[sniffer] No email updates.

2007-11-21 Thread Frederick Samarelli 
Fred



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

[sniffer] Re: Experimental Abstract

2006-10-10 Thread Frederick Samarelli 

Where can I find a list of the latest result codes.
- Original Message - 
From: "John T (Lists)" <[EMAIL PROTECTED]>

To: "Message Sniffer Community" 
Sent: Monday, October 09, 2006 7:56 PM
Subject: [sniffer] Re: Experimental Abstract


I concur Pete in that I have been thinking about upping the weight for the
EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30
and delete at 35.

SNIFFER-TRAVEL 47 20
SNIFFER-INSURANCE 48 20
SNIFFER-AV-PUSH 49 20
SNIFFER-WAREZ 50 30
SNIFFER-SPAMWARE 51 40
SNIFFER-SNAKEOIL 52 40
SNIFFER-SCAMS 53 40
SNIFFER-PORN 54 40
SNIFFER-MALWARE 55 25
SNIFFER-INKPRINTING 56 20
SNIFFER-SCHEMES 57 30
SNIFFER-CREDIT 58 30
SNIFFER-GAMBLING 59 30
SNIFFER-GENERAL 60 25
SNIFFER-EXP-ABST 61 25
SNIFFER-OBFUSCATION 62 25
SNIFFER-EXP-IP 63 20

John T
eServices For You

"Seek, and ye shall find!"


-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf

Of

Pete McNeil
Sent: Monday, October 09, 2006 3:15 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Experimental Abstract

Hello Alberto,

In earlier times we had a philosophy that no single test should trap a
message. The idea was that my combining tests the accuracy of the
filter system would always (qualified) be improved.

The blackhats have become extremely aggressive about burning IPs and
generating image spam and/or other abstracted, short lived, and
narrowly targeted campaigns.

As a result of these changes, it is often the case that our abstract
rules are the only thing that will fire on a message.

The bad news is that holding on any single test will probably lead to
more false positives.

The good news is that SNF:Experimental/Abstract has a very low false
positive rate.

It may be time to alter our philosophy w/ regard to the
experimental/abstract rules group and recommend that wherever
practical, messages should probably be held (not deleted) based on a
hit in this rule group.

Hope this helps,

_M

Monday, October 9, 2006, 5:59:44 PM, you wrote:

> Hello

> I'm getting storms of spam and Sniffer sets them as (Experimental
> Abstract)
> Can someone explain how have I to treat them?

> Many thanks in advance
> Alberto



>
#

> This message is sent to you because you are subscribed to
>   the mailing list .
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to  <[EMAIL PROTECTED]>



--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.


#

This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>





#
This message is sent to you because you are subscribed to
 the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>






#
This message is sent to you because you are subscribed to
 the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

[sniffer] automated response

2006-05-15 Thread Frederick Samarelli 
I will be out of town for a few days. I will be checking emails frequently


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] False Positives

2006-01-18 Thread Frederick Samarelli 

Same with me. Last night there was a rules update and it fixed the problem.

Check the date of your rules update.


- Original Message - 
From: "Ali Resting" <[EMAIL PROTECTED]>

To: 
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, January 18, 2006 8:57 AM
Subject: [sniffer] False Positives



Hi,

Over the last 2 days I have seen a major increase in false positives.
Literally all hotmail and yahoo address are being caught by sniffer
inclusive of other legit domains.

Please confirm what may be causing this and what I can do to resolve the
issue.

Regards,

Ali

---
This message was scanned for viruses by the Real Image Anti-virus filters



This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html








This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] Update

2006-01-17 Thread Frederick Samarelli 



Can you send the update or I will have to disable 
Sniffer.
 
It is catching almost all our emails.
 
 

[sniffer] False

2005-05-10 Thread Frederick Samarelli 
I am finding that most if not all email from Comcast senders are failing 
Sniffer.

Fred 

This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] Fw: Undeliverable Mail

2005-04-27 Thread Frederick Samarelli 
Look what I got.
Fred
- Original Message - 
From: "Postmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 26, 2005 6:22 PM
Subject: Undeliverable Mail


Delivery failed 10 attempts: [EMAIL PROTECTED]
Unexpected connection response from server:
421  Insufficient System Storage.(IMail 6.05)

Original message follows.
Received: from Freds [64.124.117.139] by bks.tcbinc.com with ESMTP
 (SMTPD32-8.15) id AA105E90218; Tue, 26 Apr 2005 16:52:32 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Frederick Samarelli" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: 
Date: Tue, 26 Apr 2005 16:53:16 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0266_01C54A80.710D3F10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-Declude-Sender: [EMAIL PROTECTED] [64.124.117.139]
X-Declude-Spoolname: DAA1005E90218550F.SMD
X-Note: Sent from: [EMAIL PROTECTED]
X-Note: Sent from Reverse DNS:  freds.tcbinc.com ([64.124.117.139])
X-Note: This E-mail was scanned by TCB [2.0.6] for virus
X-RBL-Warning: Total weight: 0

This is a multi-part message in MIME format.
--=_NextPart_000_0266_01C54A80.710D3F10
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
--=_NextPart_000_0266_01C54A80.710D3F10
Content-Type: message/rfc822;
name="Learn to Use Your Computer Like a Pro.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Learn to Use Your Computer Like a Pro.eml"
Received: from DNS2.TCBINC.NET [64.124.116.30] by bks.tcbinc.com
 (SMTPD32-8.15) id A92A6F20214; Tue, 26 Apr 2005 16:48:42 -0400
Received: from mx2.southwindsdirect.com ([204.8.100.52])
by DNS2.TCBINC.NET (SMSSMTP 4.1.0.19) with SMTP id M2005042616492307124
for <[EMAIL PROTECTED]>; Tue, 26 Apr 2005 16:49:23 -0400
Content-Type: multipart/alternative;
boundary="WaLt-wBnDGPYiIqMlh3vde6oK2RGxH4AZ2D9UIf216ndLtUg"
From: "System Guru" <[EMAIL PROTECTED]>
MIME-Version: 1.0
To: "Subscriber" <[EMAIL PROTECTED]>
Date: Tue, 26 Apr 2005 20:49:21 +
Message-ID: <[EMAIL PROTECTED]>
Subject: Learn to Use Your Computer Like a Pro
X-Complaints-To: [EMAIL PROTECTED]
[message truncated]
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] SPAM

