Re: [sniffer] rule idea

2004-02-17 Thread Matt
unreliable I'm thinking. It it was to be scored, I would much rather it be separate from other tests. Matt Herb Guenther wrote: At one time we had floated the idea of a rule that would mark any email that was more than 24-48 hrs ahead or behind the actual current time and date as spam. I just got

Re: [sniffer] Efficiency request for Declude installationsandmaybeothers.

2004-03-08 Thread Matt
on extra large files of certain types (not very common, but they produce long and large spikes). Thanks, Matt Pete McNeil wrote: Matt, I'm sorry you're in such a bind. We all get there from time to time. First, as far as I know you should be able to call a script from declude and pass

Re: [sniffer] Config When Using Sniffer With Declude...

2004-03-09 Thread Matt
FFER-AVSOFT external 049 "C:\IMail\Declude\Sniffer\sniffer2.exe code" 6 0 SNIFFER-INSURANCE external 048 "C:\IMail\Declude\Sniffer\sniffer2.exe code" 6 0 SNIFFER-TRAVEL external 047 "C:\IMail\Declude\Sniffer\sniffer2.exe code" 6 0 Matt Scott Fisher wrote: Here ar

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-18 Thread Matt
10) Open the Services MMC 11) Start the Sniffer service 12) Set the Sniffer service to Automatic Matt Matt wrote: I'm going to give this one a try right now since I have the Resource Kit installed already. Just one question...do I need to change the arguments in my Declude config, or will t

Re: [sniffer] RunExeSvc for Persistent sniffer.

2004-03-18 Thread Matt
://www.mailpure.com/service.gif The real test will have to wait for rush hour though. Thanks, Matt Pete McNeil wrote: The service definition takes care of the persistence. Your Declude config should not be changed. _M At 01:05 AM 3/19/2004, you wrote: I'm going to give this one a try right now since I

Re: [sniffer] Help

2004-03-25 Thread Matt
Have you tried a reboot? Checked your error logs? Made sure that DNS and all of your E-mail services are running? Is there even a chance that you will be able to receive this message? Matt Richard Farris wrote: I just did an Windows NT update and now I cant get any email...when I turn

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Matt
in the mean time though. Matt Pete McNeil wrote: snf2check.exe will catch a partial download but it will not catch corruption in the middle of the file. _M At 03:57 PM 3/25/2004, you wrote: I run snf2check.exe against every .snf file downloaded. I just checked it again manually, and no errors

Re: [sniffer] Spam storm?

2004-03-26 Thread Matt
FYI, I'm on Sprint also and saw issues. Matt Pete McNeil wrote: At 09:31 AM 3/26/2004, you wrote: On Mar 26, 2004, at 7:42 AM, Russ Uhte (Lists) wrote: downloads are coming from. However, I too have noticed really slow download speeds. I use wget, and I've never had a single problem

Re: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Matt
to the way that processes when traffic is less heavy. Matt Pete McNeil wrote: I must be getting punchy... but this just occurred to me... Anybody else remember when a high performance hard drive had a seek time just under 30ms ?? _M At 06:01 PM 4/7/2004, you wrote: If thats all that happens

[sniffer] Possible blip?

2004-05-19 Thread Matt
higher and landing in Drop). This morning though the size of my rulebase again dropped by about 450 KB. I was just wondering if this might have been a hiccup with a bad compilation or maybe you were testing something out? Thanks, Matt

Re: [sniffer] Possible blip?

2004-05-19 Thread Matt
if there was a blip, Sniffer still does a wonderful job of tagging lots and lots of E-mail, just not quite as much as the day before. Thanks, Matt Pete McNeil wrote: At 12:57 PM 5/19/2004, you wrote: Pete, I noted late last night that my rulebase grew by 700 KB over the size of the previous one

Re: [sniffer] Possible blip?

2004-05-21 Thread Matt
thoughts. Thanks, Matt Pete McNeil wrote: At 05:00 PM 5/19/2004, you wrote: snip/ I haven't yet upgraded to the most recent release, I'm still on the prior beta. I'll probably do that this evening. I tend to wait on upgrades until there has been enough time for bugs to surface unless I am

Re: [sniffer] Possible blip?

2004-05-21 Thread Matt
h encoding languages I've found. Hope this helps. Matt Scott Fisher wrote: 2 thoughts from me: 1. Right on on the Nigerian scams, possible keeping these rules longer. As I was forwarding out a Nigerian scam to the spam mailbox, I too wondered how long the Nigerian rules were kept in play. I

Re: [sniffer] OT: Language filtering in Declude, was Possible blip?

2004-05-21 Thread Matt
because that might accomplish the same goals, however I'm not sure if it also scores the definition of a characterset, in which case it would have false positives in this scenario. Matt Scott Fisher wrote: Interesting. Are you searching for 2 character pairs with GB2312? Scott Fisher

Re: [sniffer] OT: Language filtering in Declude, was Possibleblip?

2004-05-21 Thread Matt
as Spanish since that's not necessary for proper display in most E-mail clients, but I have seen no proof of that. Matt Scott Fisher wrote: Interesting. I generally just punish people if GB2312 ?BIG5 or such are in the headers. This is overwhelmingly SPAM, but like you siad there are English i

Re: [sniffer] OT: Language filtering in Declude, wasPossibleblip?

2004-05-21 Thread Matt
encoded in KOI8-R and I wasn't filtering for that...but I am now :) I also added KOI8-U (the Ukrainian version) just for good measure. Matt Scott Fisher wrote: Wouldn't it be better to reverse the order? Run the subject and header tests on the majority of the mail. Then run the body

[sniffer] Experimental hits on bounce messages

2004-06-13 Thread Matt
to place in another category. I do have a filter that deals with bounce messages from Joe-Jobs by testing for both a Sniffer hit or other content related filter along with indications of a null sender or other sign of a bounce, but I was excluding Sniffer-Experimental from this. Thanks, Matt

Re: [sniffer] Experimental hits on bounce messages

2004-06-14 Thread Matt
for legitimate servers tagged by Experimental which due to their inclusion now in combo filters, may cause legitimate E-mail to bounce. Thanks, Matt hb064pkq 20040614012029 Dfd5a0e3101a49a3c.SMD 16 15 Match 84800 62 1 51 38 hb064pkq 20040614012029 Dfd5a0e3101a49a3c.SMD 16 15 Final 84800 62 0 2674 38

Re: [sniffer] Reporting - was: spam leakage up

2004-06-24 Thread Matt
-time functionality may well be more experienced DB admins or programmers and may be able to handle whatever format that you throw at them. Matt Pete McNeil wrote: We are working on specs for real-time reporting out of Sniffer and haven't had a lot of feedback on the XML based format. We were

Re: [sniffer] zipping log files

2004-07-17 Thread Matt
Pete McNeil wrote: On Friday, July 16, 2004, 11:04:42 PM, Matt wrote: snip/ M gzip should be able to handle standard zip files. You mentioned a while Key word being _should_ ;-) Well, there's always Info-ZIP's UnZip for Linux if it doesn't: http://www.info-zip.org/pub/infozip/UnZip.html . I

Re: [sniffer] Surprising missed spam

2004-09-13 Thread Matt
of the time. Including such phrases however would increase our false positive rate without a measurable benefit in spam capture rates. I have even asked Pete to remove some phrase hits from my own rulebase for exactly this reason. Matt Agid, Corby wrote: Surprising missed spam Hello

Re: [sniffer] Surprising missed spam

2004-09-14 Thread Matt
suggestive one. Given that, I could weight accordingly. Matt Agid, Corby wrote: I suppose everyone's userbases have differenent requirements. An ISP or private enterprisemight worry about false postives on "horny teenagers" and "penis enlargement", but for our loca

[sniffer] Test ordering/precedence

2004-09-18 Thread Matt
to customize the precedence as a part of our rulebase. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =

Re: [sniffer] Test ordering/precedence

2004-09-18 Thread Matt
placing the burden on his customers to do so. Matt John Tolmachoff (Lists) wrote: Matt Matt Matt. Then everyone would have to make sure they made the relevant changes on their systems. As we have seen on the Declude Junkmail list, there will always be those who set up

