[sniffer] System Status Update...

2004-02-20 Thread Pete McNeil
Hello folks, The primary database server went online with full data at 2100. Full synchronization and testing was completed by 2300. Spamtraps have been cleared. False submissions have been cleared. Another full compile is underway. Thanks for your patience and your support! _M This E-Mail came

[sniffer] Call for beta testers... snfrv2r3b1

2004-03-17 Thread Pete McNeil
Hello folks, I know folks are anxious to get their hands on this version so I'm going to play this beta round a little looser than usual. Version 2-3b1 implements a persistent mode feature for our cellular peer-server technology. Launching a persistent instance of Message Sniffer has the

Re: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-18 Thread Pete McNeil
At 08:08 PM 3/17/2004, you wrote: What is the number after Polled waited: That is the number of milliseconds the persistent server waited to poll the working directory for more jobs. This number will increase each time no jobs are found. When a job is found the persistent server will not wait

[sniffer] Bagle.Q rule added

2004-03-18 Thread Pete McNeil
We have just added a rule for the Bagle.Q worm derived from data at the following link: http://www.auscert.org.au/render.html?it=3957 The rule should be present in your next update. A full rule-base compile is under way. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For

RE: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-18 Thread Pete McNeil
Yes. However, there are a number of utilities that can be used to run programs like this as a service. In the short term we will be selecting one or two of these to recommend. In the shorter term you might try launching the program and setting your screen-saver settings to secure the sysetem

Re: [sniffer] High False Positives

2004-03-25 Thread Pete McNeil
There was a bad rule yesterday. It was removed almost immediately but it looks like you missed the update until 1000pm. It takes a while to compile rulebase updates. Since you mention 4pm and 10pm I'm guessing you have your updates scheduled. A better method would be to trigger updates based on

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
That is possible. I'm still looking for an alternate repeatable cause. _M At 08:43 PM 3/24/2004, you wrote: I see over a 1000 of these ERROR_BAD_MATRIX entries in my Sniffer log file today, as well. Is this due to the ruleset issue from earlier today? Bill -Original Message- From:

RE: [sniffer] Call for beta testers... snfrv2r3b1

2004-03-25 Thread Pete McNeil
. Can you see what I am doing wrong? The program seems to be running OK in normal mode. Thanks, Bill Morgan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, March 17, 2004 1:05 PM To: [EMAIL PROTECTED] Subject: [sniffer

Re: [sniffer] Help

2004-03-25 Thread Pete McNeil
- From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 2:01 PM Subject: Re: [sniffer] Possible Bad Rule? We had a badly coded rule that matched yahoo. The rule has been removed. About 30 rulebases went out before it was caught. These are being

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
I've been looking at that. The problem seems to be related to downloads, not generation. That is, every rulebase that I use locally has been clean throughout this episode. Also, folks who manually download the rulebase seem to be able to correct the problem. I'm not sure yet what is different

RE: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
snf2check.exe will catch a partial download but it will not catch corruption in the middle of the file. _M At 03:57 PM 3/25/2004, you wrote: I run snf2check.exe against every .snf file downloaded. I just checked it again manually, and no errors were reported. I now have almost 3500

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
By 8pm we had done at least 6 that I was part of. _M At 04:32 PM 3/25/2004, you wrote: How many updates have happened today...I have only received 1 today.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil [EMAIL

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
SEPARATOR *** On 3/25/2004 at 6:05 PM Pete McNeil wrote: This helps narrow things down. Specifically we know that the rulebase files are not corrupted on the server but during the download. That explains why I haven't been able to recreate a problem in the lab. I have a suspicion that wget

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
the rulebase file format. There aren't any simple mechanisms that come to mind. Perhaps there will be no choice but to change the format in order to prevent this possibility. _M -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
will try to watch the logs more closely and manually test the snf files that begin to generate bad_matrix errors to see if their bad at that time. -Original Message- From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 25 Mar 2004 18:05:39 -0500 Subject: Re: [sniffer] Spam

