[sniffer] Re: rule panic not working

[Daniel Ivey]

Yes, I am positive.  If I turn off my SNIFFER test then everything works
properly.
 
 
 
-Original Message-
From: Linda Pagillo [mailto:lpad...@gmail.com]
Sent: Thursday, December 29, 2016 9:16 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
I don't think there is a way to block an entire set of rules with one entry.
Someone from Arm may need to chime in here and answer that question. Are you
positive that every single message coming in and leaving your server is
triggering Sniffer?
 
On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey < d...@gcrcompany.com
<mailto:d...@gcrcompany.com> > wrote:

Thanks, but it appears that my server is failing multiple 54- rules.  For
example from Google, it is failing 54-8064853-304-318-m and
54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
and 54-8064853-0-3703-f.
 
Is there a way block all 54- rules temporary?
 
Also, do you have any suggestions on what would cause this all of a sudden?
 
Daniel
 
-Original Message-
From: Linda Pagillo [mailto: lpad...@gmail.com <mailto:lpad...@gmail.com> ]
Sent: Thursday, December 29, 2016 8:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
for example... 54-8064853-304-318-m
 
On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com
<mailto:d...@gcrcompany.com> > wrote:
It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list < sniffer@sortmonster.com
<mailto:sniffer@sortmonster.com> >.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
<http://www.armresearch.com> 
To unsubscribe, E-mail to: < sniffer-...@sortmonster.com
<mailto:sniffer-...@sortmonster.com> >
To switch to the DIGEST mode, E-mail to < sniffer-dig...@sortmonster.co
<mailto:sniffer-dig...@sortmonster.com> m>
To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com
<mailto:sniffer-in...@sortmonster.com> >
Send administrative queries to  < sniffer-request@sortmonster.c
<mailto:sniffer-requ...@sortmonster.com> om>
 
 

[sniffer] Re: rule panic not working

[Daniel Ivey]

Thanks, but it appears that my server is failing multiple 54- rules.  For
example from Google, it is failing 54-8064853-304-318-m and
54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
and 54-8064853-0-3703-f.
 
Is there a way block all 54- rules temporary?
 
Also, do you have any suggestions on what would cause this all of a sudden?
 
Daniel
 
-Original Message-
From: Linda Pagillo [mailto:lpad...@gmail.com]
Sent: Thursday, December 29, 2016 8:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
for example... 54-8064853-304-318-m
 
On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com
<mailto:d...@gcrcompany.com> > wrote:
It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list < sniffer@sortmonster.com
<mailto:sniffer@sortmonster.com> >.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
<http://www.armresearch.com> 
To unsubscribe, E-mail to: < sniffer-...@sortmonster.com
<mailto:sniffer-...@sortmonster.com> >
To switch to the DIGEST mode, E-mail to < sniffer-digest@sortmonster.
<mailto:sniffer-dig...@sortmonster.com> com>
To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com
<mailto:sniffer-in...@sortmonster.com> >
Send administrative queries to  < sniffer-request@sortmonster.
<mailto:sniffer-requ...@sortmonster.com> com>
 

[sniffer] rule panic not working

[Daniel Ivey]

It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[sniffer] large log.xml files

[Daniel Ivey]

I was checking out our Imail servers this morning and noticed that under the
imail\declude\SNF folder I have a lot of .log.xml files from Sniffer.  Is
there a way to turn off these files in Sniffer or at least to have it only
store about 3 days worth?  I also noticed that the size of these files has
grown from about 60 megs a day to over 500 megs the past couple of days.
Does anyone have any ideas as to why the file sizes would increase so much,
I haven't seen an increase in messages.

Daniel

#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com

[sniffer] FW: [sniffer] Re: Message Sniffer DLL now used in Declude

[Daniel Ivey]

Andy,

Did you ever get the new Declude implemented on your mail server, so
that Sniffer isn't an external test any longer?  If so, was it hard to
implement?

Pete,

With the new Declude with Message Sniffer built into it, would I
still need to purchase a Sniffer license each year?

Daniel

===
Daniel Ivey
GCR Company / GCR Online
Voice:  434 - 570 - 1765
Fax:434 - 572 - 1981
d...@gcrcompany.com

-Original Message-
From: Pete McNeil [mailto:madscient...@armresearch.com]
Sent: Tuesday, January 05, 2010 9:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Message Sniffer DLL now used in Declude

Andy Schmidt wrote:
 Hi Pete,

 I saw their announcement.

 Dave says they are using THEIR rule base (not the one specific to the
 Sniffer customer).

Yes. They have an OEM license now which allows them to embed Message
Sniffer in their products with their own rulebase. This is simpler for
OEMs because it removes a lot of variables -- they can control and
predict what is in place so there is less guesswork if a problem arises.
Also distribution is simpler because they can install the complete
system at once... etc.

 Any hints what I have to do (on the Sniffer side) to move over to their
 service? Which part of my current stand-alone installation do I have to
 undo (e.g., the Sniffer service?)
  

Yes.

I've looked up your account and at present your rulebase does not
contain any custom rules or exclusions. (This is also the case for the
vast majority of SNF customers).

At the moment they do not provide a way for you to use an alternate
rulebase -- it is very likely this is a feature they will add soon.

To switch over to Declude's embedded SNF you will need to:

* Turn off your current SNFServer - it will conflict with the embedded
version.

* Remove any external calls to SNF from your global.cfg file.

* Configure your Declude installation as recommended by Declude
-- Update their snf_engine.xml file for their embedded version as directed.
-- Update their getRulebase.cmd script for their embedded version as
directed.
-- Tune the global.cfg file to use the embedded SNF tests to suit your
needs.

 , what about the update script

They use a slightly different update script. You will need to use their
version. If you have modified yours to do other tasks (such as notify
you or trigger other events) then you will need to make the same
modifications to their update script.

  and the
 uploading of log files?

When running version 3 or above there is no need to upload log files.
The SNF engine updates rulebase statistics and exchanges IP reputation
data approximately once per minute while checking for rulebase updates.

Declude's OEM rulebase is currently identical to the rulebase used by
the vast majority of SNF customers.

What is different is that with the embedded SNF engine your system will
be able to handle messages more efficiently, you will have easier access
to the IP reputation system, and your installation will be less complicated.

Please let me know if I missed anything.

Thanks,

_M


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com

#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com

[sniffer] OT - exchange 5.5 help

[Daniel Ivey]

I know this is off topic, but I need a little Exchange 5.5 help.  Recently
upgraded a client from NT4 with Exchange to Windows 2000 Server SP4 with
Exchange 5.5.  I am having one problem though.  The local server name is
server.example.com, which is fine and dandy for the internal network.  I
need to add a domain suffix for the server for the outside world for sending
email.  I need the domain suffix to be something like example1.com, where
example1.com is a real registered domain.  Any help is appreciated and you
can email me off list.

Daniel

===
Daniel Ivey
GCR Company / GCR Online
Voice:  434 - 570 - 1765
Fax:434 - 572 - 1981
[EMAIL PROTECTED]


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html