Re: [sniffer] Test ordering/precedence

2004-09-18 Thread Matt
to modify configs, but please minimally consider it at the next opportunity where a change such as the Gray to IP rules are done. Thanks, Matt Pete McNeil wrote: On Saturday, September 18, 2004, 9:07:55 PM, Matt wrote: M John, M If you read this more carefully, I was not suggesting that M action

Re: [sniffer] Test ordering/precedence

2004-09-19 Thread Matt
the change wouldn't have a large effect on many systems, but this is definitely something that would affect my own. It is of course easily remedied with some very quick changes in my Declude config file. Thanks, Matt -- = MailPure custom

Re: [sniffer] Integrating Sniffer with new Imail Collaboration Suite

2004-10-27 Thread Matt
is an indication of an organization in total disarray. Matt Colbeck, Andrew wrote: Well, to play devil's advocate ... A poor man's way to run IMail and Message Sniffer without Declude could certainly be done without a massive re-write. I'm not going to claim that it would be *reliable* or *flexible

Re: [sniffer] Your Sniffer Setup

2004-11-01 Thread Matt
\Sniffer\Enum] "0"="Root\\LEGACY_SNIFFER\\" "Count"=dword:0001 "NextInstance"=dword:0001 Sorry to keep this going, but I would like to figure out what the best practices would be, and also help Andy and/or others figure out the sa

Re: [sniffer] Your Sniffer Setup

2004-11-01 Thread Matt
it that way for the service. Matt Andy Schmidt wrote: Yes, I too suspect that SRVANY actually allows the specifying of the entire command line in the Appliation string, even though both the Knowledgebase article and the full documentation implies otherwise. (The KB article and the documentation

Re: [sniffer] My issues with the General category, looking for abettersolution

2004-12-16 Thread Matt
sometimes be held and sometimes get passed, and reporting the false positives on these sorts of things only offered a temporary resolution in many cases. Matt System Administrator wrote: on 12/15/04 11:41 PM, Matt wrote: I've been having a lot of issues with false positives

Re: [sniffer] My issues with the General category, looking forabettersolution

2004-12-17 Thread Matt
and I hope there is an easier way to approach this. Note that I expect no miracles, I just thought this was something that might be fruitful to discuss. Matt System Administrator wrote: on 12/16/04 5:36 PM, Matt wrote: The reason why you aren't seeing these is because you aren't weighti

[sniffer] My issues with the General category, looking for a better solution

2004-12-15 Thread Matt
of a system. Sorry for the length, but I really am hoping for a way to improve this situation and help reduce the workload that it creates for administrators like myself that seek to tightly manage their system. Thanks, Matt -- = MailPure

Re: [sniffer] Change in coding policies

2004-12-21 Thread Matt
that I have defined personally are as follows: - Joe-Job NDR's. - Challenge/Response Idiots - AntiVirus Notifications Matt Pete McNeil wrote: On Tuesday, December 21, 2004, 12:51:19 PM, Andrew wrote: CA It sounds good to me, Pete. CA May I humbly suggest that this be a new result code

Re: [sniffer] Change in coding policies

2004-12-21 Thread Matt
of the stuff as generic as what IMail would send (no content), and there is unfortunately no good way to tell the good from the bad. Right now I can only offer to block all NDR's, but I suggest that they just wait a week and the issue will clear up, and thankfully it always has so far. Matt

Re: [sniffer] Sniffer updates...

2004-12-22 Thread Matt
than fair by offering free migrations of their license to a different platform, starting with SmarterMail which is very reasonably priced and seemingly quite responsive to their customers. Matt Joe Wolf wrote: I'm currently using Sniffer via Imail and Declude. We all know

Re: [sniffer] Sniffer updates...

2004-12-22 Thread Matt
,000 after that. Please don't get me started :) Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =

Re: [sniffer] Downloads are slow...

2004-12-27 Thread Matt
, but not that big of a deal if this has never caused a noticeable problem. Matt Andy Schmidt wrote: Pete, With all due respect - I think the download problem is self-inflicted, because your web site is providing unsuitable examples to your customers! Even with moderate bandwidth, your server would

Re: [sniffer] Downloads are slow...

