[sniffer] Re: Our IP got listed on GBUdb Truncate

2018-11-02 Thread Pete McNeil
then we can collect some events with timestamps. That may help you track things down -- but since you're an SNF user you would probably do better with your own scanner. Hope this helps. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] Happy Holidays!

2017-12-23 Thread Pete McNeil
This is just a quick note to let you all know that we're thinking of you. On behalf of the whole team:     We wish you a Merry Christmas and a happy, prosperous New Year. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Rulebase refactoring

2017-09-07 Thread Pete McNeil
several unforeseen problems that introduced delays and other disruptions. We apologize for the inconvenience. All is well now. Thanks, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Reminder - the Rule Panic feature

2017-06-01 Thread Pete McNeil
/Documentation/QA/ltrulepanicsgt-628138610.jsp Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed

[sniffer] Bad Rule Alert 2654821

2017-06-01 Thread Pete McNeil
rule has caused significant false positive cases -- so it is an exceedingly rare event. None the less we are in the process of reviewing our tools and processes to improve our sensitivity should any similar event occur in the future. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Re: rule panic not working

2016-12-29 Thread Pete McNeil
-- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.

[sniffer] Re: Error Code 69

2016-12-15 Thread Pete McNeil
that occurs is when the file system / OS prevents SNF from removing the original file. Are the files still there? What changed since the 1st? (did the problem begin then precisely?) _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter

[sniffer] Re: Error Code 69

2016-12-14 Thread Pete McNeil
cases). So, if you can figure out what is preventing SNF from deleting the original file you will solve the problem. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: DEB Packages

2016-12-01 Thread Pete McNeil
are considered experimental (mostly due to a lack of exhaustive testing) so be ready to roll back just in case; and do share your results with us. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: .smd.tmp files being left in proc\work folders

2016-08-09 Thread Pete McNeil
scanner or other program and that when SNF goes to rename the .tmp file to replace the original it is unable to do it. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] SNF Engine Update to 3.2.1 / Short Buffer Bug Fix

2016-04-19 Thread Pete McNeil
for attributes from the heap instead of the stack and eliminates a short-by-one allocation error. Those curious about the source code can see the important diff here: Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770

[sniffer] Re: [Alligate]Alligate and Sniffer again (NL)

2016-01-18 Thread Pete McNeil
/Documentation/Papers/InstallGuides/SNF4Alligate.jsp Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Pete McNeil
est isn't changed. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list <s

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Pete McNeil
ur SNFServer binary leaving everything else in place. I don't think there are any other gotchas. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message

[sniffer] Re: [BULKMAILER] [sniffer] Windows SDK with SNFMulti 3.2.0 -- coming soon.

2015-12-29 Thread Pete McNeil
fer/download/updates/SNFMultiSDK_Windows_3.3.zip Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This mess

[sniffer] Windows SDK with SNFMulti 3.2.0 -- coming soon.

2015-12-24 Thread Pete McNeil
Hi Sniffer Foiks, If you're curious about the Windows SDK (DLLs) ... they should be posted in the next few days, but not yet. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] New Version -- SNFMulti 3.2.0 -- Strangers

2015-12-24 Thread Pete McNeil
idays! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.co

[sniffer] ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Pete McNeil
the latest version in all cases. It will take a bit of time before all of the ordinary links on our web site are updated with the latest software, so please use the above links instead if you're going to update right now. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Pete McNeil
he snf-server_ package and then build your own scripts and other software on top of that. It's a different paradigm. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/coded

[sniffer] Re: Short Match FPs.

2015-12-01 Thread Pete McNeil
mitigated based on the latest data I'm seeing. I will know better how good this data is after about an hour. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # Thi

[sniffer] Re: Short Match FPs.

