Do you have a test called SNIFFERCATCH can you post the line in your global.cfg?
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Doyle Sent: Wednesday, February 26, 2014 11:37 AM To: community@mailsbestfriend.com Subject: [MBF]Re: MBF releases new build of Declude 4.12.05 David I updated declude to 4.12.05 this morning and added the NOHIT test It works for the exception of the fact that the weight does not seem to work it catches anything not caught by sniffer, but even with a weight lower than the set value ie: I set the weight at 18 and it seems to catch everything SNIFFERMOVE NOHIT SNIFFERCATCH WEIGHT 18 0 0 do you see anything wrong with my setup thanks John ---- Original Message ---- From: "David Barker" <david.bar...@mailsbestfriend.com> Sent: 2/24/2014 8:41:58 AM To: community@mailsbestfriend.com Subject: [MBF]MBF releases new build of Declude 4.12.05 New files available from http://mailsbestfriend.com/downloads/ 4.12.05 FIX - Removed Key check for Declude, no need to hack the Host file. Declude no longer requires a key to run. 4.12.04 ADD - Created new test NOHIT 4.12.03 ADD - Improved Hijack by monitoring the Authenticated user rather than the mailfrom address The NOHIT test is used to determine which tests did NOT trigger. The main purpose of this implementation was to create a feedback system to Message Sniffer ARM research to improve spam catch rates on new spam. The new test syntax below and is located in the global.cfg TEST-NAME1 NOHIT TEST-NAME2 WEIGHT 0 0 TEST-NAME1 Your given name of the test NOHIT Test Type TEST-NAME2 The name of the test you are tracking that did NOT trigger WEIGHT The weight => when you would like this test to trigger Example of use (This test will trigger if SNIFFER is NOT triggered for emails over 30 points): SNF-FEEDBACK NOHIT SNIFFER 30 0 0 Using this test we can identify messages that scored more than 30 points and did NOT trigger sniffer. We then use either a COPYTO or ROUTETO Action in the $default$.junkmail file to have these messages go to a specific inbox where ARM research periodically retrieves these messages and writes new rules to distribute to other Message Sniffer users. The entry in the $default$.junkmail would be: SNF-FEEDBACK ROUTETO <mailto:x...@example.com> x...@example.com Where xxxx is your license key for Message Sniffer. Be sure to setup an email user with <mailto:x...@example.com> x...@example.com on your server and provide ARM research supp...@armresearch.com with the POP account details to access the account to retrieve messages. I am sure there are other great ways the NOHIT test can be used. Let us know if you have some ideas. David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office : 866.919.2075 Mobile : 978.518.6461 cid:image001.png@01CE2B2E.8B3E9EF0