[sniffer] AOL tightens DMARC policy - Imail needs to use Remailing/Sender-Rewriting

2014-05-19 Thread Andy Schmidt
If your users forward their Imail to AOL (or other DMARC enabled providers) - it will now fail if the SENDER is AOL: http://postmaster-blog.aol.com/ Ideally add your me too to the Imail Forum to get this long-known issue resolved: http://forums.ipswitch.com/Topic76009-10-1.aspx

[sniffer] Re: What is your oldest production CPU?

2013-12-30 Thread Andy Schmidt
Actually - this one is older: Dell PE 1600SC (x86) Intel XEON Family F (15) Model 2 Stepping 9 -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject:

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Andy Schmidt
Dell PE 2950 Intel Xeon CPU 5050 Type 0 Family F Model 6 Stepping 4 Revision 2 -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject: [sniffer] What is

[sniffer] Upgrading Stand-Alone Sniffer (for Declude)

2013-04-18 Thread Andy Schmidt
Now that Declude forces us to use the stand-alone version again - time for me to upgrade the old stuff I had laying around. Currently I'm running (with SrvAny): SNFMulti Engine Version 3.0.11 Build: Aug 21 2009 18:42:53 SNF Server Version 3.0.2 Build: Jul 28 2009 14:48:00 and

[sniffer] Reputation Lookup DNSBL?

2013-04-18 Thread Andy Schmidt
Hi, I suppose I should have paid attention in the past 12 months. Is there a GBUdb IP based lookup that is recommended to get the benefit of all Sniffer customers' experiences? Or is it not worth the effort? Best Regards, Andy #

[sniffer] Re: GBUdb.com Web Site is Up - truncate.gbudb.net text records updated

2010-05-29 Thread Andy Schmidt
Hi, In case anyone wants to use it in ORF, attached the updated definition file. (Pete, I didn't post it on their newsgroup because I didn't know if you wanted the word out). Best Regards, Andy -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On

[sniffer] Re: GBUdb.com Web Site is Up - truncate.gbudb.net text records updated

2010-05-29 Thread Andy Schmidt
: GBUdb.com Web Site is Up - truncate.gbudb.net text records updated On 5/29/2010 4:01 PM, Andy Schmidt wrote: Hi, In case anyone wants to use it in ORF, attached the updated definition file. (Pete, I didn't post it on their newsgroup because I didn't know if you wanted the word out). I

[sniffer] Declude: Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate

2010-04-30 Thread Andy Schmidt
Hi Pete, I'm look over Declude's recommended Sniffer configuration and trying to understand how much (if any) overlap there is between these options they implemented and recommend: IPREPUTATIONSNFIPREPx 0 10 -5 SNFIPCAUTIONSNFIP x

[sniffer] Re: Message Sniffer DLL now used in Declude

2010-01-04 Thread Andy Schmidt
Hi Pete, I saw their announcement. Dave says they are using THEIR rule base (not the one specific to the Sniffer customer). Any hints what I have to do (on the Sniffer side) to move over to their service? Which part of my current stand-alone installation do I have to undo (e.g., the Sniffer

[sniffer] Re: RulePanic on 2654821

2009-09-08 Thread Andy Schmidt
Dito here - already reported it as a False Positive: s u='20090908183815' m='D:\IMail\spool\proc\work\Dd948c4c42c68.smd' s='54' r='2654821' m s='54' r='2654821' i='1905' e='1952' f='m'/ p s='0' t='15' l='4270' d='38'/ g o='0'

[sniffer] Re: DST update problem - server changes

2009-03-10 Thread Andy Schmidt
Hi, That's why the enhanced version of your script (which properly supports Sniffer's ability to keep the rulebase and the workspace in subfolders!) that I sent you checks for CURL success AND for an existing file. curl http://www.sortmonster.net/Sniffer/Updates/%LICENSE_ID%.snf -s -R -f

[sniffer] Re: DST update problem - server changes

2009-03-10 Thread Andy Schmidt
[mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Tuesday, March 10, 2009 10:20 AM To: Message Sniffer Community Subject: [sniffer] Re: DST update problem - server changes Andy Schmidt wrote: Hi, That's why the enhanced version of your script (which properly supports

[sniffer] Re: Daylight Savings Time Update Problem.