2015-12-01 Thread Pete McNeil
that if we do see any future events we will be able to identify them much more quickly. Sorry for the trouble, Thanks for your patience and continued support! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread Pete McNeil
to redirect with? That's an entirely different software project. If you want that kind of functionality then you'd do better to use SNFServer/SNFClient in a postfix filter. The filter script could then be modified to look at the results and respond in any way you can code. Best, _M -- Pe

[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-06 Thread Pete McNeil
ilter and SNFServer on the same system at the same time. If you have SNFMilter running, the SNFServer "back-end" should already be provided in that service. (Check that XCI is on, it should be by default). In that case running SNFServer would be redundant. Hope this helps, _M -- Pete McNeil

[sniffer] Bad Rule Alert: 6948148

2015-02-23 Thread Pete McNeil
will not affect most systems. We apologize for any inconvenience. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-10 Thread Pete McNeil
/Documentation/QA/ltidentifiergt-2021367617.jsp _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Pete McNeil
appropriately... much better to get the filtering right than to make holes in it. For reference: http://www.armresearch.com/Support/falsePositives.jsp Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Pete McNeil
. That's still making a hole,... but it's your hole and you know why you made it. It's also a pretty small one because if some known spam or malware comes from there it will still get tagged -- maybe not as efficiently -- but it will still get tagged. Hope this helps, _M -- Pete McNeil Chief Scientist

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-09 Thread Pete McNeil
solves this problem for redhat variants. Give that a shot and see if it fills in the holes. Usually by the time I've got g++ up and running on ubuntu it just works -- hopefully that's not broken in 14. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-03 Thread Pete McNeil
to SpamAssassin like any other SA plugin. It creates a temp file of the message, calls SNFServer to scan the message, and then processes the results in a way SA expects so it can be scored. It _should_ be as easy as that. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866

[sniffer] Re: Report one off spams

2014-12-16 Thread Pete McNeil
we are able to decipher what we're looking at and locate useful artifacts structures. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent

[sniffer] Bad rule report 6237276

2014-03-19 Thread Pete McNeil
dramatically and we expect that most systems auto-panicked the rule making it inert automatically. We are very sorry for any trouble. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: Saccades anyone?

2014-02-18 Thread Pete McNeil
: Examine it here with websvn https://svn.microneil.com/websvn/listing.php?repname=SNFMulti Get the source here via svn https://svn.microneil.com/svn/SNFMulti/trunk/ Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Saccades anyone?

2014-02-13 Thread Pete McNeil
the new engine to SNFServer.exe * Restart your Message Sniffer. Please let us know how this works for you. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: increase in missed spam

2014-02-05 Thread Pete McNeil
are seeing. The trend has been toward very high volume spikes. To be clear, the graph shows new spam not yet filtered, so the higher numbers mean higher numbers of new campaigns with higher diversity. Hope this helps. _M -- Pete McNeil Chief

[sniffer] Re: large log.xml files

2014-01-22 Thread Pete McNeil
increase so much, I haven't seen an increase in messages. We have seen a very large increase in the number of messages... that might explain it. Still, that's an order of magnitude there so you should take a look at the large files and see if something else is happening. Best, _M -- Pete

[sniffer] Bulk / Noisy Rule Group

2014-01-03 Thread Pete McNeil
code to 100 next Friday. The change is to avoid any conflicts with some existing error result codes before we make this feature available more broadly. If you are curious about this feature let us know and we will be happy to answer any questions you have. Best, _M -- Pete McNeil Chief

[sniffer] Happy New Year!!

2013-12-31 Thread Pete McNeil
Happy New Year!! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Pete McNeil
to the processor of the VM host. I should look closer at this -- but would like some feedback. Thanks, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message

[sniffer] Re: Whitelist HOW?

2013-11-28 Thread Pete McNeil
by attackers. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list

[sniffer] Re: Milter Version

2013-10-31 Thread Pete McNeil
SNFMilter with postfix et al and no problems. As far as I know it's up to date :-) SNF in general is built to be stable and highly available, so most of the changes over time happen in the rulebase and not in the engine. Hope this helps, _M -- Pete

[sniffer] Re: snf plugin regions question

2013-09-10 Thread Pete McNeil
the region. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is s

[sniffer] Re: snf plugin regions question

2013-09-10 Thread Pete McNeil
On 2013-09-10 17:02, Peer-to-Peer (Spam-Filter.com) wrote: Is that the right direction? That would open up the black range a bit. Use caution :-), but have fun. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] White-Guard

2013-08-26 Thread Pete McNeil
or change anything to take advantage of this. White-Guard is implemented in the bigger brain back here in the lab. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: Slow processing times, errors

2013-06-28 Thread Pete McNeil
m they are frequently in excess of 400 ms which leads me to believe your system is a bit underpowered for it's current load. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LL

[sniffer] Re: Slow processing times, errors

2013-06-28 Thread Pete McNeil
the old data. All of this happens without impacting scan operations. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you

[sniffer] Re: Slow processing times, errors

2013-06-27 Thread Pete McNeil
. This is usually the problem. NTFS performs very badly when there are a lot of files in a directory -- and that slows everything down. If SNF takes 30 seconds or more to process a message then SNFClient will give up and let the message through (fail safe). _M -- Pete McNeil Chief Scientist ARM

[sniffer] Re: Slow processing times, errors

2013-06-27 Thread Pete McNeil
-- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list

[sniffer] Re: 2nd level IP scanning

2013-06-07 Thread Pete McNeil
and Verizon. Yes! You can use drilldown directives to teach SNF to "trust" intermediate servers and find the originator: http://www.armresearch.com/support/articles/software/snfServer/config/node/gbudb/training/drilldown.jsp _M -- P

[sniffer] Re: 2nd level IP scanning

2013-06-07 Thread Pete McNeil
drilldown does. If you teach drilldown to recognize the versizon and comcast servers then it will learn to ignore them and pinpoint this specific IP. It will also learn to find any other IPs that are doing the same kind of thing. _M -- Pete McNeil Chief

[sniffer] Re: IP Change on rulebase delivery system

2013-05-24 Thread Pete McNeil
that blocks most messages. The consensus of all GBUdb nodes will be somewhere in between. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: IP Change on rulebase delivery system

2013-05-23 Thread Pete McNeil
NTFS to crawl. Please let us know what you find. If you are not already doing it -- you should consider blocking connections using the truncate blacklist. No sense taking on some of these messages if they can be eliminated up front. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Re: IP Change on rulebase delivery system

2013-05-23 Thread Pete McNeil
this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com

[sniffer] Re: IP Change on rulebase delivery system

2013-05-23 Thread Pete McNeil
the currently active worst-of-the-worst as seen by all SNF nodes working together. Also -- getting your MTA to pay attention to your local GBUdb is nontrivial since no MTA software (that I know of) can speak XCI yet. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Rulebase Compiler Improvements

2013-04-29 Thread Pete McNeil
kinds of spam. So, a lot of the time infected messages are captured by patterns that were learned while looking at ordinary spam. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter

[sniffer] Re: Volume

2013-04-26 Thread Pete McNeil
with it. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com

[sniffer] Re: Upgrading Stand-Alone Sniffer (for Declude)

2013-04-18 Thread Pete McNeil
) release: http://www.armresearch.com/message-sniffer/download/SNFServerV3.0.2-E3.0.23.zip Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent

[sniffer] Re: Reputation Lookup DNSBL?

2013-04-18 Thread Pete McNeil
know about an IP within about a minute of the first encounter. Then as your SNF node has more experience with the IP it will begin to trust it's own data more than that of the other nodes. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] Re: IPScan results

2013-04-16 Thread Pete McNeil
file configures the SNF plugin correctly. If you've got one server working correctly and other's not, then that gives you a good way to compare. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: IPScan results

2013-04-16 Thread Pete McNeil
the security plus license to use the full API on plugins, so the original SNF4MDaemon plugin design will work. (that's what you have configured). Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: Convert your Declude OEM license now and get full credit!

2013-04-11 Thread Pete McNeil
with Smarter Mail by calling it as a command line scanner. Then the injected headers can be used in filtering rules or to add weight to the built-in SpamAssassin scores. http://www.armresearch.com/support/qa/integration/smarterMail.jsp Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Convert your Declude OEM license now and get full credit!