RE: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
At 06:51 PM 3/25/2004, you wrote: Looks like a bandwidth issue to me, since even doing the download manually, my connection stalled 5 times before I could complete a successful download. And the download speeds were atrocious, many times in bytes/second rather than even kb/second - and my

Re: [sniffer] Error_Bad_Matrix

2004-03-25 Thread Pete McNeil
, that might identify something not so obvious if you run out of ideas. I know how these things go and the worst part is not knowing the source while others expect an quick fix. No big deal on my end in the mean time though. Matt Pete McNeil wrote: snf2check.exe will catch a partial download

Re: [sniffer] Spam storm?

2004-03-25 Thread Pete McNeil
parts of the file. In theory this is covered by TCP - but in practice not so much :-( _M At 12:48 AM 3/26/2004, you wrote: How about a byte length compare or checksum of some sort? Matt Pete McNeil wrote: At 06:25 PM 3/25/2004, you wrote: We also saw many BAD_MATRIX errors last night

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 01:57 AM 3/26/2004, you wrote: I once noticed that transferring data through TCP/IP is NOT error-free, if the connection is very slow. At least not if it is going through Microsoft's software (Windows). Me 2. One possibility that has been suggested is that we could gzip these files. That

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
back up. Hopefully we'll get to the bottom of things though. _M At 03:23 AM 3/26/2004, you wrote: I'm doing a download as we speak. I am on a 100mb connection. Getting between 6-10K with several short stops in download. H. - Original Message - From: Pete McNeil [EMAIL PROTECTED

RE: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 03:39 AM 3/26/2004, you wrote: -Original Message- From: Pete McNeil [mailto:[EMAIL PROTECTED] Since we're both up at this insane hour. Would you mind making a test? I've just shut down the Sprint line - so we're running through Savvis exclusively. If I'm right about the connectivity

Re: [sniffer] Spam storm?

2004-03-26 Thread Pete McNeil
At 07:42 AM 3/26/2004, you wrote: Pete, Just wanted to interject a couple observations. I'm connected to the Internet through a 15Mb frac ds/3 from ATT and a T1 from Sprint. I of course of no way of telling which pipe our automated downloads are coming from. However, I too have noticed

Re: [sniffer] Error_Bad_Matrix

2004-03-26 Thread Pete McNeil
At 09:10 AM 3/26/2004, you wrote: On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote: ERROR_BAD_MATRIX is definitely a corrupted rulebase file. A manual download should solve the problem. Should not snf2check.exe detect this? If the sniffer can detect it, it seems that the checker should too

Re: [sniffer] Error_Bad_Matrix

2004-03-26 Thread Pete McNeil
being put into production. Fred - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:26 AM Subject: Re: [sniffer] Error_Bad_Matrix At 09:10 AM 3/26/2004, you wrote: On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote

Re: [sniffer] Help

2004-03-26 Thread Pete McNeil
mail to myself There has to be something in the rule base that is doing this...or maybe my Windows NT update broke something??? Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent

Re: [sniffer] Application popup error smtp32.exe imail1.exe

2004-03-26 Thread Pete McNeil
At 02:26 PM 3/26/2004, you wrote: I've been getting the error message below for the past two weeks. I get it for both smtp32.exe and imail1.exe Application popup: smtp32.exe - Application Error : The application failed to initialize properly (0xc142). Click on OK to terminate the application.

[sniffer] Sprint T1 problem - reduced production rate.

2004-03-26 Thread Pete McNeil
Hello folks, We have traced the source of the corrupted rulebase problem to our Sprint T1 line. This line has been shutdown until the problem can be resolved. This has reduced our available bandwidth but should prevent further corrupted downloads. In order to reduce traffic and improve

[sniffer] Sprint T1 - back to normal.

