[sniffer] Questions about usage

2008-01-11 Thread Richard Lyon 

Greetings all,

We run a small email server for the company. Basically, for the  
longest its been install and run, and have all messages that are above  
a certain weight marked with **SPAM** in the subject line, and sorted  
to a junk folder by the user's client. The users could then skim this  
folder at their convenience and deal with the email. However, the  
amount of spam has kept increasing, and we are coming to the point  
where we will need to start deleting some email above a certain (very  
high) weight.


It looks like the beta of Sniffer is dramatically different than the  
FAQ I've found out at the Wiki, so I have a couple of questions


1) There doesn't seem to be a .state file - how can I see how well  
Sniffer is working?
2) How do I tie a specific message to the corresponding log file  
entries?


Thanks!

Richard
[This E-mail scanned for viruses by Declude]



#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]

[sniffer] Re: Updates to log rotation scripts

2007-10-10 Thread Richard Lyon 
When just running it in a cmd window for example, it sure would be  
nice to know what all those numbers mean. but yeah, the  
documentation is sparse. Its at least easy to get running in a very  
basic configuration though.



On Oct 10, 2007, at 9:24 PM, [EMAIL PROTECTED] wrote:


Thanks, John, for clarifying my question. That's exactly
what I meant!

I assume additional, more detailed documentation is coming
soon that details more of what is required to effectively
set everything up... A few lines in a text file for a
piece of software as powerful and complicated as Sniffer
really makes me nervous, particularly when the Wiki isn't
updated either.

Thanks,
Tom



Hello John,

Wednesday, October 10, 2007, 6:15:18 PM, you wrote:


I think he was asking about the log rotate script that also

FTPs a copy up

to sniffer. Do we still need to FTP a log to Sniffer?


When you are running the new engine it is not necessary to upload log
files. We collect rulebase activity and effectiveness data directly
from the telemetry.

_M



---
[This E-mail scanned for viruses by Declude Virus]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to sniffer- 
[EMAIL PROTECTED]

To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]

[This E-mail scanned for viruses by Declude]




[This E-mail scanned for viruses by Declude]



#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]

[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4

2007-10-09 Thread Richard Lyon 

So, two questions

Can sniffer now run without Declude or the like on an Imail system?

Can the server piece be on a different machine?

Thanks!

(And if its obvious no, I haven't yet read the documentation on  
the new sniffer yet)


On Oct 9, 2007, at 8:13 PM, Pete McNeil wrote:


Hello Chris,

Quite a while ago, SNF was based on cellular peer-server technology.
Each time your MTA called SNF with a message it would look to see if
any other instances were alive and if they were then they would
coordinate together to save resources.

A bit after that we created a persistent mode where you could start an
instance that would run as a kind of lightweight service. That
instance would stay alive all the time so as you called other
instances to scan messages they would see the persistent instance and
let it take care of the heavy work -- that way only one instance ever
had to load the rulebase file.

Once the persistent mode was available there was no reason to use SNF
any other way so most folks set up a persistent instance and took
advantage of the extra throughput on their systems. That is currently
the accepted way to run SNF.

The new version is a complete departure from the old ways. There is
now a client and a service. The client software knows how to talk to
the server software and that's about all it does. The server software
does all of the scanning and other heavy tasks.

Now, for most folks, this is a fairly simple transition. They will
replace their persistent instance with the new server software and
they will begin calling the new client software the same way they used
to call SNF. The client will pass the scan request on to the server
and will return the customary result code.

If you've never run a persistent instance using srvany, Firedaemon, or
some other tool then that part will be new to you.

Hope this helps,

_M

Tuesday, October 9, 2007, 7:36:02 PM, you wrote:


Pete,


Im a bit confused about the persistasnt mode settings. I don't  
remember
installing a service for my current sniffer installation. I  
thought it

just continued running after the first time it was called by my mail
server. With the new release, do I have to install as a service?



Thanks,
Chris



-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Tuesday, October 09, 2007 5:54 PM
To: Message Sniffer Community
Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4



Hello Sniffer Folks,



We have worked through some minor bugs and added some new features.



The newest version of the beta is 1.4.


http://kb.armresearch.com/index.php? 
title=Message_Sniffer.GettingStarted

.Distributions#NEW_SNF_V2-9_Wide_Beta



Please upgrade your snf_engine.xml and SNFServer.exe files from the
latest distribution when you get a chance.



* Adds support for scanning Communigate Pro message files directly.



* Tightens up XCI handler code.


* Removes problematic/redundant XCI watchdog code which caused  
trouble

on some MDaemon systems.



Source  MDaemon folks-- a revised alpha distribution will be updated
shortly with the new changes incorporated.



Thanks,



_M





--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to sniffer- 
[EMAIL PROTECTED]

To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]

[This E-mail scanned for viruses by Declude]




[This E-mail scanned for viruses by Declude]



#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]