2009-03-09 Thread Andy Schmidt
Yes, with the OLD version (before the upgrade) I used to run my own script - and it successfully used: curl http://www.sortmonster.net/Sniffer/Updates/MyRuleBase.snf -o MyRuleBase.snf.gz -s -S -R -z MyRuleBase.snf -H Accept-Encoding:gzip -u sniffer-userid:sniffer-pwd if exist nwb655oh.snf.gz

[sniffer] Re: Daylight Savings Time Update Problem.

2009-03-09 Thread Andy Schmidt
Hm - seems that I may have commented out WGET and have been using CURL even with the new version (because of date mismatches). So - maybe the enclosed will help. It SEEMS as if my /rulebase/ folder has been updated at least twice since 8:30 AM this morning... -Original Message- From:

[sniffer] Re: ClamAID

2009-02-13 Thread Andy Schmidt
than C:\ClamAV\ We thought that was a good upgrade just in itself. Let us know how it responds under fire. Thanks, Andrew Wallo - Original Message - From: Andy Schmidt andy_schm...@hm-software.com To: Message Sniffer Community sniffer@sortmonster.com Sent: Monday, February 02, 2009 1

[sniffer] Re: [Declude.JunkMail] Errorlevel not working

2009-02-08 Thread Andy Schmidt
Serge: if errorlevel 0 means if errorlevel = 0. You are NOT comparing to equal - it will return TRUE if the error level is AT LEAST the number 0 - which is true for any positive value. Best Regards, Andy -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf

RE: [Declude.JunkMail] Errorlevel not working

2009-02-08 Thread Andy Schmidt
Serge: if errorlevel 0 means if errorlevel = 0. You are NOT comparing to equal - it will return TRUE if the error level is AT LEAST the number 0 - which is true for any positive value. Best Regards, Andy -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf

[sniffer] Re: ClamAID

2009-02-05 Thread Andy Schmidt
Dear Matt: Things for pointing out http://oss.netfarm.it/clamav/. That is ONE build I had not yet run across (actually, I recognize the page, but somehow never bookmarked it). I had been unable to get http://hideout.ath.cx/clamav to run as a service - but the netfarm one explicitly states that

[sniffer] Re: ClamAID

2009-02-05 Thread Andy Schmidt
Hi, http://oss.netfarm.it/clamav seems to be ideal. I just installed it. a) runs as a Windows Service (using clamd --install) b) has registry settings to point to db and conf subfolders c) accepts trailing backslash The only remaining issue with Declude is the Declude's inability of extracting

[sniffer] Re: ClamAID

2009-02-04 Thread Andy Schmidt
Hi Andrew: I agree, offering a functioning Win32 port that doesn't rely on Cygwin might give your firm additional exposure. Heck, I would gladly pay an annual fee for ClamAID if it included a current, native Win32 port of ClamD and would make my go-between script obsolete. PS: I would have

[sniffer] Re: ClamAID

2009-02-03 Thread Andy Schmidt
Hi Andrew: The ClamAID installer does handle the pthreads requirement for you. Understood, that's convenient. It does wrap ClamD as a service, (from the w32.clamav.net port ) , as well as wrapping freshclam.exe as a reoccurring service Yep, same thing can be accomplished with the SRVANY

[sniffer] Re: Announcing ClamAID - Clam AV installer for windows.

2009-02-03 Thread Andy Schmidt
post two days ago does the following: a) trim the trailing backslash from the path if any is found b) read and parse the ClamAV report.txt file and outputs a new Report.txt file that uses a format that's parsable by Declude. Best Regards, Andy Schmidt

[sniffer] Re: Announcing ClamAID - Clam AV installer for windows.

2009-02-02 Thread Andy Schmidt
Hi Pete, Very cool. I just went through this a few weeks ago. Here's the issues I encountered: - The engine for official Windows build I found (http://w32.clamav.net/) was out of date (but still usable) and had problems with trailing backslashes the way that Declude was passing them. - The

[sniffer] Crosspost: ClamAV for Window (Summary of what I had posted last month on a different list)

2009-02-02 Thread Andy Schmidt
- From: Andy Schmidt [mailto:andy_schm...@hm-software.com] Sent: Sunday, January 04, 2009 6:39 PM Hi, The official Win32 build seems to work just fine, ClamD service and all? a) I downloaded and installed the MSI file b) I downloaded the pthread DLL that it required c) I confirmed that clamscan

[sniffer] Re: eWall

2009-02-02 Thread Andy Schmidt
Wo - how did I miss eWall all these years? I thought ASSP was the only game in Windows town, but I didn't like the Sniffer integration and was worried about running on Perl. Sadly, the eWall web site is terrible - I don't see any manual or installation guide or anything that allows me to

[sniffer] Re: Announcing ClamAID - Clam AV installer for windows.

2009-02-02 Thread Andy Schmidt
They offer a ClamAV tie-in: http://sssolutions.net/ew/tutor.php?topic=setup From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Monday, February 02, 2009 2:53 PM To: Message Sniffer Community Subject: [sniffer] Re: Announcing ClamAID - Clam AV

[sniffer] Re: ASSP Threshold

2008-10-17 Thread Andy Schmidt
Hi Pete, Then let me approach it from a different angle: Is there a way in the Sniffer config files to silence certain groups? This way, if someone doesn't want to outright block email based on certain groups, they could just exclude those groups from triggering at all. Best Regards, Andy

[sniffer] Re: SNF Now directly supported in IMGate!

2008-10-09 Thread Andy Schmidt
Hi, Hopefully, you'll be able to convince Alligate and ORF next to use your new DLL API to scan the content during the SMTP connection without needing the command line environment... Best Regards, Andy -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On

[sniffer] ASSP Threshold

2008-10-09 Thread Andy Schmidt
Hi Pete, SNF code spam threshold (ASSP_SNF_Threshold) The SNF result code threshold that is considered spam. SNF result codes at this level or above will be considered spam for the purposes of ASSP scoring. The default value of 20 is good in most cases. Are the result codes

[sniffer] Re: ASSP Threshold

2008-10-09 Thread Andy Schmidt
Hi: The design of the plugin at the moment is a binary decision-- either the message is spam, or not. I understand - but currently the plugin has a config option that performs a Resultcode = Threshold test. I think it would be more appropriate to have a Resultcode in (n, n, n...) test. It

[sniffer] Re: Update Script - Replace WGET and GZIP with CURL

2008-10-08 Thread Andy Schmidt
Hi Pete, Agreed, with WGET it gets quite a bit complicated (because it really doesn't understand the GZ format). That's why you currently have to override the filename, call it GZ, then call GZIP to unzip it. I've come to the conclusion that it's not worth the trouble with WGET (as you surmised,

[sniffer] Rulebase, bogus UTC Timestamps?

2008-10-08 Thread Andy Schmidt
Hi Pete, I'm running a Sniffer service on a secondary system so that I can test my rulebase update script. After I changed to curl (to maintain the server timestamps), I'm now seeing the following in the status.minute.log: rulebase utc=20081008183610 / active utc=20081008183610 /

[sniffer] Re: Updated getRuleBase.cmd

2008-10-08 Thread Andy Schmidt
Hi, Yes, recent Windows curl builds will convert between UTC and local time. I was just caught off-guard, that Sniffer is using an external datum which is subject for wanted or unwanted manipulation for something as crucial as determining the file version of the rule base? If (due to copying

[sniffer] How to deal with False Positives and other Documentation Issues

2008-10-07 Thread Andy Schmidt
Hi, 1. I read this page: http://www.armresearch.com/support/articles/procedures/falsePositives.jsp and it seems to be the same. However, should this chapter be expanded to contain information about what to do if some of the new technologies are responsible for the false positive?