2004-12-28 Thread Matt
with gzip and including that in the default setup would also be seemingly preferable. Throwing together a how-to that was written for the lowest common denominator would enhance the ease of use for many (pictures are nice where appropriate), and would help with reducing support. Matt Woody G

Re: [sniffer] Triggered rulebase update instructions

2004-12-28 Thread Matt
things, but I'll wait for your direction before doing so. I think the most important thing would be for Pete to provide some guidance for the preferred directory structure (independent of the app), so that this could be used for the default settings in this and other scripts. Matt Landry William wrote

Re: [sniffer] Triggered rulebase update instructions

2004-12-29 Thread Matt
when the time comes. Naturally, very few ever have to ask for my opinions :) Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = This E-Mail came

Re: [sniffer] Sniffer Notifications now failing declude spamheaderstest

2005-01-03 Thread Matt
Jim, See the Declude list, it is a Declude problem In short, turn off SPAMHEADERS by commenting out the test. It has a bug with 2005 years in the date header. They should be coming out with a fix shortly. Matt Jim Matuska wrote: Has anything changed recently in the format

Re: [sniffer] new spam storm?

2005-01-04 Thread Matt
real-time than it already is. Matt Kirk Mitchell wrote: Seems like I've been getting a ton of spam in the last few days that's been scored as either LOW or CLEAN, many of them for cheap drugs, watches or my cheating wife. I have AutoSNF running every 2 hours, so it shouldn't be due to outdated

Re: [sniffer] reporting spam in bulk

2005-01-05 Thread Matt
to KWM is just some JavaScript to extract the spool data file name from my message headers that I insert (full headers must be turned on in Web mail), and this links to an ASP script on my server that handles everything else. Matt Pete McNeil wrote: On Wednesday, January 5, 2005, 4:03:28 PM

Re: [sniffer] Tweaking our rule base

2005-01-06 Thread Matt
IP4R tests and weighted accordingly in one's config. http://www.blackholes.us/ Matt Pete McNeil wrote: On Thursday, January 6, 2005, 3:42:21 PM, Jeff wrote: JW Hi, JW Whats the procedure for tweaking our rule base? We would JW like to catch anything from foreign domains. If thats not JW

Re: [sniffer] Still having problems

2005-01-10 Thread Matt
t;. Hope this helps. Matt Pete McNeil wrote: On Monday, January 10, 2005, 12:38:45 AM, Kirk wrote: KM I would like to attack this more aggressively. The increase we've seen in KM spam getting through over the last week has brought on a dramatic increase KM in customer complaints. What

Re: [sniffer] IIS SMTP Integration

2005-02-18 Thread Matt
there for non-Exchange based setups, or even for going the extra mile that is necessary for this stuff, though that might be an issue with resources and not just simply understanding. Matt -- = MailPure custom filters for Declude JunkMail Pro

Re: [sniffer] IIS SMTP Integration

2005-02-18 Thread Matt
mail servers as they do now, though it appears that it would be somewhat more complicated. Matt Andy Schmidt wrote: The idea being that you don't want any more content searching than is necessary, particularly when a recipients-dictionary-attack is underway. Okay

Re: [sniffer] IIS SMTP Integration

2005-02-18 Thread Matt
roughly familiar with the terminology. Matt Andy Schmidt wrote: Uh, I see, you are not against the protocol sink in principal - you are only against it IF there is no means of doing address validation (and possible some other checks) at the same time. Yes, I have other protocol

Re: [sniffer] Seperate Lists?

2005-02-19 Thread Matt
discussion and it may also cause those of us that are more 'chatty' to quiet down which stifles the discussion and the benefit that can be gleamed from it. Thanks, Matt Pete McNeil wrote: On Saturday, February 19, 2005, 1:28:14 PM, Dave wrote: DK I am all in favor of a SUPPORT list to announce timely

Re: [sniffer] RAID Levels for Spool Folder

2005-03-16 Thread Matt
. With that said, if performance isn't an issue with a single drive, mirroring it in Windows might be a perfectly fine solution. I would still lean towards a cheap RAID card for this however. Matt Andy Schmidt wrote: Uh, sorry, I had thought that discussion was RAID-5 vs. RAID-1? If someone

Re: [sniffer] RAID Levels for Spool Folder

2005-03-16 Thread Matt
partition, with IMail/Declude/F-Prot and about 7,000 accounts, though it was starting to stress the server at that point and needed to be addressed. Matt Goran Jovanovic wrote: Matt, I think that you sort of answered the question that I did not really ask. I was really