2004-03-26 Thread Pete McNeil
Hello folks, I have just finished work with Sprint Verizon on the T1 and we now have a clean circuit. I have opened it up for traffic and all appears to be back to normal. Please let me know if there are any lingering symptoms. I will restore the second rulebase compiler to active duty

[sniffer] Standard False Positive Response codes.

2004-03-27 Thread Pete McNeil
Hello folks, To facilitate process automation in larger email systems we have developed a coding scheme and a number of standardized response codes for handling false positive submissions. This will allow you to route our responses to your false positive submissions automatically. I have

Re: [sniffer] Help

2004-03-27 Thread Pete McNeil
places...thanks for all the help.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:41 PM Subject: Re: [sniffer] Help This seems like a rulebase thing. We spoke

Re: [sniffer] Test

2004-03-29 Thread Pete McNeil
:-) At 04:31 PM 3/29/2004, you wrote: Didn't happen this time, nevermind! Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:[EMAIL PROTECTED] - Original Message - From: Fred To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004

[sniffer] Final beta (b2) for snfrv2r3

2004-04-06 Thread Pete McNeil
Hello folks, I'm posting the final beta for version 2-3. You can get it at the following location: http://www.sortmonster.com/MessageSniffer/Betas/snfrv2r3b2-dist.zip This version still spits out some monitoring data - the final production version will have this removed - but there will be no

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Pete McNeil
Sniffer is adaptive. You can turn the persistent instance on and off at will. Simply stop the service - a reboot is not needed. If the persistent instance is turned off then the remaining instances will organize themselves in the usual way. I don't have it running as a service, I started the

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-07 Thread Pete McNeil
Tried the above and got an error message. Tried: sniffer.exe xxauthenticationxx stop and it paused a few seconds and returned to command prompt, so I'm guessing that it stopped. That doesn't sound quite right. In the distribution there are some .CMD files that show examples of the commands:

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-08 Thread Pete McNeil
At 05:42 AM 4/8/2004, you wrote: AHere's a screen shot of what should happen. Behind the scenes when you run sniffer stop, a sniffer.stop file is created in the workspace. The persistent server looks for Sorry to respond to my own post - There are a number of type-os in the help message. For

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-08 Thread Pete McNeil
At 12:03 PM 4/8/2004, you wrote: Final Beta looking good here. snip But followed instructions (used FireDaemon to handle as a service) and everything seems ok. Nothing strange in logs. The only readily apparent difference is in the sniffer log, where the 4th column of data, which is usually a

Re: [sniffer] Log file in GMT?

2004-04-09 Thread Pete McNeil
] On Behalf Of Kirk Mitchell Sent: donderdag 8 april 2004 23:35 To: [EMAIL PROTECTED] Subject: RE: [sniffer] Final beta (b2) for snfrv2r3 At 05:42 AM 4/8/04 -0400, Pete McNeil wrote: http://www.keyconn.net/misc/sniffer.htm I'll bet you are using b1 - this first 2-3beta does not implement

Re: [sniffer] log file growing

2004-04-09 Thread Pete McNeil
At 12:18 PM 4/9/2004, you wrote: HI, My log file used to write to a new file everyday, now it is writing to the same file... I didn't change anything, how do I fix it? This is confusing. Message Sniffer has always written to a single log file that does not change. External utilities could be

Re: [sniffer] log file growing

2004-04-10 Thread Pete McNeil
it has stopped working... It was being initiated automatically by an email sent by you to the system in Imail. Where do I look? Thanks, andy - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 09, 2004 3:20 PM Subject: Re: [sniffer] log file

Re: [sniffer] log file growing

2004-04-12 Thread Pete McNeil
that does that? Thanks, andy - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, April 10, 2004 9:12 AM Subject: Re: [sniffer] log file growing H, If we were triggering it - then that would have been our update notification message