[sniffer] Re: GBUdb False Positives vs. Rule IDs

2008-10-07 Thread Andy Schmidt
Hi Pete, You can drop the record for the IP from GBUdb with SNFClient -drop IP, but if the system is not configured properly then the IP will quickly rise back into the truncate list. The IP address in question was a third party IP address, not related to us, not a gateway. It was not in the

[sniffer] Re: GBUdb False Positives vs. Rule IDs

2008-10-07 Thread Andy Schmidt
Thanks Pete - I'll save that command. I also suggest that some of your instructions might be helpful to see in the documentation in the chapters on how to deal with false positives. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 07, 2008

[sniffer] Re: Update Script - Choice of WGET Parameter Prevents TimeStamping

2008-10-07 Thread Andy Schmidt
-passwd=ki11sp8m From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 12:41 AM To: 'Message Sniffer Community' Subject: Update Script - Choice of WGET Parameter Prevents TimeStamping Hi, I've spent some time over the last few days trying to integrate the new

[sniffer] Re: Update Script - Choice of WGET Parameter Prevents TimeStamping

2008-10-07 Thread Andy Schmidt
Hi Pete, Thanks for giving it your consideration. If you decide to revise these parameteres, then it will require an extra command in your script (because the WGET command will output the compressed file as .SNF). If you don't insist on using WGET, then CURL (also free/open software) actually

[sniffer] Re: Update Script - Path apparently doesn't tolerate embadded blanks

2008-10-06 Thread Andy Schmidt
Hi Pete: http://www.armresearch.com/support/articles/software/snfServer/config/node /network/update-script.jsp http://www.armresearch.com/support/articles/software/snfServer/config/node/ network/update-script.jsp%3c%3c Yep, had read that - but that page just instructs me to use the full

[sniffer] Update Script - Path apparently doesn't tolerate embadded blanks

2008-10-05 Thread Andy Schmidt
to work. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

[sniffer] Sniffer 3.0 Installed

2008-10-04 Thread Andy Schmidt
%WORKSPACE_PATH%\UpdateReady.lck :CLEANUP if exist %RULEBASE_PATH%\%LICENSE_ID%.new del %RULEBASE_PATH%\%LICENSE_ID%.new if exist %WORKSPACE_PATH%\UpdateReady.lck del %WORKSPACE_PATH%\UpdateReady.lck :DONE ENDLOCAL Best Regards Andy Schmidt Phone: +1 201 934-3414 x20

[sniffer] Re: Sniffer 3.0 Froze Mail Server

2008-10-04 Thread Andy Schmidt
Server runs unattended for weeks until a Windows security update requires reboot! Best Regards, Andy From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Saturday, October 04, 2008 2:13 AM To: Message Sniffer Community Subject: [sniffer] Sniffer 3.0

[sniffer] Re: Sniffer 3.0 Installed

2008-10-04 Thread Andy Schmidt
Hi Pete, My best thinking at the moment is to perhaps do something like this Right, exactly. As long as the parameters are already there to be modified and the script uses those parameters, then the script is ready to go for any user (with or without distinct directories). Of course doing

[sniffer] Re: FW: [sniffer] Re: Sniffer 3.0 Froze Mail Server

2008-10-04 Thread Andy Schmidt
: Saturday, October 04, 2008 10:07 PM To: Andy Schmidt Cc: [EMAIL PROTECTED] Subject: Re: FW: [sniffer] Re: Sniffer 3.0 Froze Mail Server Hello Andy, Saturday, October 4, 2008, 9:22:39 PM, you wrote: Hi Pete, Here the log files. I can't tell you WHEN the problem was triggered. I

[sniffer] Imail QueueMgr.exe consumes all Paged Pool

2007-08-03 Thread Andy Schmidt
Sorry for cross-posting. I'm not sure whether Declude and/or Sniffer still rely on the Paged Pool - and whether their usage would be reported under the Imail QueueMgr.exe or under some other .exes? So I have 3 possible culprits. The symptom started as a Webmail problem because customers noticed

[sniffer] Re: Spam

2007-05-29 Thread Andy Schmidt
I recommend SpamSource, if you are an Outlook user. It's a little toolbar applet that you can configure any recipient of the forwarded spam and it will include all the original mail headers - just the way Sniffer, Spamcop etc. like it. All you do is press the button on the toolbar and the message

