[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Thanks for the clarity. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, 13 January 2008 1:25 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello David, Saturday, January 12, 2008, 6:19:11 PM, you wrote: > I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is > my server ip) as well as 127.0.0.1 and do I also put my public IP address in > this file. That might be a good idea -- it all depends upon your environment. When in doubt, add the IP that belongs to you. Any IP that you know and trust which might end up in the Received headers should go into the ignore list. GBUdb determines the source IP of the message as the first Received IP it sees that is NOT in the ignore list. This allows for a high degree of flexibility in message processing pathways - provided you can identify the IPs involved (which is usually the case). Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello David, Saturday, January 12, 2008, 6:19:11 PM, you wrote: > I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is > my server ip) as well as 127.0.0.1 and do I also put my public IP address in > this file. That might be a good idea -- it all depends upon your environment. When in doubt, add the IP that belongs to you. Any IP that you know and trust which might end up in the Received headers should go into the ignore list. GBUdb determines the source IP of the message as the first Received IP it sees that is NOT in the ignore list. This allows for a high degree of flexibility in message processing pathways - provided you can identify the IPs involved (which is usually the case). Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is my server ip) as well as 127.0.0.1 and do I also put my public IP address in this file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, 13 January 2008 4:25 AM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Harry, You can run the SNF program from the command line with no parameters. It will complain and then tell you about itself. _M Saturday, January 12, 2008, 12:10:35 PM, you wrote: > I do not recall upgrading > How can I tell the version that I am running? > thanks > Harry Vanderzand > Intown Internet > 11 Belmont Ave. W. > Kitchener, ON, N2M 1L2 > 519-741-1222 > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Saturday, January 12, 2008 12:09 PM > To: Message Sniffer Community > Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade > Hello David, > When using snfupd with the new version you can skip the line that > tells SNF to reload. > REM %LicenseID%.exe reload > Most likely the error you received is because there is no executable > named for your license ID. This is ok with the new version. The > snfupd.cmd script was originally written to work with version 2 which > does require "branding" the SNF executable. > The new version of SNF does not require branding. Also, the new > version will very quickly recognize that there is a new rulebase file > and will load it automatically so there is no reason (nor facility) to > notify it about the update. > Hope this helps, > _M > Saturday, January 12, 2008, 11:21:37 AM, you wrote: >> Ok I have most off this working with Imail 8.22 >> So far this is what I have done >> Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup >> task schedule. >> Which generates an from the snfupd.cmd C:\SNF>>>snfupd.cmd >> 'mylicencekeynotshownhere.exe' is not recognized as an internal or > external >> command, >> operable program or batch file. >> REM Load new rulebase file. >> %LicenseID%.exe reload >> So how do I get the SNFserver to update with the latest .snf file. >> Regards David Moore >> [EMAIL PROTECTED] >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. >> www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC > sales >> Office Phone: (+612) 9453 1990 >> Fax Phone: (+612) 9453 1880 >> Mobile Phone: +614 18 282 648 >> Skype Phone: ADSLDIRECT >> POSTAL ADDRESS: >> PO BOX 190 >> BELROSE NSW 2085 >> AUSTRALIA. >> - >> This email message is only intended for the addressee(s) and contains >> information that may be confidential, legally privileged and/or copyright. >> If you are not the intended recipient please notify the sender by reply >> email and immediately delete this email. Use, disclosure or reproduction > of >> this email, or taking any action in reliance on its contents by anyone > other >> than the intended recipient(s) is strictly prohibited. No representation > is >> made that this email or any attachments are free of viruses. Virus > scanning >> is recommended and is the responsibility of the recipient. >> - >> -Original Message- >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf >> Of Pete McNeil >> Sent: Thursday, 18 October 2007 9:58 AM >> To: Message Sniffer Communi
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Harry, You can run the SNF program from the command line with no parameters. It will complain and then tell you about itself. _M Saturday, January 12, 2008, 12:10:35 PM, you wrote: > I do not recall upgrading > How can I tell the version that I am running? > thanks > Harry Vanderzand > Intown Internet > 11 Belmont Ave. W. > Kitchener, ON, N2M 1L2 > 519-741-1222 > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Saturday, January 12, 2008 12:09 PM > To: Message Sniffer Community > Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade > Hello David, > When using snfupd with the new version you can skip the line that > tells SNF to reload. > REM %LicenseID%.exe reload > Most likely the error you received is because there is no executable > named for your license ID. This is ok with the new version. The > snfupd.cmd script was originally written to work with version 2 which > does require "branding" the SNF executable. > The new version of SNF does not require branding. Also, the new > version will very quickly recognize that there is a new rulebase file > and will load it automatically so there is no reason (nor facility) to > notify it about the update. > Hope this helps, > _M > Saturday, January 12, 2008, 11:21:37 AM, you wrote: >> Ok I have most off this working with Imail 8.22 >> So far this is what I have done >> Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup >> task schedule. >> Which generates an from the snfupd.cmd C:\SNF>>>snfupd.cmd >> 'mylicencekeynotshownhere.exe' is not recognized as an internal or > external >> command, >> operable program or batch file. >> REM Load new rulebase file. >> %LicenseID%.exe reload >> So how do I get the SNFserver to update with the latest .snf file. >> Regards David Moore >> [EMAIL PROTECTED] >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. >> www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC > sales >> Office Phone: (+612) 9453 1990 >> Fax Phone: (+612) 9453 1880 >> Mobile Phone: +614 18 282 648 >> Skype Phone: ADSLDIRECT >> POSTAL ADDRESS: >> PO BOX 190 >> BELROSE NSW 2085 >> AUSTRALIA. >> - >> This email message is only intended for the addressee(s) and contains >> information that may be confidential, legally privileged and/or copyright. >> If you are not the intended recipient please notify the sender by reply >> email and immediately delete this email. Use, disclosure or reproduction > of >> this email, or taking any action in reliance on its contents by anyone > other >> than the intended recipient(s) is strictly prohibited. No representation > is >> made that this email or any attachments are free of viruses. Virus > scanning >> is recommended and is the responsibility of the recipient. >> - >> -Original Message- >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf >> Of Pete McNeil >> Sent: Thursday, 18 October 2007 9:58 AM >> To: Message Sniffer Community >> Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade >> Hello Sniffer folks, >> Please find the latest SNF V2-9 distribution files here: >> > http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis >> tributions#NEW_SNF_V2-9_Wide_Beta >> If you are running a previous version of SNF V2-9, please upgrade as >> soon as possible. >> The newest version includes some bug fixes. From the change log: >> 20071017 - SNF2-9b1.5.exe >> Added a missing #include directive to the networking.hpp file. The >> missing #include was not a factor on Linux and Windows systems but >> caused compiler errors on BSD systems. >> Corrected a bug in the GBUdb White Range code where any message with a >> white range source IP was being forced to the white result code. The >> engine now (correctly) only forces the result and records the event when >> a black pattern rule was matched and the White Range IP causes that >> scan result to be overturned. If the scan result was not a black pattern >> match then the original scan result is allowed to pass through. >> Corrected a bug in the Header Analysis filter chain module that would >> cause the first header in the message to be ignored in some cases. >> Corrected an XML log format problem
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I do not recall upgrading How can I tell the version that I am running? thanks Harry Vanderzand Intown Internet 11 Belmont Ave. W. Kitchener, ON, N2M 1L2 519-741-1222 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, January 12, 2008 12:09 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello David, When using snfupd with the new version you can skip the line that tells SNF to reload. REM %LicenseID%.exe reload Most likely the error you received is because there is no executable named for your license ID. This is ok with the new version. The snfupd.cmd script was originally written to work with version 2 which does require "branding" the SNF executable. The new version of SNF does not require branding. Also, the new version will very quickly recognize that there is a new rulebase file and will load it automatically so there is no reason (nor facility) to notify it about the update. Hope this helps, _M Saturday, January 12, 2008, 11:21:37 AM, you wrote: > Ok I have most off this working with Imail 8.22 > So far this is what I have done > Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup > task schedule. > Which generates an from the snfupd.cmd C:\SNF>>snfupd.cmd > 'mylicencekeynotshownhere.exe' is not recognized as an internal or external > command, > operable program or batch file. > REM Load new rulebase file. > %LicenseID%.exe reload > So how do I get the SNFserver to update with the latest .snf file. > Regards David Moore > [EMAIL PROTECTED] > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales > Office Phone: (+612) 9453 1990 > Fax Phone: (+612) 9453 1880 > Mobile Phone: +614 18 282 648 > Skype Phone: ADSLDIRECT > POSTAL ADDRESS: > PO BOX 190 > BELROSE NSW 2085 > AUSTRALIA. > - > This email message is only intended for the addressee(s) and contains > information that may be confidential, legally privileged and/or copyright. > If you are not the intended recipient please notify the sender by reply > email and immediately delete this email. Use, disclosure or reproduction of > this email, or taking any action in reliance on its contents by anyone other > than the intended recipient(s) is strictly prohibited. No representation is > made that this email or any attachments are free of viruses. Virus scanning > is recommended and is the responsibility of the recipient. > - > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Thursday, 18 October 2007 9:58 AM > To: Message Sniffer Community > Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade > Hello Sniffer folks, > Please find the latest SNF V2-9 distribution files here: > http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis > tributions#NEW_SNF_V2-9_Wide_Beta > If you are running a previous version of SNF V2-9, please upgrade as > soon as possible. > The newest version includes some bug fixes. From the change log: > 20071017 - SNF2-9b1.5.exe > Added a missing #include directive to the networking.hpp file. The > missing #include was not a factor on Linux and Windows systems but > caused compiler errors on BSD systems. > Corrected a bug in the GBUdb White Range code where any message with a > white range source IP was being forced to the white result code. The > engine now (correctly) only forces the result and records the event when > a black pattern rule was matched and the White Range IP causes that > scan result to be overturned. If the scan result was not a black pattern > match then the original scan result is allowed to pass through. > Corrected a bug in the Header Analysis filter chain module that would > cause the first header in the message to be ignored in some cases. > Corrected an XML log format problem so that elements are correctly > open ended or closed (empty) according to whether they > have subordinate elements. > Adjusted the GBUdb header info format. The order of the Confidence > figure and Probabilty figure is now the same as in the XML log files > (C then P). The confidence and probability figures are now preceeded > with c= and p= respectively so that it's easy to tell which is which. > Thanks! > _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to th
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello David, When using snfupd with the new version you can skip the line that tells SNF to reload. REM %LicenseID%.exe reload Most likely the error you received is because there is no executable named for your license ID. This is ok with the new version. The snfupd.cmd script was originally written to work with version 2 which does require "branding" the SNF executable. The new version of SNF does not require branding. Also, the new version will very quickly recognize that there is a new rulebase file and will load it automatically so there is no reason (nor facility) to notify it about the update. Hope this helps, _M Saturday, January 12, 2008, 11:21:37 AM, you wrote: > Ok I have most off this working with Imail 8.22 > So far this is what I have done > Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup > task schedule. > Which generates an from the snfupd.cmd C:\SNF>>snfupd.cmd > 'mylicencekeynotshownhere.exe' is not recognized as an internal or external > command, > operable program or batch file. > REM Load new rulebase file. > %LicenseID%.exe reload > So how do I get the SNFserver to update with the latest .snf file. > Regards David Moore > [EMAIL PROTECTED] > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales > Office Phone: (+612) 9453 1990 > Fax Phone: (+612) 9453 1880 > Mobile Phone: +614 18 282 648 > Skype Phone: ADSLDIRECT > POSTAL ADDRESS: > PO BOX 190 > BELROSE NSW 2085 > AUSTRALIA. > - > This email message is only intended for the addressee(s) and contains > information that may be confidential, legally privileged and/or copyright. > If you are not the intended recipient please notify the sender by reply > email and immediately delete this email. Use, disclosure or reproduction of > this email, or taking any action in reliance on its contents by anyone other > than the intended recipient(s) is strictly prohibited. No representation is > made that this email or any attachments are free of viruses. Virus scanning > is recommended and is the responsibility of the recipient. > - > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Thursday, 18 October 2007 9:58 AM > To: Message Sniffer Community > Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade > Hello Sniffer folks, > Please find the latest SNF V2-9 distribution files here: > http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis > tributions#NEW_SNF_V2-9_Wide_Beta > If you are running a previous version of SNF V2-9, please upgrade as > soon as possible. > The newest version includes some bug fixes. From the change log: > 20071017 - SNF2-9b1.5.exe > Added a missing #include directive to the networking.hpp file. The > missing #include was not a factor on Linux and Windows systems but > caused compiler errors on BSD systems. > Corrected a bug in the GBUdb White Range code where any message with a > white range source IP was being forced to the white result code. The > engine now (correctly) only forces the result and records the event when > a black pattern rule was matched and the White Range IP causes that > scan result to be overturned. If the scan result was not a black pattern > match then the original scan result is allowed to pass through. > Corrected a bug in the Header Analysis filter chain module that would > cause the first header in the message to be ignored in some cases. > Corrected an XML log format problem so that elements are correctly > open ended or closed (empty) according to whether they > have subordinate elements. > Adjusted the GBUdb header info format. The order of the Confidence > figure and Probabilty figure is now the same as in the XML log files > (C then P). The confidence and probability figures are now preceeded > with c= and p= respectively so that it's easy to tell which is which. > Thanks! > _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Ok I have most off this working with Imail 8.22 So far this is what I have done Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup task schedule. Which generates an from the snfupd.cmd C:\SNF>snfupd.cmd 'mylicencekeynotshownhere.exe' is not recognized as an internal or external command, operable program or batch file. REM Load new rulebase file. %LicenseID%.exe reload So how do I get the SNFserver to update with the latest .snf file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, 18 October 2007 9:58 AM To: Message Sniffer Community Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade Hello Sniffer folks, Please find the latest SNF V2-9 distribution files here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis tributions#NEW_SNF_V2-9_Wide_Beta If you are running a previous version of SNF V2-9, please upgrade as soon as possible. The newest version includes some bug fixes. From the change log: 20071017 - SNF2-9b1.5.exe Added a missing #include directive to the networking.hpp file. The missing #include was not a factor on Linux and Windows systems but caused compiler errors on BSD systems. Corrected a bug in the GBUdb White Range code where any message with a white range source IP was being forced to the white result code. The engine now (correctly) only forces the result and records the event when a black pattern rule was matched and the White Range IP causes that scan result to be overturned. If the scan result was not a black pattern match then the original scan result is allowed to pass through. Corrected a bug in the Header Analysis filter chain module that would cause the first header in the message to be ignored in some cases. Corrected an XML log format problem so that elements are correctly open ended or closed (empty) according to whether they have subordinate elements. Adjusted the GBUdb header info format. The order of the Confidence figure and Probabilty figure is now the same as in the XML log files (C then P). The confidence and probability figures are now preceeded with c= and p= respectively so that it's easy to tell which is which. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Wednesday, November 7, 2007, 4:57:24 PM, you wrote: > That will help Please keep us updated Regards BTW, we have been on Beta for few days now Any problems about our system you see from your side ? (besside long sessions) Your telemetry looks good. I see that your SYNC sessions are long (about 1.2 secs), but there are no apparent retries. I see that between 20 and 30% of your traffic is being truncated by GBUdb, and that most of your traffic comes from new IPs -- so your system is learning most of it's IP reputation data from the cloud. Your system is remembering about 94K IPs. Spam is about 95% of your traffic -- a little on the high side, but still nominal. From what I can see everything is running normally. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
That will help Please keep us updated Regards BTW, we have been on Beta for few days now Any problems about our system you see from your side ? (besside long sessions) - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Wednesday, November 07, 2007 6:40 PM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Wednesday, November 7, 2007, 12:05:29 PM, you wrote: > Pete, I need to be able to put larde files (Rule base, Logs, ...) in a different directory branch than static files (config, exe, ...) to facilitate backup so logs and rulebase are OK, but how can i move the gdx file out ? Currently the GBX file is in the workspace directory. There is no facility (yet) to store it in a different location. I will add that option to the list of features to consider. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Wednesday, November 7, 2007, 12:05:29 PM, you wrote: > Pete, I need to be able to put larde files (Rule base, Logs, ...) in a different directory branch than static files (config, exe, ...) to facilitate backup so logs and rulebase are OK, but how can i move the gdx file out ? Currently the GBX file is in the workspace directory. There is no facility (yet) to store it in a different location. I will add that option to the list of features to consider. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Pete, I need to be able to put larde files (Rule base, Logs, ...) in a different directory branch than static files (config, exe, ...) to facilitate backup so logs and rulebase are OK, but how can i move the gdx file out ? Regards - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Wednesday, November 07, 2007 3:32 AM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Tuesday, November 6, 2007, 9:56:26 PM, you wrote: > Hello what files need to go in the workplace directory ? TIA Normally, all of the distribution files plus your rulebase (.snf) file. Also, it is common to have your update script and utilities in the workspace or a sub directory from there. It is possible with the new version to put some of these files in different locations - but that is more complex. You can see the directory options in the top few lines of the snf_engine.xml file where you can set paths for logs, rulebase files, workspace, and identity. Be sure to include the full path (on winx boxes this includes the drive letter). One common option when setting up the new beta on a system that already has the old version running is to configure the snf_engine.xml so that the rulebase file is located in the old SNF workspace. This way it is easy to switch back if desired, and existing update mechanisms can remain unchanged until you are ready to make a permanent switch. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello David,
Tuesday, November 6, 2007, 10:39:46 PM, you wrote:
>
When do you think the beta version will go to non beta i.e. live.
The short answer is 6-8 weeks. The more comprehensive answer -- read on...
We are slowly building a set of features that we think should be in the production version. All but two of these are minor adjustments.
One that isn't minor is a training directive that will be able you to automatically add IPs to your ignore list for mixed sources based on matching text patterns in headers.
So, for example, if you'd like to drill down to sources coming through yahoo or aol servers without having to identify the IPs for their outbound servers, then will (in theory) do it for you by matching the reverse DNS portion of your trusted (top) received headers and adding the IP to your ignore list. The effect is to allow a system to see down to the actual source of the message before training GBUdb while using only a few entries to train the engine. Theoretically this will provide a more fine grained approach to dealing with forwarded mailboxes ("the other kind of open relay") and large ISPs that don't control the outbound flow from 0wn3d machines very well. There is much study, trial, and error to be done with this feature but it does look promising so we're going to put it in.
Another nontrivial feature will allow the SNF engine to run properly on big-endian systems (such as G5's) by detecting the big-endian processor at compile time and converting the format of the SNF rulebase each time it is loaded. There is some work to do to verify that the GBUdb code will work in a big-endian environment, but code review so far has not spotted any trouble in that part of the code. Snapshots of the GBUdb data will not be portable to other systems, but they are not intended to be portable anyway - so that is not considered an issue.
The less invasive features include things like:
* Extending the MAX_EVALs limit.
* Log rotation file names may use local (not UTC) time.
* Adjusted default settings for GBUdb (see below).
* Additional telemetry for error and special event tracking.
* Improved persistence for life-time statistics (run time, last save, last condense, etc).
* Others TBD.
I expect the list of "must have features" to grow a tiny bit over the next couple of weeks.
We are not seeing any fault reports on the current beta so I doubt there will be bug fixes at this point.
After we implement the new "must have" features list we will continue in beta for another week or two to ensure that we have not introduced any bugs.
During that time we will build additional documentation.
I think based on this back-of-the-envelope analysis that we are 6-8 weeks from a "production" release.
That said, the current version does appear to be stable in all supported production environments.
We are working on refining the default tuning for the GBUdb section. The current thinking uses the following, extremely conservative tuning that will be included in the next minor release (probably this weekend).
We recommend that all new Beta installations adjust their configuration files to use the following settings for GBUdb Caution and Black ranges. These are also appropriate adjustments for any existing beta users who have not otherwise resolved any GBUdb based false positives due to oversensitivity.
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
When do you think the beta version will go to non beta i.e. live. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, 7 November 2007 2:32 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Tuesday, November 6, 2007, 9:56:26 PM, you wrote: > Hello what files need to go in the workplace directory ? TIA Normally, all of the distribution files plus your rulebase (.snf) file. Also, it is common to have your update script and utilities in the workspace or a sub directory from there. It is possible with the new version to put some of these files in different locations - but that is more complex. You can see the directory options in the top few lines of the snf_engine.xml file where you can set paths for logs, rulebase files, workspace, and identity. Be sure to include the full path (on winx boxes this includes the drive letter). One common option when setting up the new beta on a system that already has the old version running is to configure the snf_engine.xml so that the rulebase file is located in the old SNF workspace. This way it is easy to switch back if desired, and existing update mechanisms can remain unchanged until you are ready to make a permanent switch. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Tuesday, November 6, 2007, 9:56:26 PM, you wrote: > Hello what files need to go in the workplace directory ? TIA Normally, all of the distribution files plus your rulebase (.snf) file. Also, it is common to have your update script and utilities in the workspace or a sub directory from there. It is possible with the new version to put some of these files in different locations - but that is more complex. You can see the directory options in the top few lines of the snf_engine.xml file where you can set paths for logs, rulebase files, workspace, and identity. Be sure to include the full path (on winx boxes this includes the drive letter). One common option when setting up the new beta on a system that already has the old version running is to configure the snf_engine.xml so that the rulebase file is located in the old SNF workspace. This way it is easy to switch back if desired, and existing update mechanisms can remain unchanged until you are ready to make a permanent switch. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello what files need to go in the workplace directory ? TIA - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Saturday, November 03, 2007 9:07 PM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Saturday, November 3, 2007, 4:04:32 PM, you wrote: > pete Now that i'm sure it is running, I will configure declude in the next few minutes Long sessions time is normal in our cas as we have to go thru 2 satellite conexions would that be a problem ? It is possible that some sessions will fail from time to time when congestion is high, but it should not be a problem overall. The system is designed to survive outages without causing trouble. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Saturday, November 3, 2007, 4:04:32 PM, you wrote: > pete Now that i'm sure it is running, I will configure declude in the next few minutes Long sessions time is normal in our cas as we have to go thru 2 satellite conexions would that be a problem ? It is possible that some sessions will fail from time to time when congestion is high, but it should not be a problem overall. The system is designed to survive outages without causing trouble. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
pete Now that i'm sure it is running, I will configure declude in the next few minutes Long sessions time is normal in our cas as we have to go thru 2 satellite conexions would that be a problem ? Regards - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Saturday, November 03, 2007 6:06 PM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Saturday, November 3, 2007, 9:34:46 AM, you wrote: > I did not include the path to snf_engine.xml in the registry config of the service Now it is ok using explorer i get The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. Only one top level element is allowed in an XML document. Error processing resource 'file:///E:/snfsrv/Logs/zydt3crn.status... -^ What am i doing wrong ? If you are appending your status logs you may need to open them in a text editor. Normally the second.status log is not appended and you can load and refresh it in a browser -- it will complain about not having a style sheet, but it will display the data. > Also, how to I check if is os correctly connecting to your servers ? In your status report there is an element that reports the latest SYNC event time. It should be within the last minute or so consistently if you are connecting properly. I am showing telemetry from your system. It does not show any email traffic. The latest session took more than a second to complete -- this is quite long, usually sessions are done in 50-200ms. Based on what I see here it seems: You have SNFServer running. SNFServer is not scanning messages. The network connection between your server and our SYNC server is slow. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Saturday, November 3, 2007, 9:34:46 AM, you wrote: > I did not include the path to snf_engine.xml in the registry config of the service Now it is ok using explorer i get The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. Only one top level element is allowed in an XML document. Error processing resource 'file:///E:/snfsrv/Logs/zydt3crn.status... -^ What am i doing wrong ? If you are appending your status logs you may need to open them in a text editor. Normally the second.status log is not appended and you can load and refresh it in a browser -- it will complain about not having a style sheet, but it will display the data. > Also, how to I check if is os correctly connecting to your servers ? In your status report there is an element that reports the latest SYNC event time. It should be within the last minute or so consistently if you are connecting properly. I am showing telemetry from your system. It does not show any email traffic. The latest session took more than a second to complete -- this is quite long, usually sessions are done in 50-200ms. Based on what I see here it seems: You have SNFServer running. SNFServer is not scanning messages. The network connection between your server and our SYNC server is slow. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Oops, sorry, keyboard pb I meant Also, how do I check if it is correctly connecting to your servers ? - Original Message - From: Serge To: Message Sniffer Community Sent: Saturday, November 03, 2007 1:34 PM Subject: Re: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade I did not include the path to snf_engine.xml in the registry config of the service Now it is ok using explorer i get The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. Only one top level element is allowed in an XML document. Error processing resource 'file:///E:/snfsrv/Logs/zydt3crn.status... -^ What am i doing wrong ? Also, how to I check if is os correctly connecting to your servers ? Thanks - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Saturday, November 03, 2007 12:16 PM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Friday, November 2, 2007, 11:46:59 PM, you wrote: > Hello Pete, I finishished configuring and installing the new server as service. How do i test it and check it is running correctly ? Running from command prompt seems ok and create logs, but starting the service does not create logs The most common cause of this condition is a typo in the service setup and/or not using the full path to the SNFServer.exe and the snf_engine.xml file. The service utility usually runs from a different location so it is important to use the full path to launch SNFServer - otherwise it may fail to launch at all, or if it does launch it may not find it's configuration file and working directories. The next thing to check would be permissions. Be sure that the user running SNFServer has full access to it's working directories and to the location of the message files it will scan. When SNF is running correctly it will create status logs in it's working directory. The second status log file will change about once per second. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I did not include the path to snf_engine.xml in the registry config of the service Now it is ok using explorer i get The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. Only one top level element is allowed in an XML document. Error processing resource 'file:///E:/snfsrv/Logs/zydt3crn.status... -^ What am i doing wrong ? Also, how to I check if is os correctly connecting to your servers ? Thanks - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Saturday, November 03, 2007 12:16 PM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Friday, November 2, 2007, 11:46:59 PM, you wrote: > Hello Pete, I finishished configuring and installing the new server as service. How do i test it and check it is running correctly ? Running from command prompt seems ok and create logs, but starting the service does not create logs The most common cause of this condition is a typo in the service setup and/or not using the full path to the SNFServer.exe and the snf_engine.xml file. The service utility usually runs from a different location so it is important to use the full path to launch SNFServer - otherwise it may fail to launch at all, or if it does launch it may not find it's configuration file and working directories. The next thing to check would be permissions. Be sure that the user running SNFServer has full access to it's working directories and to the location of the message files it will scan. When SNF is running correctly it will create status logs in it's working directory. The second status log file will change about once per second. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Serge, Friday, November 2, 2007, 11:46:59 PM, you wrote: > Hello Pete, I finishished configuring and installing the new server as service. How do i test it and check it is running correctly ? Running from command prompt seems ok and create logs, but starting the service does not create logs The most common cause of this condition is a typo in the service setup and/or not using the full path to the SNFServer.exe and the snf_engine.xml file. The service utility usually runs from a different location so it is important to use the full path to launch SNFServer - otherwise it may fail to launch at all, or if it does launch it may not find it's configuration file and working directories. The next thing to check would be permissions. Be sure that the user running SNFServer has full access to it's working directories and to the location of the message files it will scan. When SNF is running correctly it will create status logs in it's working directory. The second status log file will change about once per second. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Pete, I finishished configuring and installing the new server as service. How do i test it and check it is running correctly ? Running from command prompt seems ok and create logs, but starting the service does not create logs TIA -Serge - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Thursday, October 18, 2007 1:02 AM Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Steve, Wednesday, October 17, 2007, 7:25:43 PM, you wrote: > Pete, So still in Beta right? Not being a beta tester I'll patiently wait till you go Golden Master. Just wanted to make sure this was not the GM version Yes. This is still a beta. All that remains on the current development list is documentation (ongoing) and some minor feature requests, plus some "mold" (time spent watching for anomalies on a wide variety of systems under a wide variety of conditions). So far so good. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Hello Steve, Wednesday, October 17, 2007, 7:25:43 PM, you wrote: > Pete, So still in Beta right? Not being a beta tester I'll patiently wait till you go Golden Master. Just wanted to make sure this was not the GM version Yes. This is still a beta. All that remains on the current development list is documentation (ongoing) and some minor feature requests, plus some "mold" (time spent watching for anomalies on a wide variety of systems under a wide variety of conditions). So far so good. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Pete, So still in Beta right? Not being a beta tester I'll patiently wait till you go Golden Master. Just wanted to make sure this was not the GM version On Oct 17, 2007, at 3:57 PM, Pete McNeil wrote: Hello Sniffer folks, Please find the latest SNF V2-9 distribution files here: http://kb.armresearch.com/index.php? title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_B eta If you are running a previous version of SNF V2-9, please upgrade as soon as possible. The newest version includes some bug fixes. From the change log: 20071017 - SNF2-9b1.5.exe Added a missing #include directive to the networking.hpp file. The missing #include was not a factor on Linux and Windows systems but caused compiler errors on BSD systems. Corrected a bug in the GBUdb White Range code where any message with a white range source IP was being forced to the white result code. The engine now (correctly) only forces the result and records the event when a black pattern rule was matched and the White Range IP causes that scan result to be overturned. If the scan result was not a black pattern match then the original scan result is allowed to pass through. Corrected a bug in the Header Analysis filter chain module that would cause the first header in the message to be ignored in some cases. Corrected an XML log format problem so that elements are correctly open ended or closed (empty) according to whether they have subordinate elements. Adjusted the GBUdb header info format. The order of the Confidence figure and Probabilty figure is now the same as in the XML log files (C then P). The confidence and probability figures are now preceeded with c= and p= respectively so that it's easy to tell which is which. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