2005-03-07 Thread Frederick Samarelli 
No errors. Just SPAM showing as clean.
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Frederick Samarelli" 
Sent: Monday, March 07, 2005 6:56 PM
Subject: Re: [sniffer] SPAM


On Monday, March 7, 2005, 6:40:52 PM, Frederick wrote:
FS> I am seeing a large amount of SPAM Pass Sniffer today.
FS> Am I alone.
I didn't see this. According to MDLP the first half of the day (at
least) was right in the normal range - about 98.5% of spam captured.
http://www.sortmonster.com/MDLP/MDLP-Example-Short.html
89.8% of messages were spam.
Anybody else see spam leakage I didn't?
Frederick: Any errors in the log?
_M

This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html


This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] SPAM

2005-03-07 Thread Frederick Samarelli 
I am seeing a large amount of SPAM Pass Sniffer today.
Am I alone.
Fred
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] Missing Junk

2004-11-04 Thread Frederick Samarelli 
I am seeing a high rate of junk slipping past Sniffer over the past week.
Has anything changed.
Fred
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] 2-3.0i9 looks good to me... How about you?

2004-10-25 Thread Frederick Samarelli 
Running without issue.
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 2004 7:33 PM
Subject: [sniffer] 2-3.0i9 looks good to me... How about you?


Hello Sniffer Folks,
 I'd like to get an idea how many have tried the Release Candidate
 2-3.0i9 that was announced the end of last week. I've not heard of
 any issues, and our testing has all been positive (faster, more
 stable, new features work as expected...)
 Based on what I've seen so far I believe this version is ready to
 become the official 2-3.1 release... but I would like to get an idea
 of how many folks are using it successfully already (I've not heard
 any problem reports.)
 So, what do you all say? Is this one ready to go?!
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)

This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html


This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] New beta v2-3.0i4

2004-10-12 Thread Frederick Samarelli 
Link not working
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 12, 2004 11:55 AM
Subject: [sniffer] New beta v2-3.0i4


Hello Sniffer Folks,
 I have a new version of Message Sniffer ready for wide beta testing.
 * This version has some tighter timing mechanisms for better
 performance under heavy loads.
 * This version has a new feature that will produce a .xhdr file
 containing X-Header information that Message Sniffer would like to
 emit into the message. Folks running *nix systems or otherwise
 customizing sniffer will find this useful. Check the .cfg file for
 details. NOTE: If you have sniffer generate a .xhdr file you must
 delete it when you have finished processing your message.
 You can find the beta distribution at:

Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)

This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html


This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] spam leakage up

2004-06-24 Thread Frederick Samarelli 
I have seen this and been sending them on the Spam@


- Original Message - 
From: "Herb Guenther" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 24, 2004 10:50 AM
Subject: [sniffer] spam leakage up


> In the last couple days we are seeing quite an increase in the amount of
> spam leaking past sniffer and declude.  Anyone else seeing this?
>
> Herb
>
> -- 
> Herb Guenther
> Lanex, LLC
> www.lanex.com
> (262)789-0966x102 Office
> (262)780-0424 Direct
>
>
> This e-mail is confidential and is for the use of the intended
recipient(s)only. If you are not an intended recipient please advise us of
our error by return e-mail then delete this e-mail and any attached files.
You may not copy, disclose or use the contents in any way.
>
>
>
>
>
>
>
>
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Frederick Samarelli 
Is this by design
- Original Message - 
From: "Landry William" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 09, 2004 11:08 PM
Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!


>
> Same here, but if you check your logs, I think you will find that it is
> working.
>
> Bill
>
> -----Original Message-
> From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 09, 2004 8:04 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> When I do it the window pop-up is blank
> - Original Message - 
> From: "Landry William" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, May 09, 2004 10:59 PM
> Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> >
> > Fredrick, I stopped the Sniffer service and tested from the command
> > prompt
> > with:
> >
> > Start xx.exe x persistent
> >
> > and this is working fine, as well.  These messages have come in since
> > starting sniffer persistence from the command prompt:
> >
> > LicenseID   20040510024905  Ded96001d093c201a.SMD   40  150
> > Clean   0   0   03720   60
> > LicenseID   20040510024908  Ded96003f080c201b.SMD   10  20
> > Clean   0   0   0   149451
> > LicenseID   20040510025416  Deecf003708b6201f.SMD   10  190
> > Match   117330  57  3301331578
> > LicenseID   20040510025416  Deecf003708b6201f.SMD   10  190
> > Final   117330  57  0   661178
> > LicenseID   20040510025417  Deecf003d094e2020.SMD   10  30
> > Match   117330  57  2478249273
> > LicenseID   20040510025417  Deecf003d094e2020.SMD   10  30
> > Final   117330  57  0   264373
> > LicenseID   20040510025437  Deee7003908b62023.SMD   10  50
> > Match   118825  52  1560157266
> > LicenseID   20040510025437  Deee7003908b62023.SMD   10  50
> > Final   118825  52  0   528566
> > LicenseID   20040510025445  Deee70041094e2024.SMD   10  20
> > Match   118825  52  1588160059
> > LicenseID   20040510025445  Deee70041094e2024.SMD   10  20
> > Final   118825  52  0   184759
> > LicenseID   20040510025508  Def05007c04c02027.SMD   10  81
> > Match   54070   52  884 924 70
> > LicenseID   20040510025508  Def05007c04c02027.SMD   10  81
> > Final   54070   52  0   617970
> > LicenseID   20040510025523  Def05007d04c02029.SMD   10  30
> > Match   54070   52  1103116862
> > LicenseID   20040510025523  Def05007d04c02029.SMD   10  30
> > Final   54070   52      0   274862
> > LicenseID   20040510025639  Def62008204c0202c.SMD   10  60
> > Match   40539   62  5135517867
> > LicenseID   20040510025639  Def62008204c0202c.SMD   10  60
> > Final   40539   62  0   579167
> >
> > Bill
> >
> > -Original Message-
> > From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> > Sent: Sunday, May 09, 2004 7:32 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
> >
> >
> > I am having problems getting it started from the command prompt.
> > - Original Message -
> > From: "Landry William" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, May 09, 2004 10:30 PM
> > Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!
> >
> >
> > >
> > > It seems to be working fine for me.  I have it running as a service,
> > > per Matt's instructions using the W2K resource kit files, and it has
> > > been running fine all day.
> > >
> > > Bill
> > >
> > > -Original Message-
> > > From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> > > Sent: Sunday, May 09, 2004 5:10 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
> > >
> > >
> > > The persistent mode stopped working after installing new program.
> > >
> > > Revert back to old one and it works???
> > >
> > > Start xx.exe x persistent
> > >
> > > - Original Message -
> > > From: "Pete McNeil" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECT

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Frederick Samarelli 
When I do it the window pop-up is blank
- Original Message - 
From: "Landry William" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 09, 2004 10:59 PM
Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!


>
> Fredrick, I stopped the Sniffer service and tested from the command prompt
> with:
>
> Start xx.exe x persistent
>
> and this is working fine, as well.  These messages have come in since
> starting sniffer persistence from the command prompt:
>
> LicenseID   20040510024905  Ded96001d093c201a.SMD   40  150
> Clean   0   0   03720   60
> LicenseID   20040510024908  Ded96003f080c201b.SMD   10  20
> Clean   0   0   0   149451
> LicenseID   20040510025416  Deecf003708b6201f.SMD   10  190
> Match   117330  57  3301331578
> LicenseID   20040510025416  Deecf003708b6201f.SMD   10  190
> Final   117330  57  0   661178
> LicenseID   20040510025417  Deecf003d094e2020.SMD   10  30
> Match   117330  57  2478249273
> LicenseID   20040510025417  Deecf003d094e2020.SMD   10  30
> Final   117330  57  0   264373
> LicenseID   20040510025437  Deee7003908b62023.SMD   10  50
> Match   118825  52  1560157266
> LicenseID   20040510025437  Deee7003908b62023.SMD   10  50
> Final   118825  52  0   528566
> LicenseID   20040510025445  Deee70041094e2024.SMD   10  20
> Match   118825  52  1588160059
> LicenseID   20040510025445  Deee70041094e2024.SMD   10  20
> Final   118825  52  0   184759
> LicenseID   20040510025508  Def05007c04c02027.SMD   10  81
> Match   54070   52  884 924 70
> LicenseID   20040510025508  Def05007c04c02027.SMD   10  81
> Final   54070   52  0   617970
> LicenseID   20040510025523  Def05007d04c02029.SMD   10  30
> Match   54070   52  1103116862
> LicenseID   20040510025523  Def05007d04c02029.SMD   10  30
> Final   54070   52  0   274862
> LicenseID   20040510025639  Def62008204c0202c.SMD   10  60
> Match   40539   62  5135517867
> LicenseID   20040510025639  Def62008204c0202c.SMD   10  60
> Final   40539   62  0   579167
>
> Bill
>
> -Original Message-
> From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 09, 2004 7:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> I am having problems getting it started from the command prompt.
> - Original Message - 
> From: "Landry William" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, May 09, 2004 10:30 PM
> Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> >
> > It seems to be working fine for me.  I have it running as a service,
> > per Matt's instructions using the W2K resource kit files, and it has
> > been running fine all day.
> >
> > Bill
> >
> > -Original Message-
> > From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> > Sent: Sunday, May 09, 2004 5:10 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
> >
> >
> > The persistent mode stopped working after installing new program.
> >
> > Revert back to old one and it works???
> >
> > Start xx.exe x persistent
> >
> > - Original Message -
> > From: "Pete McNeil" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, May 10, 2004 4:59 AM
> > Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
> >
> >
> > > At 11:36 AM 5/9/2004, you wrote:
> > > >Pete.
> > > >
> > > >Should we be able to just replace our .exe file with this one
> > >
> > > Yes. It will act just like the current version.
> > > The persistent server option doesn't take effect until you launch an
> > > instance in persistent mode. Until then (or if the persistent server
> > fails)
> > > the program will act exactly like version 2-2, except that you can
> > > still configure the log format if you wish.
> > >
> > > Most importantly the snf2check.exe utility is much improved with
> > > this new version.
> > >
> > > Hope this helps,
> > > _M
> > >
> > >
> > > This E-Mail came from the Message Sniffer mailing list. For
> > > informatio

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Frederick Samarelli 
I am having problems getting it started from the command prompt.
- Original Message - 
From: "Landry William" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 09, 2004 10:30 PM
Subject: RE: [sniffer] Message Sniffer Version 2-3 Official Release!


>
> It seems to be working fine for me.  I have it running as a service, per
> Matt's instructions using the W2K resource kit files, and it has been
> running fine all day.
>
> Bill
>
> -----Original Message-
> From: Frederick Samarelli [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 09, 2004 5:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> The persistent mode stopped working after installing new program.
>
> Revert back to old one and it works???
>
> Start xx.exe x persistent
>
> - Original Message - 
> From: "Pete McNeil" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, May 10, 2004 4:59 AM
> Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
>
>
> > At 11:36 AM 5/9/2004, you wrote:
> > >Pete.
> > >
> > >Should we be able to just replace our .exe file with this one
> >
> > Yes. It will act just like the current version.
> > The persistent server option doesn't take effect until you launch an
> > instance in persistent mode. Until then (or if the persistent server
> fails)
> > the program will act exactly like version 2-2, except that you can
> > still configure the log format if you wish.
> >
> > Most importantly the snf2check.exe utility is much improved with this
> > new version.
> >
> > Hope this helps,
> > _M
> >
> >
> > This E-Mail came from the Message Sniffer mailing list. For
> > information
> and (un)subscription instructions go to
> http://www.sortmonster.com/MessageSniffer/Help/Help.html
> >
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and
> (un)subscription instructions go to
> http://www.sortmonster.com/MessageSniffer/Help/Help.html
>
> --
-
> This message and any included attachments are from Siemens Medical
Solutions
> USA, Inc. and are intended only for the addressee(s).
> The information contained herein may include trade secrets or privileged
or
> otherwise confidential information.  Unauthorized review, forwarding,
printing,
> copying, distributing, or using such information is strictly prohibited
and may
> be unlawful.  If you received this message in error, or have reason to
believe
> you are not authorized to receive it, please promptly delete this message
and
> notify the sender by e-mail with a copy to
[EMAIL PROTECTED]
>
> Thank you
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Frederick Samarelli 
The persistent mode stopped working after installing new program.

Revert back to old one and it works???

Start xx.exe x persistent

- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 10, 2004 4:59 AM
Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!


> At 11:36 AM 5/9/2004, you wrote:
> >Pete.
> >
> >Should we be able to just replace our .exe file with this one
>
> Yes. It will act just like the current version.
> The persistent server option doesn't take effect until you launch an
> instance in persistent mode. Until then (or if the persistent server
fails)
> the program will act exactly like version 2-2, except that you can still
> configure the log format if you wish.
>
> Most importantly the snf2check.exe utility is much improved with this new
> version.
>
> Hope this helps,
> _M
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Frederick Samarelli 
Pete.

Should we be able to just replace our .exe file with this one

Fred
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 09, 2004 6:59 PM
Subject: [sniffer] Message Sniffer Version 2-3 Official Release!


> 2004-05-08 - Message Sniffer Version 2-3 Official Release!
>
> We are proud to release the newest version of Message Sniffer. This
version
> includes important performance and system integrity improvements including
> full rulebase integrity checking to protect against corrupted or failed
> rulebase downloads and persistent instance support which allows Message
> Sniffer to run as a lightweight service.
>
> This new version of Message Sniffer "Screams!" when using the new
> "Persistent Instance" option consistently achieving message scans in tens
> of milliseconds without the need for high-end hardware or additional
> network resources. While comparable anti-spam solutions can take several
> seconds to process each message, this new version of Message Sniffer can
> consistently produce accurate results in small fractions of a second. This
> means that Message Sniffer is typically two orders of magnitude (as much
as
> 100 times!) faster than many other anti-spam solutions without sacrificing
> accuracy!
>
> Version 2-3 also includes a number of additional features including
> "Rule-Panic" entries to mitigate critical false positive issues
immediately
> without reverting to backups, on-demand log file rotation to make
> management tasks easier, and adjustable logging levels to reduce the size
> of log files when full details are not required.
>
> Get the newest distribution from our Try-It page:
>
> http://www.sortmonster.com/MessageSniffer/Try-It.html
>
> Details about the new features are on the Sniffer Basics page:
>
> http://www.sortmonster.com/MessageSniffer/SnifferBasics.html
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] Download Problem

2004-04-13 Thread Frederick Samarelli 
Pete.
I am seeing major download problems of the SNF file tonight.

Any problems with others.

Fred


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Frederick Samarelli 
This worked great.

Thanks.
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 07, 2004 8:46 PM
Subject: Re: [sniffer] Final beta (b2) for snfrv2r3


> At 08:36 PM 4/7/2004, you wrote:
> >What is the best and proper way to setup Persistent mode on a windows
2000
> >computer and run as a service.
> >
> >Fred
>
> * Make a backup copy of your current executable (just in case).
> * Rename the 2-3b2 executable for your license and replace your current
> executable.
>
> At this point your system will be running in the normal way.
>
> Next, you can use a third party utility or the windows toolkit to run your
> sniffer executable as a service with the persistent switch.
>
> Here are two links from previous discussions to help.
> I prefer RunExeSvc because it seems simpler.
>
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg00165.html
>
> Here it is done with the toolkit...
>
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg00169.html
>
> Hope this helps,
> _M
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Frederick Samarelli 
What is the best and proper way to setup Persistent mode on a windows 2000
computer and run as a service.

Fred
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 07, 2004 8:30 PM
Subject: RE: [sniffer] Final beta (b2) for snfrv2r3


>
> >   Pre-persistant sniffer my times sometimes got high, but never beyond 3
> >digits. While running the persistant beta, about half of my times are in
> >the thousands. The machine also seems to be far more prone to bogging
down
> >under a mail load. This is on a P2/800mhz 1g ram machine.
> >
> >Pre-beta
> >20040304211333  d9bec001201263026.smd   312 0   Match   89089
> >20040304211333  d9bec001201263026.smd   312 0   Final   89089
> >
> >Persistant sniffer
> >20040407042039  d819316c90154969c.smd   100032  Match   48754
> >20040407042039  d819316c90154969c.smd   100032  Match   94972
> >20040407042039  d819316c90154969c.smd   100032  Final   94972
>
> This doesn't make any sense. I have no good theory for this. I am unable
to
> create any scenario where using the persistent engine degrades
performance.
> In all of my tests on three separate platforms the persistent engine
> produces a significant improvement - even under unreasonably harsh
conditions.
>
> >   Aside from rebooting the machine and not starting sniffer in
persistant
> >mode, how do I stop sniffer from running persistantly?
>
> Sniffer is adaptive. You can turn the persistent instance on and off at
> will. Simply stop the service - a reboot is not needed. If the persistent
> instance is turned off then the remaining instances will organize
> themselves in the usual way.
>
> _M
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Frederick Samarelli 



What do the number after the Final/Clean 
indicate.

  - Original Message - 
  From: 
  Pete McNeil 
  To: [EMAIL PROTECTED] 
  Sent: Wednesday, April 07, 2004 11:38 
  AM
  Subject: RE: [sniffer] Final beta (b2) 
  for snfrv2r3
  Extraordinary...Compare with a snippet from our IMail/NT4 
  test platform (severely underpowered)...snf2beta 
  20040407140913 D0b86122.SMD 30 90 Final 75148 63 0 6891 68snf2beta 
  20040407140913 D0b8614e.SMD 90 140 Final 103691 57 0 8878 72snf2beta 
  20040407140914 D0b88122.SMD 40 141 Final 103689 57 0 9003 71snf2beta 
  20040407140915 D0b880b6.SMD 90 20 Final 106244 52 0 817 65snf2beta 
  20040407140916 D0b8a0de.SMD 40 210 Final 104044 52 0 8779 76snf2beta 
  20040407140917 D0b8b122.SMD 30 60 Final 70077 53 0 3727 73snf2beta 
  20040407140920 D0b8e0b6.SMD 20 40 Clean 0 0 0 2958 54snf2beta 
  20040407140927 D0b960b6.SMD 30 80 Final 30439 54 0 3885 73snf2beta 
  20040407140934 D0b930b6.SMD 20 40 Clean 0 0 0 2647 67snf2beta 
  20040407140935 D0b9e0a8.SMD 20 130 Final 73558 52 0 6242 80snf2beta 
  20040407140942 D0ba414e.SMD 20 160 Final 105444 52 0 8252 87snf2beta 
  20040407140942 D0ba40de.SMD 201 60 Final 105825 52 0 3351 68snf2beta 
  20040407140947 D0baa0b6.SMD 30 121 Final 30439 54 0 3898 72snf2beta 
  20040407140947 D0baa14e.SMD 40 80 Final 66835 52 0 5358 64snf2beta 
  20040407140952 D0bad122.SMD 20 110 Final 97422 57 0 6104 79snf2beta 
  20040407140952 D0bae0d2.SMD 30 81 Final 83761 57 0 4790 72snf2beta 
  20040407140952 D0bac0b6.SMD 40 90 Final 1686 48 0 5415 80snf2beta 
  20040407141003 D0bb90b6.SMD 20 40 Final 49992 54 0 2186 69The 
  first thing I notice is that the setup times (first number) on your system are 
  consistently large. According to your log entries it is taking a quarter of a 
  second to scan the working directory for a job... That's a LOT of time for a 
  directory scan to take.The message scan itself doesn't seem to be out 
  of range.The next thing I notice is that your messages arrive several 
  seconds apart consistently. I see 10 sec, 16, 12, 4, 10, etc... In our log we 
  frequently scan several messages in the same second.I see two things 
  going on based on this data:I suspect your system is I/O bound. There 
  is no reason that a directory scan should take more than a few tens of 
  milliseconds except occasionally... That puts your numbers out by nearly an 
  order of magnitude (compare 20s & 30s w/ 109, 187, 280+!). Be sure 
  that Sniffer's working directory does not have any extra files in it. Sniffer 
  instances measure their apparent work load by counting the number of files in 
  their working directory... The theory is that aside from a handful of 
  necessary files the rest are jobs waiting to be processed... so if the number 
  of files is large then the load must be high and so a Sniffer instance should 
  be prepared to wait a bit longer for service.Sniffer should be running 
  in it's own directory with no other files present that don't need to be there. 
  Be sure to clean out any dead job files that might have built up with a prior 
  error etc...My thinking on I/O is that if it takes 100-280 msec to 
  scan the directory for job files then it's likely to take quite a while to 
  load any program - including the shell. This can explain the additional time 
  you are seeing in your measurements. Under normal circumstances I would expect 
  that operation to happen almost instantaneously since the Sniffer executable, 
  command shell, and other files that must load should remain consistently in 
  memory due to their being called so frequently. It's a good bet that much of 
  your delay time is bound in this part of the equation.The next place I 
  think you're finding delays is in sleeping. There are several seconds between 
  messages on your system consistently so Sniffer is going to sleep much of the 
  time. If Sniffer can't find work for several seconds the poll delay times will 
  expand accordingly. It's a good bet that the rest of the time in your 1.5 
  seconds is due to the fact that the next message you're going to process is 
  5-10 seconds away from the last.After waiting 1 second the poll delay 
  will be ~ 630msAfter about 2.5 seconds the poll delay will be ~ 
  1650ms...By the time you get beyond 5 seconds the poll delay will be 
  4000ms, so your average sleep time will be 2 secs. Based on this I think 1.5 
  seconds is not unlikely... on the other hand since the next message is likely 
  to be 5 or more seconds away this should have no apparent effect on 
  throughput, and since Sniffer is sleeping most of the time your system will 
  have plenty of resources for other work and should be very 
  responsive.If you are uncomfortable with this part of the process you 
  can now put a ceiling on the poll time by setting the MaxPollTime parameter in 
  your .cfg file. You indicate that you've set this to 50ms (this is very 
  aggressive!). Does the monitor output from the beta reflect the new time

Re: [sniffer] Error_Bad_Matrix

2004-03-26 Thread Frederick Samarelli 
Maybe it is time to look at a new snf2check.exe.

One that has some checksum ability.

Say you download two files not one.

One with the rules and the other a checksum file.

Just a thought on how to keep corrupt rules from being put into production.

Fred
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 26, 2004 10:26 AM
Subject: Re: [sniffer] Error_Bad_Matrix


> At 09:10 AM 3/26/2004, you wrote:
>
> >On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote:
> >
> >>  ERROR_BAD_MATRIX is definitely a corrupted rulebase file. A manual
> >> download should solve the problem.
> >
> >Should not snf2check.exe detect this?  If the sniffer can detect it, it
> >seems that the checker should too.
>
> No. snf2check.exe does a static check on part of the file.
>
> ERROR_BAD_MATRIX is a run time error produced when one of the creatures
> tries to run into memory space that it shouldn't. Only the creature
running
> into that bad part of the token matrix discovers the problem currently -
> that part of the file was not checked by snf2check.
>
> _M
>
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

[sniffer] Fail

2004-03-24 Thread Frederick Samarelli 
Your 8:20 PM update notice Failed Sniffer

What is going on.

From: [EMAIL PROTECTED]
Subject: XXX.snf Update 20040325.0125
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected. [2-3-1800]
X-RBL-Warning: SNIFFER: Message failed SNIFFER: 63. [2-4-2000]


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Possible Bad Rule?

2004-03-24 Thread Frederick Samarelli 
Same with me.
- Original Message - 
From: "Sheldon Koehler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 24, 2004 2:02 PM
Subject: Re: [sniffer] Possible Bad Rule?


> I am getting a lot of complaints today from Yahoo users...
>
> Sheldon
>
>
> - Original Message - 
> From: "Darrell LaRock" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: "'SnifferSupport'" <[EMAIL PROTECTED]>
> Sent: Wednesday, March 24, 2004 10:33 AM
> Subject: [sniffer] Possible Bad Rule?
>
>
> > Pete,
> >
> >
> >
> > I am seeing a ton of false positives for RULE 100543.  I sent a few in
to
> > you to check out ([EMAIL PROTECTED]).  I wanted to post this here as well since
it
> > seems to take approx. 24 hours to process false positives.
> >
> >
> >
> > Darrell
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-19 Thread Frederick Samarelli 
Looks like it is working as indicated below.

I think it is fine.

The server is just busy these days.


- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 19, 2004 11:51 AM
Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.


> Are the Polled waited: numbers changing periodically?
>
> If they are high and you are also showing other instances w/ message
> traffic then that would indicate that the persistent instance is not
> running in the same working directory with the others - that would also
> cause you to see no real effect.
>
> If you are seeing small numbers (30, 60, 90, and so forth) then it is
> definitely working and should be making a difference.
>
> I'd like to continue this off-list until I understand your setup better.
> Please send me a note (support@) with a short segment (a few pages) of
your
> current sniffer log. I would also like to know about your hardware, your
> current CPU %, and your typical CPU%.
>
> Thanks!
> _M
>
> At 11:41 AM 3/19/2004, you wrote:
> >Yes it should be running I see the window with the Polled waited:
> >- Original Message -
> >From: "Pete McNeil" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, March 19, 2004 11:33 AM
> >Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.
> >
> >
> > > That is unusual. You should see a marked drop in the "queue time" in
the
> > > sniffer logs and generally a drop in overall system loads.
> > >
> > > If the persistent instance is running then it will be the only
instance
> > > that loads the rule-base - and that will happen infrequently. The
other
> > > instances will still load, but they will always be clients - so they
will
> > > post their job and then go to sleep waiting for it to be completed.
> > >
> > > Are you sure the persistent instance is running?
> > >
> > > _M
> > >
> > > At 10:35 AM 3/19/2004, you wrote:
> > > >When I installed it in a persistence mode I notice very little
> >improvement.
> > > >
> > > >When my server is busy it can load 30 or more instances of the
program.
> > > >
> > > >Is it loading from the drive or is it taking off the persistence one.
> > > >
> > > >Fred
> > > >- Original Message -
> > > >From: "Pete McNeil" <[EMAIL PROTECTED]>
> > > >To: <[EMAIL PROTECTED]>
> > > >Sent: Friday, March 19, 2004 9:01 AM
> > > >Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.
> > > >
> > > >
> > > > > Matt,
> > > > >
> > > > > You're right. It's pretty hard to tell from those images. Rush
hour
> >will
> > > > > prove out though - I'm sure. When I installed the persistent
engine on
> >our
> > > > > NT test bed we were pegged at 100% with a few dips. (It's not
always
> >that
> > > > > way, but it was when I tested it because I wanted harsh
conditions.)
> >After
> > > > > installing it the cpu graph dropped well below 50%. I'm sure there
are
> > > >some
> > > > > exponential load dynamics going on there too - but none the less
it
> >was
> > > > > inpressive.
> > > > >
> > > > > I think you will see a more accurate picture in your sniffer logs.
The
> > > >left
> > > > > column of timing figures should drop significantly.
> > > > >
> > > > > We shall see - it's a marathon not a sprint :-)
> > > > >
> > > > > _M
> > > > >
> > > > > At 02:13 AM 3/19/2004, you wrote:
> > > > > >Pete,
> > > > > >
> > > > > >Although inconclusive, some screen caps of Task Manager seems to
show
> >a
> > > > > >dramatic reduction in many of the peaks with the service turned
on.
> > > > > >It's hard to tell the exact impact due to the virus scanners not
> >always
> > > > > >being called, and SKIPIFWEIGHT settings disabling a mountain of
> >custom
> > > > > >Declude filters which both are processor hogs, but the smaller
peaks.
> >I
> > > > > >believe the following before and after screen caps are
representative
> >of
> > > > > >the impact (I looked for similar E-mail hit frequencies):
> > > > > >
> > > > > >Before
> > > > > >http://www.mailpure.com/no_service.gif
> > > > > >
> > > > > >After (with service)
> > > > > >http://www.mailpure.com/service.gif
> > > > > >
> > > > > >The real test will have to wait for rush hour though.
> > > > > >
> > > > > >Thanks,
> > > > > >
> > > > > >Matt
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >Pete McNeil wrote:
> > > > > >
> > > > > >>The service definition takes care of the persistence. Your
Declude
> > > >config
> > > > > >>should not be changed.
> > > > > >>
> > > > > >>_M
> > > > > >>
> > > > > >>At 01:05 AM 3/19/2004, you wrote:
> > > > > >>
> > > > > >>>I'm going to give this one a try right now since I have the
> >Resource
> > > >Kit
> > > > > >>>installed already.  Just one question...do I need to change the
> > > > > >>>arguments in my Declude config, or will the service definition
take
> > > >care
> > > > > >>>of the 'persistence'?
> > > > > >>>
> > > > > >>>Thanks,
> > > > > >>>
> > > > > >>>Matt
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>>Bill

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-19 Thread Frederick Samarelli 
Yes it should be running I see the window with the Polled waited:
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 19, 2004 11:33 AM
Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.


> That is unusual. You should see a marked drop in the "queue time" in the
> sniffer logs and generally a drop in overall system loads.
>
> If the persistent instance is running then it will be the only instance
> that loads the rule-base - and that will happen infrequently. The other
> instances will still load, but they will always be clients - so they will
> post their job and then go to sleep waiting for it to be completed.
>
> Are you sure the persistent instance is running?
>
> _M
>
> At 10:35 AM 3/19/2004, you wrote:
> >When I installed it in a persistence mode I notice very little
improvement.
> >
> >When my server is busy it can load 30 or more instances of the program.
> >
> >Is it loading from the drive or is it taking off the persistence one.
> >
> >Fred
> >- Original Message -
> >From: "Pete McNeil" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, March 19, 2004 9:01 AM
> >Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.
> >
> >
> > > Matt,
> > >
> > > You're right. It's pretty hard to tell from those images. Rush hour
will
> > > prove out though - I'm sure. When I installed the persistent engine on
our
> > > NT test bed we were pegged at 100% with a few dips. (It's not always
that
> > > way, but it was when I tested it because I wanted harsh conditions.)
After
> > > installing it the cpu graph dropped well below 50%. I'm sure there are
> >some
> > > exponential load dynamics going on there too - but none the less it
was
> > > inpressive.
> > >
> > > I think you will see a more accurate picture in your sniffer logs. The
> >left
> > > column of timing figures should drop significantly.
> > >
> > > We shall see - it's a marathon not a sprint :-)
> > >
> > > _M
> > >
> > > At 02:13 AM 3/19/2004, you wrote:
> > > >Pete,
> > > >
> > > >Although inconclusive, some screen caps of Task Manager seems to show
a
> > > >dramatic reduction in many of the peaks with the service turned on.
> > > >It's hard to tell the exact impact due to the virus scanners not
always
> > > >being called, and SKIPIFWEIGHT settings disabling a mountain of
custom
> > > >Declude filters which both are processor hogs, but the smaller peaks.
I
> > > >believe the following before and after screen caps are representative
of
> > > >the impact (I looked for similar E-mail hit frequencies):
> > > >
> > > >Before
> > > >http://www.mailpure.com/no_service.gif
> > > >
> > > >After (with service)
> > > >http://www.mailpure.com/service.gif
> > > >
> > > >The real test will have to wait for rush hour though.
> > > >
> > > >Thanks,
> > > >
> > > >Matt
> > > >
> > > >
> > > >
> > > >
> > > >Pete McNeil wrote:
> > > >
> > > >>The service definition takes care of the persistence. Your Declude
> >config
> > > >>should not be changed.
> > > >>
> > > >>_M
> > > >>
> > > >>At 01:05 AM 3/19/2004, you wrote:
> > > >>
> > > >>>I'm going to give this one a try right now since I have the
Resource
> >Kit
> > > >>>installed already.  Just one question...do I need to change the
> > > >>>arguments in my Declude config, or will the service definition take
> >care
> > > >>>of the 'persistence'?
> > > >>>
> > > >>>Thanks,
> > > >>>
> > > >>>Matt
> > > >>>
> > > >>>
> > > >>>
> > > >>>Bill Boebel wrote:
> > > >>>
> > > We've been using svrany for years with several custom applications
and
> >it
> > > works great.  This utility has been around since the NT4 Resource
> >Kit...
> > > 
> > >   http://www.pyeung.com/pages/win2k/userdefinedservice.html
> > > 
> > > Bill
> > > 
> > > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil
> > > Sent: Friday, March 19, 2004 12:25 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: [sniffer] RunExeSvc for Persistent sniffer.
> > > 
> > > 
> > > Hello folks,
> > > 
> > > We've been continuing to test the new persistence enabled sniffer
> >engine
> > > and some utilities that will allow it to run as a service.
> > > 
> > > We found a free utility that seems to be very solid, and very
simple.
> > > 
> > > http://www.judoscript.com/goodies/RunExeSvc/runexesvc.html
> > > 
> > > One of the scripts we used is:
> > > 
> > > debug=false
> > > cmdline=c:\Projects\sniffer2-3\TestBed\snfrv2r2.exe
xnk05x5vmipeaof7
> > > persistent
> > > home=c:\Projects\sniffer2-3\TestBed
> > > 
> > > (Note: The mismatch between the sniffer2-3 directory and the
> >snfrv2r2.exe
> > > is not a type-o. We re-branded the 2-3 to use the snfrv2r2 license
in
> >our
> > > example - it was easier that than creating a new license. Note
also
> >that
> > > the cmdline

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-19 Thread Frederick Samarelli 
When I installed it in a persistence mode I notice very little improvement.

When my server is busy it can load 30 or more instances of the program.

Is it loading from the drive or is it taking off the persistence one.

Fred
- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 19, 2004 9:01 AM
Subject: Re: [sniffer] RunExeSvc for Persistent sniffer.