2013-04-10 Thread Pete McNeil
it. Please let us know if there is more we can do! Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed

[sniffer] Re: IP Change on rulebase delivery system

2013-03-29 Thread Pete McNeil
On 2013-03-29 12:59, Richard Stupek wrote: well when all else fails restarting snf seems to have corrected the issue for now. In that case, it is likely that RAM fragmentation was involved. Dropping the process allowed the fragmentation to be cleared. (theory). Best, _M -- Pete McNeil

[sniffer] Re: IP Change on rulebase delivery system

2013-03-28 Thread Pete McNeil
to tell what's happening in the internals of the OS. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you

[sniffer] Re: IP Change on rulebase delivery system

2013-03-27 Thread Pete McNeil
look at your telemetry and verified that your rulebase file(s) are up to date. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you

[sniffer] Re: IP Change on rulebase delivery system

2013-03-27 Thread Pete McNeil
heard any other complaints, so I can't explain why SNF would act differently on your system. I hate a mystery though -- so I would love to get to the bottom of it. Do you see anything else that might be causing the CPU load? _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Re: IP Change on rulebase delivery system

2013-03-27 Thread Pete McNeil
scan. From the documentation: sp//s - Scan Performance Monitoring (performance='yes') p:s = Setup time in milliseconds p:t = Scan time in milliseconds p:l = Scan length in bytes p:d = Scan depth (peak evaluator count) Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] IP Change on rulebase delivery system

2013-03-25 Thread Pete McNeil
Hi Sniffer Folks, We are about to change the IP of the rulebase delivery system. This change should be completely transparent and you should not need to take any action; however if you do notice anything unusual please let us know. Thanks, _M -- Pete McNeil Chief Scientist ARM Research

[sniffer] GBUdb Tool

2012-11-23 Thread Pete McNeil
parameters and it will tell you about it's command line options. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] SNFServer Interim Release E3.0.23

2012-11-23 Thread Pete McNeil
are running a production release then you're good to go as you are. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] High Throughput Windows version of SNFServer available

2012-09-28 Thread Pete McNeil
decide to test this then please let us know. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed

[sniffer] Re: Creeping higher on those rule numbers

2012-06-26 Thread Pete McNeil
On 6/26/2012 9:41 PM, Colbeck, Andrew wrote: Rule number 5 million rolled on by this week. Yes indeed! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Re: Creeping higher on those rule numbers

2012-06-26 Thread Pete McNeil
On 6/26/2012 9:41 PM, Colbeck, Andrew wrote: Rule number 5 million rolled on by this week. Message Sniffer Rule # 500 was coded by Andy (Worm Thunder) 20120626.1408 SortMonsters Rock! I wonder who won the pool? _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com

[sniffer] Re: FPs on Sniffer-Schemes

2012-03-13 Thread Pete McNeil
On 3/13/2012 11:19 AM, Scott Fosseen [Prairie Lakes AEA] wrote: Can you check to see if all looks ok with my copy as well. Sure. I'll respond off-list _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter

[sniffer] Re: FPs on Sniffer-Schemes

2012-03-12 Thread Pete McNeil
not be seeing any additional hits on that rule. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you

[sniffer] Re: FPs on Sniffer-Schemes

2012-03-12 Thread Pete McNeil
, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer

[sniffer] Re: FPs on Sniffer-Schemes

2012-03-12 Thread Pete McNeil
and also will not be able to auto-panic new rules that conflict with IP reputation data. Am I right about these assumptions? If not, then we should figure out why I don't see your telemetry. Thanks, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC

[sniffer] Bad rule event

2012-02-22 Thread Pete McNeil
-- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer

[sniffer] System Upgrades

2012-02-21 Thread Pete McNeil
for high performance and high availability. It will continue to function normally even if we have a disruption during our upgrades, and it will automatically recover from any such disruption without any assistance. Please let us know if there is more we can do. Best, _M -- Pete McNeil Chief

[sniffer] Re: Ok, I'm the 3rd person to ever report the Bad Matrix error on this mailing list

2012-01-09 Thread Pete McNeil
me to time on every system. However, if you see a .err message, check it out. If they persist - something is wrong. If you try to start SNFServer and it is unhappy, then download a fresh rulebase first. It's usually a good quick-fix. Best, _M -- Pete Mc

[sniffer] Re: Training GBUdb on the client IP for telus.net

2011-10-24 Thread Pete McNeil
On 10/24/2011 2:46 PM, Colbeck, Andrew wrote: would this snippet in snf_engine.xml I don't see the snippet from snf_engine.xml? _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] Re: Training GBUdb on the client IP for aol.com

