[sniffer] Re: rule panic not working
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this for example... 54-8064853-304-318-m On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey wrote: > It appears that the server is failing SNIFFER Rule 54 for some reason, > causing issues. I have added the following line in my snf_engine.xml file > for a rule panic but it doesn't appear to be working. > > > > > > Can someone help me with what I have wrong? > > Daniel > > > # > This message is sent to you because you are subscribed to > the mailing list . > This list is for discussing Message Sniffer, > Anti-spam, Anti-Malware, and related email topics. > For More information see http://www.armresearch.com > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > >
[sniffer] Re: rule panic not working
I don't think there is a way to block an entire set of rules with one entry. Someone from Arm may need to chime in here and answer that question. Are you positive that every single message coming in and leaving your server is triggering Sniffer? On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey wrote: > Thanks, but it appears that my server is failing multiple 54- rules. For > example from Google, it is failing 54-8064853-304-318-m and > 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m > and 54-8064853-0-3703-f. > > > > Is there a way block all 54- rules temporary? > > > > Also, do you have any suggestions on what would cause this all of a sudden? > > > > Daniel > > > > -Original Message- > *From:* Linda Pagillo [mailto:lpad...@gmail.com] > *Sent:* Thursday, December 29, 2016 8:51 AM > *To:* Message Sniffer Community > *Subject:* [sniffer] Re: rule panic not working > > > > Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this > for example... 54-8064853-304-318-m > > > > On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey wrote: > > It appears that the server is failing SNIFFER Rule 54 for some reason, > causing issues. I have added the following line in my snf_engine.xml file > for a rule panic but it doesn't appear to be working. > > > > > > Can someone help me with what I have wrong? > > Daniel > > > # > This message is sent to you because you are subscribed to > the mailing list . > This list is for discussing Message Sniffer, > Anti-spam, Anti-Malware, and related email topics. > For More information see http://www.armresearch.com > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > > >
[sniffer] Re: rule panic not working
Daniel, the "54" rules are probably related in some form or fashion. The only thing you can really do is follow the procedure of adding the panics for each rule and then reporting the urgent FPs to Arm so they can diagnose and resolve. You may want to use Baregrep on your SNF logs to find the list of the rules that are triggering incorrectly. On Thu, Dec 29, 2016 at 8:22 AM, Daniel Ivey wrote: > Yes, I am positive. If I turn off my SNIFFER test then everything works > properly. > > > > > > > > -----Original Message- > *From:* Linda Pagillo [mailto:lpad...@gmail.com] > *Sent:* Thursday, December 29, 2016 9:16 AM > *To:* Message Sniffer Community > *Subject:* [sniffer] Re: rule panic not working > > > > I don't think there is a way to block an entire set of rules with one > entry. Someone from Arm may need to chime in here and answer that question. > Are you positive that every single message coming in and leaving your > server is triggering Sniffer? > > > > On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey wrote: > > Thanks, but it appears that my server is failing multiple 54- rules. For > example from Google, it is failing 54-8064853-304-318-m and > 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m > and 54-8064853-0-3703-f. > > > > Is there a way block all 54- rules temporary? > > > > Also, do you have any suggestions on what would cause this all of a sudden? > > > > Daniel > > > > -Original Message- > *From:* Linda Pagillo [mailto:lpad...@gmail.com] > *Sent:* Thursday, December 29, 2016 8:51 AM > *To:* Message Sniffer Community > *Subject:* [sniffer] Re: rule panic not working > > > > Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this > for example... 54-8064853-304-318-m > > > > On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey wrote: > > It appears that the server is failing SNIFFER Rule 54 for some reason, > causing issues. I have added the following line in my snf_engine.xml file > for a rule panic but it doesn't appear to be working. > > > > > > Can someone help me with what I have wrong? > > Daniel > > > # > This message is sent to you because you are subscribed to > the mailing list . > This list is for discussing Message Sniffer, > Anti-spam, Anti-Malware, and related email topics. > For More information see http://www.armresearch.com > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > > > > >
[sniffer] Here is the fix for a known issue with Smartermail 15.5.6222 and external Message Sniffer command line scanning
Hi everyone. I wanted to share something that one of our customers discovered while using the external Message Sniffer as a command line scanner in Smartermail 15.5.6222. Prior to upgrading to 15.5.6222, my customer was running SM 15.3.6109 and the external Message Sniffer command line scanning option without issue. Once he upgraded to SM 15.5.6222, he noticed that there were no Sniffer headers in any of the email that he was receiving. After general troubleshooting, I submitted a ticket to SM support and they helped to resolve it by providing me with a new SM build. If you are experiencing this issue, please download and install the new build from here: http://www.smartertools.com/downloads/SmarterMail/CustomBuilds/15.5.6249.24396/SmarterMail15_Setup.exe Please note that this ONLY affects people using the external Message Sniffer from Arm Research and only if they are using it with SmarterMail as a command line scanner. It does not affect people using Message Sniffer with Declude. If you guys have any questions, please feel free to ask. Thanks!
[sniffer] Re: gbudb source new
HI John. The best way to do this would be to create a filter in Declude with the following line and score it how you like by changing the 0 to a value: HEADERS 0 PCRE (?im:X-GBUdb-Analysis.+New) Thanks! On Tue, Jul 25, 2017 at 2:01 PM, John Tolmachoff < johnl...@eservicesforyou.com> wrote: > Using Message Sniffer as part of Declude on a SmarterMail install, I want > to add weight to a source new when gbudb indicates such. What is the best > way to do that? > > John T > eServices For You > > > # > This message is sent to you because you are subscribed to > the mailing list . > This list is for discussing Message Sniffer, > Anti-spam, Anti-Malware, and related email topics. > For More information see http://www.armresearch.com > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > >