Andy,
Did you ever get the new Declude implemented on your mail server, so
that Sniffer isn't an external test any longer? If so, was it hard to
implement?
Pete,
With the new Declude with Message Sniffer built into it, would I
still need to purchase a Sniffer license each year?
Daniel
=======================
Daniel Ivey
GCR Company / GCR Online
Voice: 434 - 570 - 1765
Fax: 434 - 572 - 1981
d...@gcrcompany.com
-----Original Message-----
From: Pete McNeil [mailto:madscient...@armresearch.com]
Sent: Tuesday, January 05, 2010 9:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Message Sniffer DLL now used in Declude
Andy Schmidt wrote:
> Hi Pete,
>
> I saw their announcement.
>
> Dave says they are using THEIR rule base (not the one specific to the
> Sniffer customer).
Yes. They have an OEM license now which allows them to embed Message
Sniffer in their products with their own rulebase. This is simpler for
OEMs because it removes a lot of variables -- they can control and
predict what is in place so there is less guesswork if a problem arises.
Also distribution is simpler because they can install the complete
system at once... etc.
> Any hints what I have to do (on the Sniffer side) to move over to their
> service? Which part of my current stand-alone installation do I have to
> "undo" (e.g., the Sniffer service?)
>
Yes.
I've looked up your account and at present your rulebase does not
contain any custom rules or exclusions. (This is also the case for the
vast majority of SNF customers).
At the moment they do not provide a way for you to use an alternate
rulebase -- it is very likely this is a feature they will add soon.
To switch over to Declude's embedded SNF you will need to:
* Turn off your current SNFServer - it will conflict with the embedded
version.
* Remove any external calls to SNF from your global.cfg file.
* Configure your Declude installation as recommended by Declude
-- Update their snf_engine.xml file for their embedded version as directed.
-- Update their getRulebase.cmd script for their embedded version as
directed.
-- Tune the global.cfg file to use the embedded SNF tests to suit your
needs.
> , what about the "update" script
They use a slightly different update script. You will need to use their
version. If you have modified yours to do other tasks (such as notify
you or trigger other events) then you will need to make the same
modifications to their update script.
> and the
> uploading of log files?
When running version 3 or above there is no need to upload log files.
The SNF engine updates rulebase statistics and exchanges IP reputation
data approximately once per minute while checking for rulebase updates.
Declude's OEM rulebase is currently identical to the rulebase used by
the vast majority of SNF customers.
What is different is that with the embedded SNF engine your system will
be able to handle messages more efficiently, you will have easier access
to the IP reputation system, and your installation will be less complicated.
Please let me know if I missed anything.
Thanks,
_M
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
