your oldest production CPU is. > >When building new binaries of SNF or it's utilities we would like to >select the newest CPU we can without leaving anybody behind. > >We're also evaluating whether we should split binaries into a >"compatible" version base on Intel i686 (or equivalent AMD), and a >"current" version based on Intel Core2 (or equivalent AMD). > >Please respond here. > >Thanks for your time!! > >_M > >-- >Pete McNeil >Chief Scientist >ARM Research Labs, LLC >www.armresearch.com >866-770-1044 x7010 >twitter/codedweller > > ># >This message is sent to you because you are subscribed to > the mailing list . >This list is for discussing Message Sniffer, >Anti-spam, Anti-Malware, and related email topics. >For More information see http://www.armresearch.com >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >To switch to the INDEX mode, E-mail to >Send administrative queries to > > ># >This message is sent to you because you are subscribed to > the mailing list . >This list is for discussing Message Sniffer, >Anti-spam, Anti-Malware, and related email topics. >For More information see http://www.armresearch.com >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >To switch to the INDEX mode, E-mail to >Send administrative queries to > > -- Thanks, Greg AllureTech/CoffeyNet www.atwy.net 1546 E Burlington Ave Casper, WY 82601 307.473.2323 -- # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to