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Andy Schmidt
Hi Phil, Yes, it seems as if some Sniffer rules, e.g., 1367683, is broadly targeting Google's IPs. I've submitted 3 false positive reports since last night, at least two of them were Google users, one located in the U.S. and the other in the Netherlands! Andy -Original Message- From:

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Andy Schmidt
Hi, Unless I'm mistaken, rule 1370762 was targeting the same address range. If I may make a suggestion: Before the spam-trap robots are allowed to block major, well-known and easily recognizable email providers, how about the robot script pulls a WHOIS and a Reverse DNS and runs that data

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Andy Schmidt
rather than IP, it does not matter who is sending it because it should be blocked because it appears to be spam. If it is blocked based on IP, the potential for false positives increases greatly as soon as people become overzealous. Jonathan Hickman - Original Message - From: Andy Schmidt

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Andy Schmidt
Hi Pete, Thanks for taking the time to respond. The rule was in place from 20070326. The first reported false positives arrived today Except that reports from end users lingered in my email since Friday. Not your fault - but just to better demonstrate the ultimate effect it had. To be

[sniffer] Re: Documentation Problem

2007-01-16 Thread Andy Schmidt
to link to: http://kb.armresearch.com/index.php?title=Message_Sniffer.FAQ.FalsePositives #RulePanic - which appears to be a bad link? (Eventually I found that the CFG file is self-documented.) Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

[sniffer] Rules for Large International ISPs

2006-12-28 Thread Andy Schmidt
20061228110558 15 16 Match 1235160 63 1 46 73 20061228110558 15 16 Final 1235160 63 0 298073 Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

[sniffer] Re: Rules for Large International ISPs

2006-12-28 Thread Andy Schmidt
UNREPORTED FPs might be. Consequently, it may be worthwhile to improve F001 as mentioned before. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil

[sniffer] Re: Rules for Large International ISPs

2006-12-28 Thread Andy Schmidt
- so be it. My inclination is, if it's currently 10 times harder to report false positives than it is to report missed spam, then I suspect that the false positive rates could be 10 times higher than what's actually being reported. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business

[sniffer] Re: Declude header not modified correctly

2006-10-25 Thread Andy Schmidt
Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of David Waller Sent: Wednesday, October 25, 2006 09:42 AM To: Message Sniffer Community Subject: [sniffer] Re: Declude header

[sniffer] Re: Declude List

2006-10-25 Thread Andy Schmidt
Hi, for discussions on Declude, you need to subscribe to "Declude.Junkmail" or "Declude.Virus" at [EMAIL PROTECTED] Here's their standard trailer line: This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe

[sniffer] FW: Summary, Form #21539

2006-08-23 Thread Andy Schmidt
Pete, I have the same concern. I have been submitting the below spam (possible Words virus) almost daily for more than week - yet, it still is not discovered. Am I submitting correctly? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original

RE: [sniffer] IP Blacklist rules

2006-02-24 Thread Andy Schmidt
Hi, Thanks. I will treat result code 63 with a combo filter so that any parallel hit with a regular RBL won't end up counting twice. That should take care of it. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL

[sniffer] False Positive - no reaction?

2006-02-21 Thread Andy Schmidt
Hi, I filed this false positive report a day ago and never heard back. Just trying to see if my emails are blocked again. Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 10

RE: [sniffer] False Positive - no reaction?

2006-02-21 Thread Andy Schmidt
email was received. The web site makes it sound as if there's a million reasons why a false positive might not be accepted - so an automatic confirmation might be a good self-service tool. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message

RE: Re[2]: [sniffer] False Positive - no reaction?

2006-02-21 Thread Andy Schmidt
address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL

[sniffer] problems!!!!