Re: [sniffer] Porn Spam again

2005-03-28 Thread Matt
or obfuscates in some other way. No matter what however, every piece of spam needs a payload, which is generally a link, E-mail address or phone number. Matt Pete McNeil wrote: On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote: HE Anyway that sniffer could trigger on this type of stuff? snip/ Yes

Re: [sniffer] Persistent Sniffer

2005-04-01 Thread Matt
flawlessly for me since the day that Pete released that functionality. I am thinking that you might want to scrutinize your setup. Hope that this helps. Matt Keith Johnson wrote: Pete, Wow, thank you for the explanation. I did let the persistent server run for 30 min after I restarted

Re: [sniffer] Latest medication campaign

2005-04-13 Thread Matt
, the scores are based on a system that holds at a score of 10. Matt --- Global.cfg --- FORGEDPILLSPAMMERfilter C:\IMail\Declude\Filters\ForgedPillSpammer.txtx50 -- = MailPure custom filters for Declude JunkMail Pro

Re: [sniffer] Latest medication campaign

2005-04-14 Thread Matt
that it was a good idea to share the update to prevent the possibility of problems. The new version is attached. Matt Matt wrote: Attached is something that I coded up last night for this guy. It's designed to be not totally dependant on one pattern so that it might have some longevity. His

Re: [sniffer] Rule 353039 - .comcast.net

2005-05-10 Thread Matt
would be the time that the bad rule was created, otherwise we need to search our logs for it. My first hit on this was yesterday at 9 p.m. EST, but some probably hit it earlier by up to a couple of hours I would imagine. Thanks, Matt Pete McNeil wrote: Hello Sniffer Folks, A rule was created

Re: [sniffer] Rule 353039 - .comcast.net

2005-05-10 Thread Matt
See my message below...restart your Sniffer service and it should work. Matt Computer House Support wrote: Mail from Comcast is still getting caught, even with the panic rule in place. Any suggestions? Mike Stein This E-Mail came from the Message Sniffer mailing list. For information and (un

Re: [sniffer] Rule 353039 - .comcast.net

2005-05-10 Thread Matt
intervention... Thanks, Matt Pete McNeil wrote: On Tuesday, May 10, 2005, 12:45:53 PM, Computer wrote: CHS Mail from Comcast is still getting caught, even with the panic rule in CHS place. Any suggestions? * be sure you have updated rulbase.cfg * be sure your entry is in the correct format. You will find

Re: [sniffer] New Spam Storm

2005-05-17 Thread Matt
of association. This for now is a definitely a special case due to it's success in getting through systems early on, the lack of a legitimate payload link (all belong to uninvolved third-parties) and the volume seen. It's scary what someone can do if they prepare properly for such a thing. Matt

Re: [sniffer] New Spam/Virus?

2005-06-06 Thread Matt
that 66.251.60.35 was being used to seed the virus using a link to the payload and now the infected computers from this seeding run are sending the actual virus out as an attachment. Matt Pete McNeil wrote: New rule - 369676 under Malware. New experimental rule on message structure: 369677 _M

Re: [sniffer] Sniffer taking a long time?

2005-08-02 Thread Matt
why people use FireDaemon for this. My experience with SRVANY.exe has been absolutely flawless since I integrated this, and it has worked on both Win2k and Windows 2003. Matt Dan Horne wrote: OK, I have managed to get SOMETHING working, but it still seems too slow and something is still

Re: [sniffer] Sniffer taking a long time?

2005-08-02 Thread Matt
You are correct. My bad. Matt Nick Hayer wrote: Without regard to content I believe the edits would be made in CurrentControlSet - not in ControlSetxxx - the later are the backups. -Nick Matt wrote: Dan, I seem to recall trying to use the AppParameters key and having

Re: [sniffer] Sniffer taking a long time?

2005-08-02 Thread Matt
ional keys? Something else. Did you make sure that the Sniffer service that you created was started? No doubt it will work if you follow those directions to a T, and there aren't any issues with your server apart from this. Matt Dan Horne wrote: I removed the AppParameters value and put th

Re: [sniffer] Sniffer taking a long time?

