Here's what my Sniffer global.cfg entries for look like: SNIFFER-TRAVEL external 047 "M:\Sniffer\LicenseID.exe AuthCode" 07 0 SNIFFER-INSURANCE external 048 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-AV-PUSH external 049 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-WAREZ external 050 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SPAMWARE external 051 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SNAKEOIL external 052 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-SCAMS external 053 "M:\Sniffer\LicenseID.exe AuthCode" 17 0 SNIFFER-PORN external 054 "M:\Sniffer\LicenseID.exe AuthCode" 17 0 SNIFFER-MALWARE external 055 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-ADVERTISING external 056 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SCHEMES external 057 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-CREDIT external 058 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-GAMBLING external 059 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-GENERAL external 060 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SPAM external 061 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-OBFUSCATION external 062 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-IP-RULES external 063 "M:\Sniffer\LicenseID.exe AuthCode" 12 0
You will need to use your LicenseID and AuthCode, and want to adjust the weights to meet your own needs and requirements. Bill -----Original Message----- From: Serge [mailto:[EMAIL PROTECTED] Sent: Thursday, December 02, 2004 6:41 PM To: [EMAIL PROTECTED] Subject: Re:[sniffer] Test ordering/precedence Where can i find examples of using "exit codes" to assign different weights depending on groupes, when using sniffer with declude/imail ? TIA ----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Jim Matuska" <[EMAIL PROTECTED]> Sent: Thursday, December 02, 2004 9:59 PM Subject: Re[2]: [sniffer] Test ordering/precedence > On Thursday, December 2, 2004, 4:15:43 PM, Jim wrote: > > JM> Pete, > JM> We have rules setup in declude based upon sniffer return codes 60 > JM> and > 62 to > JM> mark all messages with those tests as spam, however we do not have > JM> any > 61 or > JM> 62 return codes setup. Can you briefly explain what each of these > groups > JM> includes and a false positive rate for each. > > The false positive rates for all of these rule groups have fallen > dramatically over the past 8 months and at this point they are all > comparable. Different systems see different rates, but all rates are > low. > > Group 63 - Experimental Received [IP] - contains rules that match > Receive headers by IP. These are now largely generated by robots which > monitor inbound spamtrap and usertrap data and then test those > sources. This group used to provide the second largest rate of false > positives. The rate now is roughly the same as any other group. > > Group 62 - Obfuscation - contains rules built to detect obfuscation > techniques. Internally this group breaks down into a number of > sub-groups which detect unnecessary URL encoding, HEX encoding, and > HTML obfuscation patterns. > > Group 61 - Experimental Abstract - contains rules that are designed to > recognize data patterns and structures found in spam. For example > errors in headers combined with message structures, misspellings, > unusual uses for table and HTML structures or message segments, and > other abstract patterns that result from the use of scripting engines > to generate polymorphic spam. > > Note: Group 60 was Gray-Hosting many months ago. That group was > retired and then reused. Now it is being renumbered again. > > Group 60 - General (Ungrouped) - contains many of the same kinds of > rules found in other groups, but particularly those which cannot be > accurately categorized there. For example, fake diploma spam. These > rules are largely text segments, domains, URI/URL segments, and > structures (much like those found in group 61). > > Hope this helps, > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information > and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html ------------------------------------------------------------------------------- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