2006-02-08 Thread Andy Schmidt
by weighing them against other sources/methods. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help

RE: [sniffer] [Declude.JunkMail] 3.05.5 issues

2005-10-06 Thread Andy Schmidt
So this may be the known Declude problem with 3.x Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, October 06, 2005 07:13 AM

RE: [sniffer] [Declude.JunkMail] 3.05.5 issues

2005-10-05 Thread Andy Schmidt
Single CPU or Dual Processor CPU? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Wednesday, October 05, 2005 05:28 PM To: sniffer

[sniffer] FW: AVERT Medium Threat Advisory: W32/Sober.r@MM

2005-10-05 Thread Andy Schmidt
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED] Advisory This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] Justification W32/[EMAIL PROTECTED] has been deemed Medium due to prevalence. Read

[sniffer] Integration with today's new ORF version:

2005-09-05 Thread Andy Schmidt
http://www.vamsoft.com/orf/agentdefs.asp It says to contact vendor. Here I am G. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206

RE: [sniffer] Integration with today's new ORF version:

2005-09-05 Thread Andy Schmidt
Congratulations! (Sorry for having wasted band-width, I just saw the contact vendor link - never clicked on the link that contained the XML definitions G Found it now...). Anyway - thanks for the integration. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934

RE: [sniffer] New Spam Storm

2005-05-17 Thread Andy Schmidt
Yes, these messages were caused by Sunday'sSober.O and Sober.P remote update of previouslyinfected PCs, causing them to send out millions of neo-nazi mail. The next update (likely a new spam-wave) is scheduled in 10 days. Somepublic mailboxes got as many as 50,000 emails in 48 hours to a

RE: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta Promo

2005-04-18 Thread Andy Schmidt
Wow - inline Virus scanning - and if I read the flow chart correctly, their heuristic engine actually sounds like a scoring system for DNSBL and various other indicators and reject a message during connection. Now that's the kind of SMTP engine I've been wanting all along. Best Regards Andy

RE: [sniffer] RAID level for spool

2005-03-16 Thread Andy Schmidt
- read many times applications, such as file and database servers. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Goran Jovanovic Sent: Wednesday, March 16, 2005 11:26 AM I guess this is going against what I think should

RE: [sniffer] RAID Levels for Spool Folder

2005-03-16 Thread Andy Schmidt
Uh, sorry, I had thought that discussion was RAID-5 vs. RAID-1? If someone is running RAID-5, I assume that it's hardware based. If so, then that person could use the same hardware to configure a RAID-1 array instead - so why even bother with software RAID then? If the discussions is software

RE: [sniffer] Interesting Article

2005-02-18 Thread Andy Schmidt
enforcement) - so I have been told by someone in the industry. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message

RE: [sniffer] IIS SMTP Integration

2005-02-18 Thread Andy Schmidt
to get Sniffer in there as well. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED

RE: [sniffer] IIS SMTP Integration

2005-02-18 Thread Andy Schmidt
. In a protocol sink, the sink can pass the in-memory email directly to the Sniffer service - no need to write to disk/read from disk and starting command-prompt tasks etc etc. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message

RE: Re[2]: [sniffer] IIS SMTP Integration

2005-02-18 Thread Andy Schmidt
file. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, February 18, 2005 08:06 PM To: sniffer@SortMonster.com Subject: RE: Re[2

RE: Re[2]: [sniffer] IIS SMTP Integration

2005-02-18 Thread Andy Schmidt
you want to only search for content when there is NO dictionary attack - but if you happen to be under dictionary attack you want to let all the spam go through unchecked? Seems counterintuitive to me. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

RE: [sniffer] Changes - another reminder.

2005-02-14 Thread Andy Schmidt
values. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

[sniffer] Spam Ratios, specifically: Sniffer and SURBL

2005-01-10 Thread Andy Schmidt
0.18% MAILPOLICE-PORN220.17% SNIFFER-OBFUSC.150.11% ORDB...100.08% RDNSBL..50.04% NJABLRELAYS.50.04% HIL.40.03% Best Regards Andy Schmidt HM Systems Software, Inc. 600

RE: [sniffer] new spam storm?

2005-01-04 Thread Andy Schmidt
many of them for ... my cheating wife. Sorry to hear about your marital problems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kirk Mitchell Sent: Tuesday, January 04, 2005 05:56 PM To: sniffer@SortMonster.com Subject: [sniffer] new spam storm?

RE: [sniffer] Downloads are slow...