2005-08-02 Thread Matt
on an overloaded IMail/Declude server under very heavy load. If you ever get bursts of traffic, this can come in handy. Matt Dan Horne wrote: So basically, what you are saying is that my volume is really too low to take advantage of the persistent sniffer (and such may actually decrease my performance

Re: [sniffer] YAhoo mails failing sniffer?

2005-09-21 Thread Matt
I have noted a few. I think that this has something to do with some Phishing rules that are hitting on content in combination with the Yahoo inserted footer that is advertising donations for Hurricane Katrina. I haven't reported my latest batch of FP's yet, but I will do so now. Matt Marc

Re: [sniffer] YAhoo mails failing sniffer?

2005-09-21 Thread Matt
Quick follow-up. The bad rule appears to be 497585. Matt Marc Catuogno wrote: I'm seeing a few legit e-mails from Yahoo failing sniffer. Anyone else? --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un

Re: [sniffer] Sniffer working now

2005-10-11 Thread Matt
nyone else a kick out of the Reply-All habit :) Matt Pete McNeil wrote: GREAT! _M On Tuesday, October 11, 2005, 10:58:10 AM, Stephen wrote: Pete, It's workin

Re: [sniffer] Rash of false positives

2005-11-09 Thread Matt
it's only one part and if the mystery heap is the cause, it might just cause the errors to be triggered on other IMail launched processes including Declude.exe and your virus scanners. Matt John Moore wrote: We have not run snf2check on the updates.

Re: [sniffer] Watch out... SURBL SORBS full of large ISPs and Antispamprovidres.

2006-01-17 Thread Matt
Pete, w3.org would be a huge problem because Outlook will insert this in the XML headers of any HTML generated E-mail. If you could give us an idea of when this started and possibly ended, that would help in the process of review. Thanks, Matt Pete McNeil wrote: Hello Sniffer Folks

Re: [sniffer] Watch out... SURBL SORBS full of large ISPs and Antispamprovidres.

2006-01-17 Thread Matt
-checked false positives can have a life of their own on Sniffer sometimes. Thanks, Matt Pete McNeil wrote: On Tuesday, January 17, 2006, 7:21:11 AM, Matt wrote: M Pete, M w3.org would be a huge problem because Outlook will insert this in the M XML headers of any HTML generated E-mail. M

Re: [sniffer] Bad Rule - 828931

2006-02-07 Thread Matt
it was, the more likely that it could have failed. I also searched my Sniffer logs for the rule number and found no hits. It appears that I missed the bad rulebase. Thanks, Matt Pete McNeil wrote: On Tuesday, February 7, 2006, 6:15:13 PM, David wrote: DS Sorry, wrong thread on the last post. DS Add'l

Re: [sniffer] Bad Rule - 828931

2006-02-07 Thread Matt
Pete, The overflow directory disappeared when 3.x was introduced. I posted a follow up on the Declude list about how to do this. Matt Pete McNeil wrote: On Tuesday, February 7, 2006, 8:14:53 PM, David wrote: DS Hello Pete, DS Tuesday, February 7, 2006, 8:11:50 PM, you wrote: DS

Re: [sniffer] New rulebase compilers online.

2006-03-06 Thread Matt
an improvement. The closer to real-time we can get, the better. Thanks, Matt Pete McNeil wrote: Hello Sniffer Folks, I have just completed work to upgrade the rulebase compiler bots. They are now significantly more efficient. As a result you will be seeing updates more frequently

Re: [sniffer] New RuleBot F002 Online

2006-03-10 Thread Matt
, Matt Pete McNeil wrote: Hello Sniffer Folks, Rulebot F002 has been placed online. This rulebot captures and creates geocities web links from the chatty campaigns. This is largely a time saver for us humans... we will focus our attention more on abstracts for these campaigns now that F002

Re: [sniffer] New RuleBot F002 Online

2006-03-13 Thread Matt
generally been said by others that this is the case on theirs as well. F002 has the appearance of being hyper-accurate, and it would help if it was placed in a group with other hyper accurate results. Even placing it in 61 (Experimental) would be preferred over 60. Thanks, Matt Pete