> Matt,
>
> You're right. It's pretty hard to tell from those images. Rush hour will
> prove out though - I'm sure. When I installed the persistent engine on our
> NT test bed we were pegged at 100% with a few dips. (It's not always that
> way, but it was when I tested it because I wanted harsh conditions.) After
> installing it the cpu graph dropped well below 50%. I'm sure there are
some
> exponential load dynamics going on there too - but none the less it was
> inpressive.
>
> I think you will see a more accurate picture in your sniffer logs. The
left
> column of timing figures should drop significantly.
>
> We shall see - it's a marathon not a sprint :-)
>
> _M
>
> At 02:13 AM 3/19/2004, you wrote:
> >Pete,
> >
> >Although inconclusive, some screen caps of Task Manager seems to show a
> >dramatic reduction in many of the peaks with the service turned on.
> >It's hard to tell the exact impact due to the virus scanners not always
> >being called, and SKIPIFWEIGHT settings disabling a mountain of custom
> >Declude filters which both are processor hogs, but the smaller peaks.  I
> >believe the following before and after screen caps are representative of
> >the impact (I looked for similar E-mail hit frequencies):
> >
> >Before
> >http://www.mailpure.com/no_service.gif
> >
> >After (with service)
> >http://www.mailpure.com/service.gif
> >
> >The real test will have to wait for rush hour though.
> >
> >Thanks,
> >
> >Matt
> >
> >
> >
> >
> >Pete McNeil wrote:
> >
> >>The service definition takes care of the persistence. Your Declude
config
> >>should not be changed.
> >>
> >>_M
> >>
> >>At 01:05 AM 3/19/2004, you wrote:
> >>
> >>>I'm going to give this one a try right now since I have the Resource
Kit
> >>>installed already.  Just one question...do I need to change the
> >>>arguments in my Declude config, or will the service definition take
care
> >>>of the 'persistence'?
> >>>
> >>>Thanks,
> >>>
> >>>Matt
> >>>
> >>>
> >>>
> >>>Bill Boebel wrote:
> >>>
> We've been using svrany for years with several custom applications and
it
> works great.  This utility has been around since the NT4 Resource
Kit...
> 
>   http://www.pyeung.com/pages/win2k/userdefinedservice.html
> 
> Bill
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil
> Sent: Friday, March 19, 2004 12:25 AM
> To: [EMAIL PROTECTED]
> Subject: [sniffer] RunExeSvc for Persistent sniffer.
> 
> 
> Hello folks,
> 
> We've been continuing to test the new persistence enabled sniffer
engine
> and some utilities that will allow it to run as a service.
> 
> We found a free utility that seems to be very solid, and very simple.
> 
> http://www.judoscript.com/goodies/RunExeSvc/runexesvc.html
> 
> One of the scripts we used is:
> 
> debug=false
> cmdline=c:\Projects\sniffer2-3\TestBed\snfrv2r2.exe xnk05x5vmipeaof7
> persistent
> home=c:\Projects\sniffer2-3\TestBed
> 
> (Note: The mismatch between the sniffer2-3 directory and the
snfrv2r2.exe
> is not a type-o. We re-branded the 2-3 to use the snfrv2r2 license in
our
> example - it was easier that than creating a new license. Note also
that
> the cmdline parameter includes the full path to the executable - you
will
> need to do this also. We could not get the service to start on our NT
test
> bed without including the full path to the .exe)
> 
> We've tested this on our XP based Toshiba laptop, and on our NT4 based
> IMail test bed. Both seem to setup and work fine. Auto-start works
fine, so
> does logging out and logging in.
> 
> Once you've set up a persistent sniffer instance as a service, go into
your
> services control panel (usually via administrative tools), set the
service
> to start automatically, and start it.
> 
> A window will appear for the program - do not close the window!
> Minimize it.
> 
> When you log out sniffer will continue to run in the background. When
you
> log in the window will be visible again - it's harmless. If you close
it
> though you will have ended the sniffer.exe out from under the service.
This
> won't cause you any trouble, but you won't get the benefit of the
> persistent server until you stop and start the service again to
relaunch
> the program.
> 
> Using RunExeSvc, the actual service is the RunExeSvc program. That
program
> launches sniffer as a client and stand

Re: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-17 Thread Frederick Samarelli 
What is the number after Polled waited:

I also noticed that when many emails are coming in I still see multiple
Sniffer.exe programs running.

Fred
- Original Message - 
From: "Madscientist" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 17, 2004 7:36 PM
Subject: Re: [sniffer] Call for beta testers... snfrv2r3b1


> At 06:22 PM 3/17/2004, you wrote:
> >Do we just replace our current file with this one.
>
> That is the first step.
>
> The second step is to run an instance of this program in your sniffer
> working directory with the "persistent" switch as described in the
read-me.
>
> When you replace your current sniffer.exe with this beta it will act
normally.
>
> When you launch an instance of it with the persistent switch, that
instance
> will not return (unless you stop it or something goes horribly wrong). The
> persistent instance will take over as a server so that none of the other
> peer-server instances need to load the rule-base... they will always elect
> to be clients.
>
> If for some reason the persistent server should fail then the system will
> return to a mixed cellular peer-server mode and will operate normally
again.
>
> Hope this helps,
> _M
>
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-17 Thread Frederick Samarelli 
Do we just replace our current file with this one.


- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 17, 2004 2:05 PM
Subject: [sniffer] Call for beta testers... snfrv2r3b1


> Hello folks,
>
> I know folks are anxious to get their hands on this version so I'm going
to
> play this beta round a little looser than usual. Version 2-3b1 implements
a
> persistent mode feature for our cellular peer-server technology. Launching
> a persistent instance of Message Sniffer has the effect of creating a
> daemon so that all other instances will elect to be clients. We observed a
> DRAMATIC improvement in system performance on our NT4/Imail/Declude test
bed.
>
> In static tests on my Toshiba 6100 we saw no memory leaks and consistent
> performance over the past 18+ hours of testing. This included several
tests
> with more than 100+ concurrent client instances - all without failure and
> without making the system unresponsive (though the WinXP file system did
> start to show signs of strain).
>
> This beta is for the windows platform only... once we're happy with this
> version will will make the source and *nix versions available as always.
>
> Windows platform users who are interested in testing the new beta should
> download the following file:
>
> http://www.sortmonster.com/MessageSniffer/Betas/snfrv2r3b1.zip
>
> The file contains an executable and a short readme file.
>
> We are going to be extremely busy for the next few hours so we won't be
> able to provide support on this until later this evening. We have many
> updates and rulebase mods to attend to at the moment since we shifted
> resources heavily toward development last evening and through the night...
>
> The current spam storm continues to rage with more than 500 core rule-base
> changes yesterday alone!
>
> Be careful.
> Backup your current production version.
> Watch carefully.
>
> Enjoy :-)
>
> _M
>
>
> This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html