RE: [sniffer] Final beta (b2) for snfrv2r3

2004-04-13 Thread Pete McNeil
- Maintenance Network Security - Internet - E-mail Software Development - Project Management -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pete McNeil Sent: woensdag 7 april 2004 17:38 To: [EMAIL PROTECTED] Subject: RE: [sniffer] Final beta

Re: [sniffer] log file growing

2004-04-14 Thread Pete McNeil
Any time is fine. How about 0100 ET. - I'm pretty sure that spot is mostly empty. _M At 09:17 PM 4/13/2004, you wrote: It is working, I tested it from the command line. What time of day do you want it run? - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Tuesday

Re: [sniffer] Download Problem

2004-04-14 Thread Pete McNeil
We had some major BGP flapping with both Sprint and Savvis. Nobody has gotten to the bottom of it yet and it settled down around 0200. No errors or warnings since then. _M At 10:37 PM 4/13/2004, you wrote: Pete. I am seeing major download problems of the SNF file tonight. Any problems with

Re: [sniffer] logrotate

2004-04-14 Thread Pete McNeil
At 10:01 AM 4/14/2004, you wrote: Hi, In the default logrotate.cmd script is a move in stead of a ren command. Is there any special reason for that? As Ren is an internal command and move an external command I would have expected Ren to be used. That's a good point - I guess I used move because

[sniffer] Rulebase tuning.

2004-04-19 Thread Pete McNeil
Hello Folks, In light of recent issues with download problems I went looking for ways to tighten up the rulebase files. I have retuned the rulebases so that new rules now have a shorter grace period within which to prove themselves. By default, a new rule must now amass at least 20 kills

[sniffer] Scheduled Updates

2004-04-19 Thread Pete McNeil
Hello folks, I've been watching the systems operate throughout the evening with an eye toward minimizing download problems in the short term. It appears that it will take us several weeks if not months to finally negotiate, plan, and execute the changes we have planned in our hosting

RE: [sniffer] Scheduled Updates

2004-04-20 Thread Pete McNeil
was Sunday at 7:56PM. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, April 20, 2004 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Scheduled Updates I show the latest compile time as 20040420.1644 GMT. I'll check

Re: [sniffer] Scheduled Updates

2004-04-21 Thread Pete McNeil
At 05:56 PM 4/21/2004, you wrote: At 04:56 PM 4/20/04 -0400, Pete McNeil wrote: Just to follow up in the same thread, the compilers were running, but the update notifications were not going out. We missed it locally because our local update notifications follow a different path and because

[sniffer] Watch out for the Bin Laden Malware

2004-04-23 Thread Pete McNeil
We are pushing out an update with a number of rules to catch this bug. I did not find any references to the content on google - so it might be new. The contents of the message (modified) are below. Do not follow the link - I have obscured it with spaces for safety. There may be (probably will

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-11 Thread Pete McNeil
Thanks! _M At 10:09 PM 5/11/2004, you wrote: Installed it here and it works as advertised! - Original Message - This new version of Message Sniffer Screams! when using the new Persistent Instance option consistently achieving message scans in tens of milliseconds without the need for

[sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
2004-05-08 - Message Sniffer Version 2-3 Official Release! We are proud to release the newest version of Message Sniffer. This version includes important performance and system integrity improvements including full rulebase integrity checking to protect against corrupted or failed rulebase

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 11:36 AM 5/9/2004, you wrote: Pete. Should we be able to just replace our .exe file with this one Yes. It will act just like the current version. The persistent server option doesn't take effect until you launch an instance in persistent mode. Until then (or if the persistent server

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 12:35 PM 5/9/2004, you wrote: Are there step-by-step upgrade instructions posted anywhere? Our configuration is Windows 2000 server with Declude. I don't quite understand what needs to be done to enable the Persistent Instance option. Step-by-step instructions will depend on how you intend to