[sniffer] Message loop

2006-04-19 Thread Matt
Pete, I tried replying to some FP reports and I received back some loop reports from your gateway: Failed to deliver to '[EMAIL PROTECTED]' mail loop: too many hops (too many 'Received:' header fields) Reporting-MTA: dns; server75.appriver.com Original-Recipient: rfc822;[EMAIL

Re: [sniffer]Re[2]: [sniffer]FP suggestions

2006-06-07 Thread Matt
anism from the mix, though you wouldn't have the opportunity to see the messages which may not be good as a whole. Matt Pete McNeil wrote: Hello Scott, Wednesday, June 7, 2006, 10:08:58 AM, you wrote: For me the pain of false positives submissions is the research that happens

[sniffer][Fwd: Re: [sniffer]FP suggestions]

2006-06-07 Thread Matt
told them that Outlook was a security/privacy risk on it's own :) ...but that's another story. I would probably feel different if I had the need for groupware though, but digs at Microsoft are irresistible sometimes. Matt ---BeginMessage--- Of course I'm sending the full message

[sniffer] Re: [sniffer][Fwd: Re: [sniffer]FP suggestions]

2006-06-08 Thread Matt
to Sniffer for the benefit of all in addition to making sure that a FP rule will not tag something outside of the scope of what I whitelisted, and I have to report in order to be able to see what the content of the rule was. Customers do most of the reprocessing now, I just do the back end stuff. Matt

[sniffer] Re: [sniffer]Re[2]: [sniffer]WeightGate source, just in case...

2006-06-08 Thread Matt
Pete, My understanding was that Declude treats different arguments to an executable as just being other forms of that executable so it only processes it once. I'm not positive one way or another. It's worth testing though. Matt Pete McNeil wrote: Hello Matt, Wednesday, June 7, 2006

[sniffer] Re: New SPAM pain

2006-07-26 Thread Matt
Pete surely won't mind after you post your observations :) Matt Darrell ([EMAIL PROTECTED]) wrote: If Pete doesn't mind I will post my observations in regards to the product.  I run both products (CommTouch and Sniffer). Darrell --- Check out

[sniffer] Re: Significant increase in false positives

2006-10-16 Thread Matt
if you talked with Declude about allowing for the insertion of headers, or even if you did this on your own. I believe the D* file may be editable when the external app is launched. That would make recovery of this so much easier for me (minutes instead of hours of work). Thanks, Matt Pete

[sniffer] Re: Significant increase in false positives

2006-10-16 Thread Matt
many that are scoring Sniffer lower than our block weight to then score these multiple classification hits higher. This wouldn't be useful though unless it was seperated by types like I listed since I often find multiple hits under the current rulebase format. Thanks, Matt Pete McNeil wrote

[sniffer] Re: Increase in spam

2006-10-18 Thread Matt
are a part of that system. If so, the Network Solutions issues yesterday did cause issues with resolving off of blacklists as it has been reported, and that could explain the extra leakage. Matt Darin Cox wrote: We saw a sudden ~50% increase on July 16th, but only fluctuations and moderate

[sniffer] Re: Version 2-3.5 Release -- Faster Engine

2006-10-23 Thread Matt
Kudos Pete! Just wanted to say thanks. Matt Pete McNeil wrote: Hello SNF Folks, The plan was to hold off until the next major release, however in light of recent increases in spam traffic we are pushing out a new version with our faster engine included. All other upgrades are will wait

[sniffer] Re: Increase in spam

2006-10-25 Thread Matt
. Previously, we never saw this since those domains weren't being attacked. I have no clue as to why anyone is still providing catch-alls, especially mail forwarding services like BulkRegister. It just seems like a good way to limit the capacity of a server by 75% or more. Matt Pete McNeil wrote

[sniffer] Re: Uploading problems

2006-12-07 Thread Matt
Try WPUT http://sourceforge.net/projects/wput/ Matt K Mitchell wrote: At 11:16 PM 12/7/2006 -0700, Jay Sudowski - Handy Networks LLC wrote: Give this a try: http://www.ncftp.com/download/ Just did about 5 minutes ago. It won't run without specifying a destination directory

