That's good to know, Pete, I'll leave the X-AOL-IP: header test intact.
But my new test isn't triggering on my sample. I've tried removing the
other AOL test, and I've made sure that I've saved my snf_engine.xml and
waited a few seconds before testing it again.
E.g.
C:\MessageSniffer>sniff c:\imail\spool\spam\D015439194.SMD
c:\IMail\spool\spam\D015439194.smd sniffer says return code is: 61
SNIFFEREXPAB
C:\MessageSniffer>grep -F "D015439194" munged.20111024.log.xml
<s u='20111024145736' m='C:\IMail\spool\proc\work\D015439194.smd' s='61'
r='4432448'>
<s u='20111024192316' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
<s u='20111024192341' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
<s u='20111024192740' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
<s u='20111024194111' m='c:\IMail\spool\spam\D015439194.smd' s='61'
r='4432448'>
C:\MessageSniffer>SNFClient.exe -test 92.231.217.255
GBUdb Record for 92.231.217.255
Type Flag: ugly
Bad Count: 0
Good Count: 0
Probability: 0
Confidence: 0
Range: new
Code: 0
Andrew.
-----Original Message-----
From: Message Sniffer Community [mailto:[email protected]] On
Behalf Of Pete McNeil
Sent: Monday, October 24, 2011 12:26 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Training GBUdb on the client IP for aol.com
On 10/24/2011 3:21 PM, Colbeck, Andrew wrote:
> <header name='X-Originating-IP:' received='.aol.com [' ordinal='0' />
As far as I know that one still works.
_M
--
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044
x7010
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <[email protected]>
To switch to the DIGEST mode, E-mail to <[email protected]>
To switch to the INDEX mode, E-mail to <[email protected]>
Send administrative queries to <[email protected]>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <[email protected]>
To switch to the DIGEST mode, E-mail to <[email protected]>
To switch to the INDEX mode, E-mail to <[email protected]>
Send administrative queries to <[email protected]>