RE: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 05:28 PM 5/9/2004, you wrote: Thanks Pete! One other question. I am now downloading my rulebase files as .gz files (much faster downloads now). Are you prepared to receive our log file uploads either zipped or gzipped? I'm not ready to do that yet, but it does seem like a good idea. I'll

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 08:09 PM 5/9/2004, you wrote: The persistent mode stopped working after installing new program. Revert back to old one and it works??? Start xx.exe x persistent I've not tried running it that way - though it should work if you're willing to remain logged in. Normally you would

RE: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 10:06 PM 5/9/2004, you wrote: Same problem here. (MDaemon ver. 7.01 - Latest) I've replaced the old .exe with the new 2.3 and renamed it with my license. Is there anything else? Persistent now hangs when executed. Are we not supposed to see the 'polling' anymore? Yes. Sorry for the

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
back to old one and it works??? Start xx.exe x persistent - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 10, 2004 4:59 AM Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release! At 11

RE: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-09 Thread Pete McNeil
At 12:09 AM 5/10/2004, you wrote: Thanks _M Not to cause trouble, but I did get comfortable with the polling output. At a glance, I could see heavy incoming traffic. But there's other ways for monitoring that... Just to be 100% clear: I've attached 2 files. 1) Old ver - Polling text output 2)

Re: [sniffer] Message Sniffer Version 2-3 Official Release!

2004-05-14 Thread Pete McNeil
At 11:33 AM 5/14/2004, [EMAIL PROTECTED] wrote: HI Pete, I uploaded the new .exe file, renamed it to my number. I don't get this persistant instance thing...can you give this to me in laymans terms? Im just a simple network engineer with 17 years of experience. How do I get it working? I need

RE: [sniffer] test

2004-05-04 Thread Pete McNeil
to 1: 12:24:17 (78.89 KB/s) - `sniffer2.new.gz' saved [1983539/1983539] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, April 30, 2004 8:48 PM To: [EMAIL PROTECTED] Subject: Re: [sniffer] test mod_gzip is now configured on our web

Re: [sniffer] test

2004-05-04 Thread Pete McNeil
At 04:17 PM 5/4/2004, you wrote: At 02:49 PM 5/4/2004, Vivek Khera wrote: On May 4, 2004, at 3:42 PM, Pete McNeil wrote: Every rulebase is potentially a different size composition, plus sizes typically change with each update. I'm glad to hear all the positive reports on this. :-) Forgive me

[sniffer] Release of snf2check v2 w/ digest checking

2004-05-05 Thread Pete McNeil
Hello folks, Today we are releasing the new snf2check utility which performs a full integrity check (digest checking) of the rulebase file. The distribution file can be found at: http://www.sortmonster.com/MessageSniffer/Betas/snf2check-v2-dist.zip The .zip contains a win32 binary (.exe), a

Re: [sniffer] test

2004-05-01 Thread Pete McNeil
At 07:13 AM 5/1/2004, you wrote: This can be done with wget, for example, but setting this up appears to be technically complex - so I'm going to leave it at that for now. (Requires the --header switch and piping the output through gzip) It is not so complex: In the wget command change -O

[sniffer] Version 2-3 posted on C|Net - please help.

2004-05-19 Thread Pete McNeil
Hello folks, The latest version of Message Sniffer (Version 2-3) has been posted on C|Net Download.com. The previous version survived for several months as the only anti-spam solution on C|Net with a 100% approval rating thanks to your comments!!! Whenever a new version is posted, the reviews

Re: [sniffer] Possible blip?

2004-05-19 Thread Pete McNeil
At 12:57 PM 5/19/2004, you wrote: Pete, I noted late last night that my rulebase grew by 700 KB over the size of the previous one that was archived on my machine, and also the hits for some of the tests were noticeably lower and I had a definite increase in the number of messages that scored in

Re: [sniffer] Possible blip?