[sniffer] Re: Integration with Mailenable

2007-03-15 Thread Matt
Yeah, filtering services suck! Matt Chris Bunting wrote: Merak mail server has been great for us, we have 10,000 users, and have not had any problems with it over the 5+ years we have been using it... It's been rock-solid. Don't waste your money on the anti-virus/anti-spam filtering services

[sniffer] Re: Integration with Mailenable

2007-03-17 Thread Matt
. SmarterMail certainly has a lower cost of entry. I would trust Jay's experience with MailEnable considering his extensive experience. Matt Jay Sudowski - Handy Networks LLC wrote: Hi Phil - Good question. We integrate Sniffer into SmarterMail via Declude. However, SmarterMail does have

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Matt
. There are more common issues with international ISP's and webmail providers than with things like yahoo.com, gmail.com, rr.com, etc. Many don't get a lot of international traffic so they don't notice it. Matt Andy Schmidt wrote: Hi, Unless I'm mistaken, rule 1370762 was targeting the same

[sniffer] Re: How to incorporate a white list?

2007-04-03 Thread Matt
circumstance, and we certainly wouldn't ever see things like yahoo.com, gmail.com and rr.com mail servers listed like we see with some degree of regularity under the current method. Matt Pete McNeil wrote: Hello Andy, Tuesday, April 3, 2007, 5:15:12 PM, you wrote: Hi Jonathan: That's

[sniffer] Re: Downloads are not working....

2007-05-17 Thread Matt
uses their bandwidth for downloads, that could explain things. Matt Chuck Schick wrote: Speeds are really slow and the connection is lost before completionEverything checks out good on our end. Is something going on with the sortmonster end of things? Chuck Schick Warp 8, Inc. (303)-421

[sniffer] Re: Downloads are not working....

2007-05-17 Thread Matt
times in an hour! I suspect that our gateways were blocking some of this automatically, and I also tried to block it at the router level but it kept popping out of other address blocks. Matt

[sniffer] Re: Error Messages since WeightGate

2007-06-10 Thread Matt
sure not to have IMail's MaxQueProc registry entry set to more than 30). Matt Keith Johnson wrote: Darrell, Did you alter your heap size 3rd entry? If so, did you go to 1024 or other. I found this article by crossing a Declude page, appears to be what I need to go after. http

[sniffer] Re: Error Messages since WeightGate

2007-06-10 Thread Matt
-heap-overview.aspx Matt Matt wrote: Keith, When I looked at this several years ago, this is what I came up with: Windows allows a total of 48 MB in the heap, and each service started process uses the third setting in the chain, or 512 KB by default, and there is about 10 MB

[sniffer] Dead Sniffer processes piling up.

2007-06-14 Thread Matt
, and then it stayed with those 100 hung. Is there anything that can be done in Sniffer to kill off these hung processes in an automated and proactive manner? I recently upgraded to the latest version and I was probably a version or two behind, and I don't recall this happening before. Thanks, Matt

[sniffer] Re: Dead Sniffer processes piling up.

2007-06-14 Thread Matt
until the evening in the event that you want to take a look at it. Thanks, Matt Pete McNeil wrote: Hello Matt, Thursday, June 14, 2007, 12:44:32 PM, you wrote: snip/ I also had about 10 errors waiting to be cleared from another application, but probably because of the way

[sniffer] Re: re subscriptions to list

2007-11-29 Thread Matt
All auto-responders should be burnt in hell Have a nice day :) Matt Pete McNeil wrote: Regarding this thread and to nobody in particular: I would like to say a word or two before this gets out of hand. Our policy on this list is to provide the answers needed no matter how obvious

[sniffer] Re: XYNTService -- Any Problems?

2008-05-09 Thread Matt
SRVANY works perfectly and is free with Windows. Why not use that? Matt Pete McNeil wrote: Hello Sniffer Folks, We are working on an installer for the command-line version of SNF V3.0. We are considering re-distributing XYNTService to setup the SNFServer.exe as part of the installation

[sniffer] Re: XYNTService -- Any Problems?

2008-05-09 Thread Matt
of properly testing this is possibly more work than creating your own service. All IMO of course. Matt Pete McNeil wrote: Hello Matt, Friday, May 9, 2008, 3:57:42 PM, you wrote: SRVANY works perfectly and is free with Windows. Why not use that? We can't redistribute SRVANY

  1   2   >