2011-10-24 Thread Pete McNeil
On 10/24/2011 3:21 PM, Colbeck, Andrew wrote: header name='X-Originating-IP:' received='.aol.com [' ordinal='0' / As far as I know that one still works. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] Re: Training GBUdb on the client IP for telus.net

2011-10-24 Thread Pete McNeil
That appears to be correct and appears to have worked correctly. Top Received header would have been picked as source IP (unless you already have it ignored). It appears that you have successfully told SNF to find the source IP in the X-Telus-Outbound-IP: header in this case. _M -- Pete McNeil Chief

[sniffer] Re: Training GBUdb on the client IP for telus.net

2011-10-24 Thread Pete McNeil
On 10/24/2011 3:20 PM, Colbeck, Andrew wrote: header name='X-Telus-Outbound-IP: Hrmm... Do you want the source to be the outbound IP? _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] SNF Server / Client for *NIX updated - IMPORTANT bug fix included

2011-09-26 Thread Pete McNeil
! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message

[sniffer] Bug Report: SNFServer for *nix

2011-09-22 Thread Pete McNeil
. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing

[sniffer] Re: Bad Matrix errors

2011-08-22 Thread Pete McNeil
ng MDaemon mailserver. I note in your telemetry that you have a new rulebase since then. Have the errors stopped? _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1

[sniffer] Change in default settings

2011-05-09 Thread Pete McNeil
and save your file then Message Sniffer should pick up the changes right away - you do not need to restart Message Sniffer when making adjustments to your configuration. Please let us know if you have any questions. Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com

[sniffer] Re: Change in default settings

2011-05-09 Thread Pete McNeil
of your configuration file. The actual configuration file does use single quotes (unless you changed it). _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you

[sniffer] Re: Change in default settings

2011-05-09 Thread Pete McNeil
spamtrap network it lets them go through with a specific result code. Presumably the local system would see the special result code and treat the message differently. Please leave passthrough='no' Thanks! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770

[sniffer] IMail mail1.exe removed

2011-04-13 Thread Pete McNeil
solution. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list

[sniffer] Re: So, another botnet bites the dust.

2011-03-18 Thread Pete McNeil
. -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010

[sniffer] Re: IPv6

2011-03-11 Thread Pete McNeil
is evolving to become ever more intelligent and adaptive. We will concentrate not only on more sophisticated content analysis, but also behavioral analysis and an increasingly cognitive approach to blending data from all of these subsystems and responding in realtime. _M -- Pete McNeil Chief

[sniffer] CommuniGate Pro Plugin for MS Windows Updated

2011-01-17 Thread Pete McNeil
-- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message

[sniffer] Re: RulePanic on 3741490

2011-01-07 Thread Pete McNeil
it was detected by our early warning system. It codes for a binary segment found in some image files. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message

[sniffer] Re: RulePanic on 3741490

2011-01-07 Thread Pete McNeil
these cases, increase the speed with which we can detect and correct these, and add features to automate and expedite the process. Thanks in advance for anything you can do. Thanks very much for your feedback! _M -- Pete McNeil Chief

[sniffer] Re: RulePanic on 3741490

2011-01-07 Thread Pete McNeil
ng new functionality. Also, wherever possible we like to engineer facilities that can be leveraged in multiple ways in future. It's a planning heavy process, but one that pays off in better reliability and greater overall flexibility. (IMO). Best, _M -

[sniffer] Bad Rule Event

2010-12-16 Thread Pete McNeil
this error in future. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list

[sniffer] Re: Bad Rule Event

2010-12-16 Thread Pete McNeil
. The next full release will include features for near-real-time rule additions and removals. We plan to begin releasing interim updates of the SNF engine with some of these features early next year. We plan to complete the next full release by Q3. _M -- Pete

[sniffer] Hello again

2010-11-09 Thread Pete McNeil
you! Please send us a note from time to time and let us know what we're doing right and how we can improve. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent

[sniffer] Re: Testing SM direct intergration

2010-09-22 Thread Pete McNeil
On 9/22/2010 6:58 PM, Keith Dovale wrote: Hi Guys, I would be interested in testing this .. Here is a reminder of the link. http://www.armresearch.com/support/qa/integration/smarterMail.jsp Currently

  1   2   3   4   5   6   7   8   9   10   >