2004-12-28 Thread Andy Schmidt
are a bit more flexible - you can specify WHICH file is used for comparison. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com

[sniffer] Conditional Sniffer Updates

2004-12-27 Thread Andy Schmidt
if/that there may me no LATER .SNF file, I am only downloading when a new file is actually present! Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM

RE: [sniffer] Downloads are slow...

2004-12-27 Thread Andy Schmidt
these with examples that implement conditional, compressed downloading. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message

[sniffer] How-To: Conditional Updates with GZIP, Log Uploads and Expiration

2004-12-27 Thread Andy Schmidt
check to see if a new file exists every two hours, you would not cause any loss of bandwidth for the Sniffer folks. If your bi-hourly update DOES download something, then their nofitications either didn't reach you or were late. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent

RE: [sniffer] How are folks doing with the latest version?

2004-11-19 Thread Andy Schmidt
Running without known problems. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL

RE: [sniffer] Persistent Server setup with SrvAny Resource Kit tool

2004-11-01 Thread Andy Schmidt
- then you should be alright! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 03:32 AM To: '[EMAIL PROTECTED]' Subject

RE: [sniffer] Persistent Server setup with SrvAny Resource Kit tool

2004-11-01 Thread Andy Schmidt
might be more convenient. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 03:26 AM To: '[EMAIL PROTECTED]' Subject

RE: [sniffer] Your Sniffer Setup

2004-11-01 Thread Andy Schmidt
to find. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 08:54 AM To: Andy Schmidt Subject: Your Sniffer Setup Andy, I saw your posting

RE: [sniffer] Your Sniffer Setup

2004-11-01 Thread Andy Schmidt
version, Sniffer would no longer find its directory when executed as a service, so I had to add the AppDirectory key to set the working directory. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20

RE: [sniffer] Your Sniffer Setup

2004-11-01 Thread Andy Schmidt
Data Type : REG_SZ String : path\application.ext e.g. c:\Imail\Sniffer\Win32\yoursnifferlicense.exe then where/how did you define your authorization code and the persistent option? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle

RE: [sniffer] Your Sniffer Setup

2004-11-01 Thread Andy Schmidt
be: just the path, name and extension of the executable.) The question is whether Microsoft ever intended it to work that way or if that possibly accidental capability may cease working at a later time. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper

[sniffer] LogRotate no longer working?

2004-10-31 Thread Andy Schmidt
02:27p 1,518,661 x.log.20041028192727 10/31/2004 09:09p 16,790,875 x.log Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go

RE: Re[2]: [sniffer] LogRotate no longer working?

2004-10-31 Thread Andy Schmidt
the active log and continues to use it. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, October 31, 2004 11:48 PM To: Andy Schmidt

RE: Re[2]: [sniffer] LogRotate no longer working?

2004-10-31 Thread Andy Schmidt
then the SMTP service - I checked my Sniffer win32 folder - the OLD .log file continues to grow and be updated with new dates. NO new log file was created, no old one was renamed. Where do I look for any error messages/indicators/return codes? Best Regards Andy Schmidt Phone: +1 201 934-3414

RE: Re[4]: [sniffer] LogRotate no longer working?

2004-10-31 Thread Andy Schmidt
Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, November 01, 2004 12:14 AM To: Andy Schmidt Subject: Re[4]: [sniffer] LogRotate no longer

RE: [sniffer] Persistent Server setup with SrvAny Resource Kit tool

2004-10-31 Thread Andy Schmidt
persistent AppDirectory=D:\\IMAIL\\Sniffer\\Win32 Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Sunday, October 31, 2004 09:19 PM To: [EMAIL

RE: [sniffer] Persistent Server setup with SrvAny Resource Kit tool

2004-10-31 Thread Andy Schmidt
starts. Of course, mine is Windows 2000 Server Resource Kit - yours may be different. And, I assume you have checked your sniffer folder to confirm a presence of the persistent.stat file with the very current time-stamp? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1

RE: [sniffer] Reporting

2004-06-24 Thread Andy Schmidt
and people probably don't just want to seem like they are talking JUST to hear themselves talk. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM