Richard Stupek wrote:
A question about using the XCI bad command. Assume an email passes
through sniffer and does not trigger any rules, I then run it through
and determine it is in fact spam. I send a bad command to let
sniffer know the IP address had a bad event. Won't the good event
that
A question on GBUDB utilization. I show a current utilization of 95% (from
the log file) which I assume means the amount of memory used from what is
set aside for gbudb entries. Is that correct? What happens when more
entries are added? Does the GBUdb grow or does it get pruned out? Will
Richard Stupek wrote:
A question on GBUDB utilization. I show a current utilization of 95%
(from the log file) which I assume means the amount of memory used
from what is set aside for gbudb entries. Is that correct?
Yes.
What happens when more entries are added? Does the GBUdb grow or
Thanks for the info. Is there any diagnostic information available when a
gbudb sync occurs?
On Tue, Feb 17, 2009 at 4:35 PM, Pete McNeil
madscient...@armresearch.comwrote:
Richard Stupek wrote:
A question on GBUDB utilization. I show a current utilization of 95%
(from the log file) which
Richard Stupek wrote:
Thanks for the info. Is there any diagnostic information available
when a gbudb sync occurs?
You can always see the current status of GBUdb in your status.* files.
If you append these logs you can follow the state of the system through
time using pre-compiled statistics
A question about using the XCI bad command. Assume an email passes through
sniffer and does not trigger any rules, I then run it through and determine
it is in fact spam. I send a bad command to let sniffer know the IP
address had a bad event. Won't the good event that would occur due the
spam
Richard Stupek wrote:
Which of the 2 scan commands should we use to scan a message? Does
sending the IP address help improve scanning?
snfxciscannerscan file='filepath'//scanner/xci/snf
OR
snfxciscannerscan file='filepath' xhdr='no' log='no'
ip='12.34.56.78'//scanner/xci/snf
That depends on
So there would not be a real benefit to passing the IP over when it is the
is already in the mail having been added by the mail server?
On Fri, Feb 13, 2009 at 2:56 PM, Pete McNeil
madscient...@armresearch.comwrote:
Richard Stupek wrote:
Which of the 2 scan commands should we use to scan a
Richard Stupek wrote:
So there would not be a real benefit to passing the IP over when it is
the is already in the mail having been added by the mail server?
Correct.
The vast majority of the time a properly configured SNF + GBUdb can
learn the original source of the IP even if you have