Hello folks,
The primary database server went online with full data at 2100.
Full synchronization and testing was completed by 2300.
Spamtraps have been cleared.
False submissions have been cleared.
Another full compile is underway.
Thanks for your patience and your support!
_M
This E-Mail came
Hello folks,
I know folks are anxious to get their hands on this version so I'm going to
play this beta round a little looser than usual. Version 2-3b1 implements a
persistent mode feature for our cellular peer-server technology. Launching
a persistent instance of Message Sniffer has the
At 08:08 PM 3/17/2004, you wrote:
What is the number after Polled waited:
That is the number of milliseconds the persistent server waited to poll the
working directory for more jobs. This number will increase each time no
jobs are found. When a job is found the persistent server will not wait
We have just added a rule for the Bagle.Q worm derived from data at the
following link:
http://www.auscert.org.au/render.html?it=3957
The rule should be present in your next update.
A full rule-base compile is under way.
Thanks!
_M
This E-Mail came from the Message Sniffer mailing list. For
There was a bad rule yesterday. It was removed almost immediately but it
looks like you missed the update until 1000pm. It takes a while to compile
rulebase updates. Since you mention 4pm and 10pm I'm guessing you have your
updates scheduled. A better method would be to trigger updates based on
That is possible. I'm still looking for an alternate repeatable cause.
_M
At 08:43 PM 3/24/2004, you wrote:
I see over a 1000 of these ERROR_BAD_MATRIX entries in my Sniffer log file
today, as well. Is this due to the ruleset issue from earlier today?
Bill
-Original Message-
From:
. Can you see what I am doing wrong? The program seems to be
running OK in normal mode.
Thanks,
Bill Morgan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, March 17, 2004 1:05 PM
To: [EMAIL PROTECTED]
Subject: [sniffer
-
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 2:01 PM
Subject: Re: [sniffer] Possible Bad Rule?
We had a badly coded rule that matched yahoo.
The rule has been removed.
About 30 rulebases went out before it was caught.
These are being
I've been looking at that. The problem seems to be related to downloads,
not generation. That is, every rulebase that I use locally has been clean
throughout this episode. Also, folks who manually download the rulebase
seem to be able to correct the problem. I'm not sure yet what is different
snf2check.exe will catch a partial download but it will not catch
corruption in the middle of the file.
_M
At 03:57 PM 3/25/2004, you wrote:
I run snf2check.exe against every .snf file downloaded. I just checked it
again manually, and no errors were reported. I now have almost 3500
By 8pm we had done at least 6 that I was part of.
_M
At 04:32 PM 3/25/2004, you wrote:
How many updates have happened today...I have only received 1 today..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
- Original Message -
From: Pete McNeil [EMAIL
SEPARATOR ***
On 3/25/2004 at 6:05 PM Pete McNeil wrote:
This helps narrow things down. Specifically we know that the rulebase
files
are not corrupted on the server but during the download. That explains why
I haven't been able to recreate a problem in the lab.
I have a suspicion that wget
the
rulebase file format. There aren't any simple mechanisms that come to mind.
Perhaps there will be no choice but to change the format in order to
prevent this possibility.
_M
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Thursday
will
try to watch the logs more closely and manually test the snf files that
begin to generate bad_matrix errors to see if their bad at that time.
-Original Message-
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 18:05:39 -0500
Subject: Re: [sniffer] Spam
At 06:51 PM 3/25/2004, you wrote:
Looks like a bandwidth issue to me, since even doing the download manually,
my connection stalled 5 times before I could complete a successful download.
And the download speeds were atrocious, many times in bytes/second rather
than even kb/second - and my
, that might
identify something not so obvious if you run out of ideas.
I know how these things go and the worst part is not knowing the source
while others expect an quick fix. No big deal on my end in the mean time
though.
Matt
Pete McNeil wrote:
snf2check.exe will catch a partial download
parts
of the file. In theory this is covered by TCP - but in practice not so much :-(
_M
At 12:48 AM 3/26/2004, you wrote:
How about a byte length compare or checksum of some sort?
Matt
Pete McNeil wrote:
At 06:25 PM 3/25/2004, you wrote:
We also saw many BAD_MATRIX errors last night
At 01:57 AM 3/26/2004, you wrote:
I once noticed that transferring data through TCP/IP is NOT error-free, if
the connection is very slow. At least not if it is going through Microsoft's
software (Windows).
Me 2.
One possibility that has been suggested is that we could gzip these files.
That
back up. Hopefully we'll get
to the bottom of things though.
_M
At 03:23 AM 3/26/2004, you wrote:
I'm doing a download as we speak.
I am on a 100mb connection.
Getting between 6-10K with several short stops in download.
H.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED
At 03:39 AM 3/26/2004, you wrote:
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Since we're both up at this insane hour. Would you mind making a test?
I've just shut down the Sprint line - so we're running through Savvis
exclusively. If I'm right about the connectivity
At 07:42 AM 3/26/2004, you wrote:
Pete,
Just wanted to interject a couple observations. I'm connected to the
Internet through a 15Mb frac ds/3 from ATT and a T1 from Sprint. I of
course of no way of telling which pipe our automated downloads are coming
from. However, I too have noticed
At 09:10 AM 3/26/2004, you wrote:
On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote:
ERROR_BAD_MATRIX is definitely a corrupted rulebase file. A manual
download should solve the problem.
Should not snf2check.exe detect this? If the sniffer can detect it, it
seems that the checker should too
being put into production.
Fred
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 10:26 AM
Subject: Re: [sniffer] Error_Bad_Matrix
At 09:10 AM 3/26/2004, you wrote:
On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote
mail to myself
There has to be something in the rule base that is doing this...or maybe
my Windows NT update broke something???
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
- Original Message -
From: Pete McNeil
To: [EMAIL PROTECTED]
Sent
At 02:26 PM 3/26/2004, you wrote:
I've been getting the error message below for the past two weeks. I get
it for both smtp32.exe and imail1.exe
Application popup: smtp32.exe - Application Error : The application
failed to initialize properly (0xc142). Click on OK to terminate the
application.
Hello folks,
We have traced the source of the corrupted rulebase problem to our Sprint
T1 line. This line has been shutdown until the problem can be resolved.
This has reduced our available bandwidth but should prevent further
corrupted downloads.
In order to reduce traffic and improve
Hello folks,
I have just finished work with Sprint Verizon on the T1 and we now have a
clean circuit. I have opened it up for traffic and all appears to be back
to normal. Please let me know if there are any lingering symptoms.
I will restore the second rulebase compiler to active duty
Hello folks,
To facilitate process automation in larger email systems we have developed
a coding scheme and a number of standardized response codes for handling
false positive submissions. This will allow you to route our responses to
your false positive submissions automatically.
I have
places...thanks for all the help..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
- Original Message -
From: Pete McNeil
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 1:41 PM
Subject: Re: [sniffer] Help
This seems like a rulebase thing.
We spoke
:-)
At 04:31 PM 3/29/2004, you wrote:
Didn't happen this
time, nevermind!
Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
810-794-4400
mailto:[EMAIL PROTECTED]
- Original Message -
From: Fred
To:
[EMAIL PROTECTED]
Sent: Monday, March 29, 2004
Sniffer is adaptive. You can turn the persistent instance on and off at
will. Simply stop the service - a reboot is not needed. If the persistent
instance is turned off then the remaining instances will organize
themselves in the usual way.
I don't have it running as a service, I started the
Tried the above and got an error message. Tried:
sniffer.exe xxauthenticationxx stop
and it paused a few seconds and returned to command prompt, so I'm guessing
that it stopped.
That doesn't sound quite right.
In the distribution there are some .CMD files that show examples of the
commands:
]
On Behalf Of Kirk Mitchell
Sent: donderdag 8 april 2004 23:35
To: [EMAIL PROTECTED]
Subject: RE: [sniffer] Final beta (b2) for snfrv2r3
At 05:42 AM 4/8/04 -0400, Pete McNeil wrote:
http://www.keyconn.net/misc/sniffer.htm
I'll bet you are using b1 - this first 2-3beta does not implement
At 12:18 PM 4/9/2004, you wrote:
HI,
My log file used to write to a new file everyday, now it is writing to the
same file...
I didn't change anything, how do I fix it?
This is confusing. Message Sniffer has always written to a single log file
that does not change. External utilities could be
it has stopped working... It was being
initiated automatically by an email sent by you to the system in Imail.
Where do I look?
Thanks, andy
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 09, 2004 3:20 PM
Subject: Re: [sniffer] log file
that does
that?
Thanks, andy
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 10, 2004 9:12 AM
Subject: Re: [sniffer] log file growing
H,
If we were triggering it - then that would have been our
update
notification message
- Maintenance
Network Security - Internet -
E-mail
Software Development - Project Management
--
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Pete McNeil
Sent: woensdag 7 april 2004 17:38
To: [EMAIL PROTECTED]
Subject: RE: [sniffer] Final beta
Any time is fine. How about 0100 ET. - I'm pretty sure that spot is
mostly empty.
_M
At 09:17 PM 4/13/2004, you wrote:
It is working, I tested it from
the command line. What time of day do you want it run?
- Original Message -
From: Pete McNeil
To: [EMAIL PROTECTED]
Sent: Tuesday
We had some major BGP flapping with both Sprint and Savvis. Nobody has
gotten to the bottom of it yet and it settled down around 0200. No errors
or warnings since then.
_M
At 10:37 PM 4/13/2004, you wrote:
Pete.
I am seeing major download problems of the SNF file tonight.
Any problems with
At 10:01 AM 4/14/2004, you wrote:
Hi,
In the default logrotate.cmd script is a move
in stead of a ren command. Is there any special reason for that? As Ren
is an internal command and move an external command I would have expected
Ren to be used.
That's a good point - I guess I used move because
Hello Folks,
In light of recent issues with download problems I went looking for ways to
tighten up the rulebase files. I have retuned the rulebases so that new
rules now have a shorter grace period within which to prove themselves.
By default, a new rule must now amass at least 20 kills
Hello folks,
I've been watching the systems operate throughout the evening with an eye
toward minimizing download problems in the short term. It appears that it
will take us several weeks if not months to finally negotiate, plan, and
execute the changes we have planned in our hosting
was Sunday
at 7:56PM.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Tuesday, April 20, 2004 2:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [sniffer] Scheduled Updates
I show the latest compile time as 20040420.1644 GMT.
I'll check
At 05:56 PM 4/21/2004, you wrote:
At 04:56 PM 4/20/04 -0400, Pete McNeil wrote:
Just to follow up in the same thread, the compilers were running, but the
update notifications were not going out. We missed it locally because our
local update notifications follow a different path and because
We are pushing out an update with a number of rules to catch this bug. I
did not find any references to the content on google - so it might be new.
The contents of the message (modified) are below. Do not follow the link -
I have obscured it with spaces for safety. There may be (probably will
Thanks!
_M
At 10:09 PM 5/11/2004, you wrote:
Installed it here and it works as advertised!
- Original Message -
This new version of Message Sniffer Screams! when using the new
Persistent Instance option consistently achieving message scans in tens
of milliseconds without the need for
2004-05-08 - Message Sniffer Version 2-3 Official Release!
We are proud to release the newest version of Message Sniffer. This version
includes important performance and system integrity improvements including
full rulebase integrity checking to protect against corrupted or failed
rulebase
At 11:36 AM 5/9/2004, you wrote:
Pete.
Should we be able to just replace our .exe file with this one
Yes. It will act just like the current version.
The persistent server option doesn't take effect until you launch an
instance in persistent mode. Until then (or if the persistent server
At 12:35 PM 5/9/2004, you wrote:
Are there step-by-step upgrade instructions posted anywhere? Our
configuration is Windows 2000 server with Declude. I don't quite understand
what needs to be done to enable the Persistent Instance option.
Step-by-step instructions will depend on how you intend to
At 05:28 PM 5/9/2004, you wrote:
Thanks Pete! One other question. I am now downloading my rulebase files as
.gz files (much faster downloads now). Are you prepared to receive our log
file uploads either zipped or gzipped?
I'm not ready to do that yet, but it does seem like a good idea. I'll
At 08:09 PM 5/9/2004, you wrote:
The persistent mode stopped working after installing new program.
Revert back to old one and it works???
Start xx.exe x persistent
I've not tried running it that way - though it should work if you're
willing to remain logged in. Normally you would
At 10:06 PM 5/9/2004, you wrote:
Same problem here. (MDaemon ver. 7.01 - Latest)
I've replaced the old .exe with the new 2.3 and renamed it with my license.
Is there anything else?
Persistent now hangs when executed. Are we not supposed to see the
'polling' anymore?
Yes. Sorry for the
back to old one and it works???
Start xx.exe x persistent
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, May 10, 2004 4:59 AM
Subject: Re: [sniffer] Message Sniffer Version 2-3 Official Release!
At 11
At 12:09 AM 5/10/2004, you wrote:
Thanks _M
Not to cause trouble, but I did get comfortable with the polling output. At
a glance, I could see heavy incoming traffic. But there's other ways for
monitoring that...
Just to be 100% clear: I've attached 2 files.
1) Old ver - Polling text output
2)
At 11:33 AM 5/14/2004, [EMAIL PROTECTED] wrote:
HI Pete,
I uploaded the new .exe file, renamed it to my number.
I don't get this persistant instance thing...can you give this to me in
laymans terms? Im just a simple network engineer with 17 years of
experience. How do I get it working? I need
to 1:
12:24:17 (78.89 KB/s) - `sniffer2.new.gz' saved [1983539/1983539]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Friday, April 30, 2004 8:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [sniffer] test
mod_gzip is now configured on our web
At 04:17 PM 5/4/2004, you wrote:
At 02:49 PM 5/4/2004, Vivek Khera wrote:
On May 4, 2004, at 3:42 PM, Pete McNeil wrote:
Every rulebase is potentially a different size composition, plus sizes
typically change with each update. I'm glad to hear all the positive
reports on this. :-)
Forgive me
Hello folks,
Today we are releasing the new snf2check utility which performs a full
integrity check (digest checking) of the rulebase file.
The distribution file can be found at:
http://www.sortmonster.com/MessageSniffer/Betas/snf2check-v2-dist.zip
The .zip contains a win32 binary (.exe), a
At 07:13 AM 5/1/2004, you wrote:
This can be done with wget, for example, but setting this up appears to be
technically complex - so I'm going to leave it at that for now. (Requires
the --header switch and piping the output through gzip)
It is not so complex:
In the wget command change
-O
Hello folks,
The latest version of Message Sniffer (Version 2-3) has been posted on
C|Net Download.com. The previous version survived for several months as the
only anti-spam solution on C|Net with a 100% approval rating thanks to your
comments!!!
Whenever a new version is posted, the reviews
At 12:57 PM 5/19/2004, you wrote:
Pete,
I noted late last night that my rulebase grew by 700 KB over the size of
the previous one that was archived on my machine, and also the hits for
some of the tests were noticeably lower and I had a definite increase in
the number of messages that scored in
At 01:42 PM 5/21/2004, you wrote:
Pete,
Our Hold range has returned to more normal territory on Thursday.
Here's the stats from
snip/
One of my thoughts regarding
minimum rule strengths and grace periods is that all groups aren't
necessarily the same. For instance Nigerian scams are low volume
At 06:16 PM 5/22/2004, you wrote:
Running v2.3 in Linux as follows causes Sniffer to consume 99% CPU
indefinitely. Is anybody else seeing this?
./mysnfrname.exe myauthcode persistent
When you run it without what happens?
Did it creat a mysnfrname.log file? What is in it?
When the instance is
At 08:26 PM 5/23/2004, you wrote:
Does this mean that WinX
machines should ensure that they are rebooted at
least every 24 days to avoid overflowing the clock() value until the
next
version is available?
No.
* Win32 machines do not appear to be effected (so far no reports and I
haven't been able
On Friday, June 4, 2004, 7:52:20 PM, Rick wrote:
RR Hey Pete:
RR FYI: Spam filters seem to be working exceptionally well the past 2 days.
RR Almost nothing gets through (I've also got my spam route rule set to
RR level20).
We made a few tweaks to the inbound spam process and our SPHUD feeder
-
On Monday, June 7, 2004, 6:20:25 PM, Matt wrote:
M Pete,
M I'm guessing that you have seen this already, but check out all of the
M domains that are listed in this zombie spam:
M
On Monday, June 7, 2004, 6:20:25 PM, Matt wrote:
M Pete,
M I'm guessing that you have seen this already, but check out all of the
M domains that are listed in this zombie spam:
M
ROFL!
you got me.
_M
On Monday, June 7, 2004, 11:54:01 PM, Matt wrote:
M Pete McNeil wrote:
M So where's Waldo :)
When reviewing a message like that we always troll the actual message
for the link that was intended - this helps us discard those that are
in there for fluff.
The porn guys do
On Monday, June 14, 2004, 12:33:24 AM, Matt wrote:
M Pete,
M So would the Message-ID produce a hit if it was in the body of a
M message? The reason why I ask is because I'm concerned about the
M possibility of legitimate servers getting tagged with Experimental and
M how that plays into my
On Monday, June 14, 2004, 1:56:00 AM, Matt wrote:
M Pete,
M Experimental. If these rules were in a differentcategory, it would
M make me feel a lot better about it. I'm guessingmaybe from my
M standpoint, Spamware would be the most appropriatecategory for
M tagging forged message ID's of this
On Wednesday, June 23, 2004, 4:30:48 AM, John wrote:
JTL Trying to set up a new client.
JTL Testing the logrotate script.
JTL Starting at about 01:10 AM to test, can not upload logs. I kept getting not
JTL connected messages.
I checked through the logs and didn't see any problems.
We seem to
On Thursday, June 24, 2004, 12:23:22 PM, Herb wrote:
HG Yes, I did about a year or so ago as I remember. I don't
HG know, isthere a spot for this on the message sniffer site?
HG Sniffer folks Then it would be available to whoever wanted it.
Sure. Please package it up in a .zip file for us
to let you know
this was happening.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http
!
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
On Wednesday, July 28, 2004, 5:34:43 AM, Landry wrote:
LW Pete, I put together a little script that modifies the Q*.SMD
LW file for identified spam messages that were held in my spam
LW directory, but were not tagged by Sniffer, and can forward a copy
LW of these messages to your spam@ address.
On Thursday, July 29, 2004, 10:42:40 AM, Jorge wrote:
JA Has something happened lately (in the last 24-48 hours).
Nothing significant that I can see except for a higher than usual
spike in spam through the evening hours last night.
JA Normally, I get small amounts (less than 10 a day) of spam
On Thursday, July 29, 2004, 11:48:58 AM, John wrote:
JTL I have also noticed an increase in the amount of spam that got through,
JTL mainly on gatewayed domains. I did forward a bunch in the last 18 hours,
JTL hopefully that will help.
What's interesting is that we're not seeing the increase in
On Thursday, July 29, 2004, 1:23:11 PM, John wrote:
JTL Would the new attached fall under the same rule?
Yes. It looks like the same domain is involved.
I've launched a compile of your rulebase - you should be updated very
quickly.
In this case it seems that you started receiving these a few
On Thursday, July 29, 2004, 1:28:45 PM, Keith wrote:
KJ I found a .fin file in my sniffer directory and didn't know if anyone
KJ knew what it was and how it is produced. It is dated several days ago.
KJ Thanks for the aid.
An orphaned .FIN file represents a message scan that was completed by
a
On Thursday, July 29, 2004, 2:52:07 PM, John wrote:
JTL Should I continue to forward spam that is not caught then?
Always send spam that is not captured to [EMAIL PROTECTED]
If these keep coming through even after your update then we need to
hunt for why they are not being tagged...
If you
On Saturday, July 31, 2004, 3:32:46 PM, John wrote:
JTL (Moved to list)
JTL Thanks, got it.
JTL This is my current lines, do I need to add others, or are the rules within
JTL these codes? (I hold at 25 and delete at 35)
JTL Is there a full list of codes on the web site?
JTL SNIFFER-TRAVEL
filter for now and may request a new rule when that fails to be
WF effective.
WF Thanks
WF Woody
WF -Original Message-
WF From: [EMAIL PROTECTED]
WF [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil
WF Sent: Monday, August 02, 2004 12:14 PM
WF To: Woody Fussell
WF Subject: Re: [sniffer] Did
On Thursday, August 19, 2004, 10:11:45 AM, Jorge wrote:
JA Michiel Prins wrote:
Can't you use the content filter of your mail server to detect if the
charset is used?
JA I've tried, but it's not 100% effective
I recall the earlier conversations about this. We have not had a lot
of call
On Thursday, August 19, 2004, 3:54:20 PM, Jorge wrote:
We could then turn on or off the languages we didn't want.
From my foray with dealing with Chinese, it certainly much
easier said than done. Chinese was doable, I've had no luck
stopping my Spanish spam.
Then again, you might be better at it
On Thursday, August 19, 2004, 10:45:37 PM, Jorge wrote:
JA Could a filter be created that will tag as spam any messages that
JA contaning NON-ascii characters? I mean allow only CHRS 1 through 255.
JA I believe this fill filter out all these foreign character sets, and let
JA through regular old
On Friday, August 20, 2004, 2:35:35 AM, Michiel wrote:
MP Pete, even your message had a chaset header:
MP Content-Type: text/plain; charset=us-ascii
Yes, a tricky gadget indeed.
MP I think you'll generate more FP's if you do something like that than FN's
MP you might have now. Aren't there
On Friday, August 20, 2004, 12:01:31 PM, Scott wrote:
SF -Mad,
SF How set up is Message Sniffer to determine if an e-mail in a foreign
SF language is spam and then code for it.
SF I dutifully submit my Spanish spam to the spam at sortmonster.com address.
SF It's a very, very small percentage of
and user
submissions.)
A good place to see the effects of our work is on the Spam Test
Quality Analysis page by Markus Gufler:
http://www2.spamchk.com/public.html
I hope you find this information to be both useful and interesting.
Thanks,
_M
Pete McNeil (Madscientist)
President
On Wednesday, August 25, 2004, 2:11:47 PM, Scott wrote:
SF Are there any rules in place to deal with this obfuscation?
SF Sec. tion
SF 2. 7, A o, f the Sec, urities A, ct of 19. 33 and Se.ction 2. 1B
SF of the Se. curities Excha. nge A, ct of 19. 34.
Yes... When we get a pump and dump spam we
/MessageSniffer/Performance/FlowRates.jsp
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http
On Thursday, September 2, 2004, 2:53:08 PM, Darrell wrote:
DL Pete,
DL How does this graph differentiate between Ham and Spam? Can't some Ham be
DL uncaught spam? And some messages identified as SPAM really be Ham?
Yes, this is true - but our system is very accurate so the data is
good enough
On Saturday, September 4, 2004, 4:41:52 PM, Karen wrote:
KP news item?
No, This one is minor and there have been changes since then. For
example, now the basis for the graphs is the highest message rate
normalized for the number of logs collected.
I'm working on some sofware that will be
On Sunday, September 12, 2004, 2:34:50 PM, Heimir wrote:
HE Pete,
HE
HE I am getting porn spam from EarthLink every day, several times a day.
HE I get them on 2 of my personal accounts.
HE
HE I have complaint to abuse @ EarthLink for a while now but I
HE do not get any response beside the
Hello Sniffer folks,
Sorry for not capturing the loop sooner. I've dropped Keith from the
list for now to stop the loop. I took a few hours off to watch
football.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com
On Monday, September 13, 2004, 7:22:03 PM, Corby wrote:
AC Hello,
AC I was surprised recently by some spam that got through
AC without getting caught by the sniffer. We've been getting some
AC plain text messages that have obvious spam words in the subject
AC line. For example, a plain text
servers. We
will be making this the official distribution after a little more
testing. No problems have been observed or reported so far.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message
On Monday, September 13, 2004, 10:20:06 PM, Keith wrote:
KJ Pete,
KJ I take it this can be run without the persistent mode? Thanks for the aid.
Yes. It is no different than the current version except for the patch.
_M
This E-Mail came from the Message Sniffer mailing list. For
On Tuesday, September 14, 2004, 11:41:48 AM, Corby wrote:
AC To which addresss should I send these?
AC Also, I mis-stated the spam. They were not plain text, but
AC html, but clearly have many classic spam attributes. I will
AC send them along, but need to know where.
Please zip them and
On Tuesday, September 14, 2004, 11:48:43 AM, Corby wrote:
AC I suppose everyone's userbases have differenent
AC requirements. An ISP or private enterprise might worry about
AC false postives on horny teenagers and penis enlargement, but
AC for our local government agency, it causes problems.
On Tuesday, September 14, 2004, 12:40:43 PM, Jorge wrote:
JA What is Group 62? Is there anywhere I can get a list of all group types?
http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html
62 - Abstract patterns for spam structures.
This group also contains some domain rules that
1 - 100 of 922 matches
Mail list logo