2004-05-21 Thread Pete McNeil
At 01:42 PM 5/21/2004, you wrote: Pete, Our Hold range has returned to more normal territory on Thursday. Here's the stats from snip/ One of my thoughts regarding minimum rule strengths and grace periods is that all groups aren't necessarily the same. For instance Nigerian scams are low volume

Re: [sniffer] v2-3 persistent and Linux

2004-05-22 Thread Pete McNeil
At 06:16 PM 5/22/2004, you wrote: Running v2.3 in Linux as follows causes Sniffer to consume 99% CPU indefinitely. Is anybody else seeing this? ./mysnfrname.exe myauthcode persistent When you run it without what happens? Did it creat a mysnfrname.log file? What is in it? When the instance is

Re: [sniffer] v2-3 persistent and Linux

2004-05-24 Thread Pete McNeil
At 08:26 PM 5/23/2004, you wrote: Does this mean that WinX machines should ensure that they are rebooted at least every 24 days to avoid overflowing the clock() value until the next version is available? No. * Win32 machines do not appear to be effected (so far no reports and I haven't been able

Re[2]: [sniffer] FYI and Thanks

2004-06-04 Thread Pete McNeil
On Friday, June 4, 2004, 7:52:20 PM, Rick wrote: RR Hey Pete: RR FYI: Spam filters seem to be working exceptionally well the past 2 days. RR Almost nothing gets through (I've also got my spam route rule set to RR level20). We made a few tweaks to the inbound spam process and our SPHUD feeder -

Re: [sniffer] Spammer pollution

2004-06-07 Thread Pete McNeil
On Monday, June 7, 2004, 6:20:25 PM, Matt wrote: M Pete, M I'm guessing that you have seen this already, but check out all of the M domains that are listed in this zombie spam: M

Re: [sniffer] Spammer pollution

2004-06-07 Thread Pete McNeil
On Monday, June 7, 2004, 6:20:25 PM, Matt wrote: M Pete, M I'm guessing that you have seen this already, but check out all of the M domains that are listed in this zombie spam: M

Re[2]: [sniffer] Spammer pollution

2004-06-08 Thread Pete McNeil
ROFL! you got me. _M On Monday, June 7, 2004, 11:54:01 PM, Matt wrote: M Pete McNeil wrote: M So where's Waldo :) When reviewing a message like that we always troll the actual message for the link that was intended - this helps us discard those that are in there for fluff. The porn guys do

Re[2]: [sniffer] Experimental hits on bounce messages

2004-06-13 Thread Pete McNeil
On Monday, June 14, 2004, 12:33:24 AM, Matt wrote: M Pete, M So would the Message-ID produce a hit if it was in the body of a M message? The reason why I ask is because I'm concerned about the M possibility of legitimate servers getting tagged with Experimental and M how that plays into my

Re[2]: [sniffer] Experimental hits on bounce messages

2004-06-14 Thread Pete McNeil
On Monday, June 14, 2004, 1:56:00 AM, Matt wrote: M Pete, M Experimental.  If these rules were in a differentcategory, it would M make me feel a lot better about it.  I'm guessingmaybe from my M standpoint, Spamware would be the most appropriatecategory for M tagging forged message ID's of this

Re: [sniffer] Problem sending logs

2004-06-23 Thread Pete McNeil
On Wednesday, June 23, 2004, 4:30:48 AM, John wrote: JTL Trying to set up a new client. JTL Testing the logrotate script. JTL Starting at about 01:10 AM to test, can not upload logs. I kept getting not JTL connected messages. I checked through the logs and didn't see any problems. We seem to

Re[2]: [sniffer] spam leakage up

2004-06-24 Thread Pete McNeil
On Thursday, June 24, 2004, 12:23:22 PM, Herb wrote: HG Yes, I did about a year or so ago as I remember.  I don't HG know, isthere a spot for this on the message sniffer site?  HG Sniffer folks Then it would be available to whoever wanted it. Sure. Please package it up in a .zip file for us

[sniffer] [EMAIL PROTECTED] file attachments.

