[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.
Got it! I'll compile from source. Thanks for the detailed description. - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Thursday, December 3, 2015 9:47:57 PM Subject: [sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune. On 2015-12-03 21:24, Daniel Bayerdorffer wrote: > Just so I understand correctly, can we use the packages to install over a > current installation that was compiled from source? Probably not -- the deployment might not be exactly the same. If you originally compiled from source then your easiest solution will be to use the tarball and compile from source again. Then you can simply replace the executable you have with the new one you make -- everything is compatible and nothing will need to move. If you use the packages you are essentially starting over. The packages are deployed differently than the source instructions. For example, to do the generic postfix integration with SNF Server you would need to install two packages: the snf-server_ package and then the snf-server-postfix_ integration package. If you wanted to roll your own integration you might just install the snf-server_ package and then build your own scripts and other software on top of that. It's a different paradigm. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.
On 2015-12-03 21:24, Daniel Bayerdorffer wrote: > Just so I understand correctly, can we use the packages to install over a > current installation that was compiled from source? Probably not -- the deployment might not be exactly the same. If you originally compiled from source then your easiest solution will be to use the tarball and compile from source again. Then you can simply replace the executable you have with the new one you make -- everything is compatible and nothing will need to move. If you use the packages you are essentially starting over. The packages are deployed differently than the source instructions. For example, to do the generic postfix integration with SNF Server you would need to install two packages: the snf-server_ package and then the snf-server-postfix_ integration package. If you wanted to roll your own integration you might just install the snf-server_ package and then build your own scripts and other software on top of that. It's a different paradigm. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.
Hi Pete, Thanks for the update on this situation. Just so I understand correctly, can we use the packages to install over a current installation that was compiled from source? Thanks, Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Thursday, December 3, 2015 6:07:11 PM Subject: [sniffer] ShortMatch Resolved - Update your SNF software to remain immune. Hi Sniffer Folks, According to our latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. We have not seen any significant events in our detection software since 2100e last evening. In the mean time we have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Please update your SNF software to this latest version using the links below. NOTE: The Windows installer is in the process of being redesigned and does not have the latest software. This will take some time. If you are using SNF on Windows and use(d) the installer then use this procedure to update your software: * Stop your SNF service (usually XYNT Service based). * Copy your SNFServer.exe file to SNFServer.old * Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to SNFServer.exe to replace your previous SNFServer.exe. * Start your SNF service. If you were using the 32 bit version (very likely) then replace it with the 32 bit version. There really isn't any difference, but just in case it's simpler to keep things the same. There is no benefit to running the 64 bit version -- It is not faster and is in fact less efficient due to the use of extra large (64 bit) pointers that aren't necessary ;-) Some folks really want a 64 bit version, so we have one. Here are some links to updated versions: http://www.armresearch.com/message-sniffer/download/updates/SNFServer-windows-7-prox32-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/SNFServer-windows-7-prox64-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.1.0.tar.gz http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.1.1.tar.gz http://www.armresearch.com/message-sniffer/download/updates/SNFMultiSDK_Windows_3.2.zip And for the really adventurous: http://www.armresearch.com/message-sniffer/download/packages/ In the packages link you will find all of the latest snapshots and some old ones from our LabRats. The LabRats compile and test SNF for all of the different platforms. You will find RPM and DEB packages as well as tarballs and even the windows stuff that's posted in the updates links above. Be sure to pick the latest version in all cases. It will take a bit of time before all of the ordinary links on our web site are updated with the latest software, so please use the above links instead if you're going to update right now. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to