2004-07-19 Thread Pete McNeil
to let you know this was happening. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http

[sniffer] A few notes...

2004-07-21 Thread Pete McNeil
! Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Spam submissions

2004-07-28 Thread Pete McNeil
On Wednesday, July 28, 2004, 5:34:43 AM, Landry wrote: LW Pete, I put together a little script that modifies the Q*.SMD LW file for identified spam messages that were held in my spam LW directory, but were not tagged by Sniffer, and can forward a copy LW of these messages to your spam@ address. 

Re: [sniffer] Effectiveness (lately)

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 10:42:40 AM, Jorge wrote: JA Has something happened lately (in the last 24-48 hours). Nothing significant that I can see except for a higher than usual spike in spam through the evening hours last night. JA Normally, I get small amounts (less than 10 a day) of spam

Re[2]: [sniffer] Effectiveness (lately)

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 11:48:58 AM, John wrote: JTL I have also noticed an increase in the amount of spam that got through, JTL mainly on gatewayed domains. I did forward a bunch in the last 18 hours, JTL hopefully that will help. What's interesting is that we're not seeing the increase in

Re[6]: [sniffer] Effectiveness (lately)

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 1:23:11 PM, John wrote: JTL Would the new attached fall under the same rule? Yes. It looks like the same domain is involved. I've launched a compile of your rulebase - you should be updated very quickly. In this case it seems that you started receiving these a few

Re: [sniffer] FIN File

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 1:28:45 PM, Keith wrote: KJ I found a .fin file in my sniffer directory and didn't know if anyone KJ knew what it was and how it is produced. It is dated several days ago. KJ Thanks for the aid. An orphaned .FIN file represents a message scan that was completed by a

Re[8]: [sniffer] Effectiveness (lately)

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 2:52:07 PM, John wrote: JTL Should I continue to forward spam that is not caught then? Always send spam that is not captured to [EMAIL PROTECTED] If these keep coming through even after your update then we need to hunt for why they are not being tagged... If you

Re[2]: [sniffer] Rule Strengths

2004-07-31 Thread Pete McNeil
On Saturday, July 31, 2004, 3:32:46 PM, John wrote: JTL (Moved to list) JTL Thanks, got it. JTL This is my current lines, do I need to add others, or are the rules within JTL these codes? (I hold at 25 and delete at 35) JTL Is there a full list of codes on the web site? JTL SNIFFER-TRAVEL

Re[2]: [sniffer] Did They Rea d It

2004-08-02 Thread Pete McNeil
filter for now and may request a new rule when that fails to be WF effective. WF Thanks WF Woody WF -Original Message- WF From: [EMAIL PROTECTED] WF [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil WF Sent: Monday, August 02, 2004 12:14 PM WF To: Woody Fussell WF Subject: Re: [sniffer] Did

[sniffer] Where's waldo...

2004-08-04 Thread Pete McNeil
continued by the rest of the team. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http

Re: [sniffer] [OT] Spam Test Weighting Math.

2004-08-06 Thread Pete McNeil
On Friday, August 6, 2004, 11:37:13 AM, Scott wrote: SF I'll hijack this discussion from the Imail forum into the sniffer forum... SF -Mad, SF I enjoyed the discussion about putting some math into the weighting of spam tests. SF I've run my July numbers through your ((SS-SH)/(SS+SH)) formula.

Re: [sniffer] Automatic update snafu

2004-08-18 Thread Pete McNeil
On Wednesday, August 18, 2004, 9:32:58 AM, John wrote: JS I'm using an automatic update script to keep my rulebase up to date. This JS script runs periodically through the day and it also runs in response to the JS emails that come when the rulebase gets updated by the SortMonster. JS All hail

Re[2]: [sniffer] Charset

2004-08-19 Thread Pete McNeil
On Thursday, August 19, 2004, 10:11:45 AM, Jorge wrote: JA Michiel Prins wrote: Can't you use the content filter of your mail server to detect if the charset is used? JA I've tried, but it's not 100% effective I recall the earlier conversations about this. We have not had a lot of call

Re[2]: [sniffer] Charset

2004-08-19 Thread Pete McNeil
On Thursday, August 19, 2004, 3:54:20 PM, Jorge wrote: We could then turn on or off the languages we didn't want. From my foray with dealing with Chinese, it certainly much easier said than done. Chinese was doable, I've had no luck stopping my Spanish spam. Then again, you might be better at it

Re[2]: [sniffer] Charset

2004-08-19 Thread Pete McNeil
On Thursday, August 19, 2004, 10:45:37 PM, Jorge wrote: JA Could a filter be created that will tag as spam any messages that JA contaning NON-ascii characters? I mean allow only CHRS 1 through 255. JA I believe this fill filter out all these foreign character sets, and let JA through regular old

Re[4]: [sniffer] Charset

2004-08-20 Thread Pete McNeil
On Friday, August 20, 2004, 2:35:35 AM, Michiel wrote: MP Pete, even your message had a chaset header: MP Content-Type: text/plain; charset=us-ascii Yes, a tricky gadget indeed. MP I think you'll generate more FP's if you do something like that than FN's MP you might have now. Aren't there

Re[6]: [sniffer] Charset

2004-08-20 Thread Pete McNeil
On Friday, August 20, 2004, 12:01:31 PM, Scott wrote: SF -Mad, SF How set up is Message Sniffer to determine if an e-mail in a foreign SF language is spam and then code for it. SF I dutifully submit my Spanish spam to the spam at sortmonster.com address. SF It's a very, very small percentage of

[sniffer] Newer robots...

2004-08-24 Thread Pete McNeil
and user submissions.) A good place to see the effects of our work is on the Spam Test Quality Analysis page by Markus Gufler: http://www2.spamchk.com/public.html I hope you find this information to be both useful and interesting. Thanks, _M Pete McNeil (Madscientist) President

Re: [sniffer] Stock obfuscation question

2004-08-25 Thread Pete McNeil
On Wednesday, August 25, 2004, 2:11:47 PM, Scott wrote: SF Are there any rules in place to deal with this obfuscation? SF Sec. tion SF 2. 7, A o, f the Sec, urities A, ct of 19. 33 and Se.ction 2. 1B SF of the Se. curities Excha. nge A, ct of 19. 34. Yes... When we get a pump and dump spam we

[sniffer] Upgrade to Flow Rates Analysis

2004-09-02 Thread Pete McNeil
/MessageSniffer/Performance/FlowRates.jsp Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http

Re[2]: [sniffer] Upgrade to Flow Rates Analysis

2004-09-02 Thread Pete McNeil
On Thursday, September 2, 2004, 2:53:08 PM, Darrell wrote: DL Pete, DL How does this graph differentiate between Ham and Spam? Can't some Ham be DL uncaught spam? And some messages identified as SPAM really be Ham? Yes, this is true - but our system is very accurate so the data is good enough

Re[2]: [sniffer] Upgrade to Flow Rates Analysis

2004-09-04 Thread Pete McNeil
On Saturday, September 4, 2004, 4:41:52 PM, Karen wrote: KP news item? No, This one is minor and there have been changes since then. For example, now the basis for the graphs is the highest message rate normalized for the number of logs collected. I'm working on some sofware that will be

Re: [sniffer] Porn spam from Earthlink

2004-09-12 Thread Pete McNeil
On Sunday, September 12, 2004, 2:34:50 PM, Heimir wrote: HE Pete, HE   HE I am getting porn spam from EarthLink every day, several times a day. HE I get them on 2 of my personal accounts. HE   HE I have complaint to abuse @ EarthLink for a while now but I HE do not get any response beside the

  1   2   3   4   5   6   7   8   9   10   >