Hi,
I'm trying to detect
mails weight >= 15 that did NOT fail "Sniffer".
I
have:
Global.cfg:
SNIFFER
external nonzero "D:\IMAIL\Sniffer\Win32\????????.exe
?????" 4 0
SNIFFER-SNAKE external 052 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 1 0
SNIFFER-SCAMS external 053 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-PORN external 054 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-MALWARE external 055 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-OBFUSC external 061 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-SNAKE external 052 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 1 0
SNIFFER-SCAMS external 053 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-PORN external 054 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-MALWARE external 055 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-OBFUSC external 061 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
NOTSNIFFed filter D:\IMail\Declude\NOTSNIFFEDfilter.txt x 0 0
In
"NOTSNIFFEDfilter.txt"
MINWEIGHT 15
TESTSFAILED END CONTAINS
SNIFFER
REMOTEIP 0 CONTAINS .
REMOTEIP 0 CONTAINS .
Yet, the log
doesn't show "NOTSNIFFed":
05/31/2004 17:48:59 Qa83f230c00e4d595 SPAMCOP:7
XBL-DYNA:7 HELOBOGUS:3 REVDNS:5 SPAMROUTING:4 . Total weight =
26.
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=19 (26) and at least 1 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=14 (26) and at least 4 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=12 (26) and at least 6 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
05/31/2004 17:48:59 Qa83f230c00e4d595 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 61.73.93.27 ID:
05/31/2004 17:48:59 Qa83f230c00e4d595 Tests failed [weight=26]: BYPASS19=IGNORE BYPASS14=IGNORE BYPASS12=IGNORE SPAMCOP=WARN NJABLDYNA=LOG SORBS=WARN SORBS-DUHL=LOG XBL-DYNA=IGNORE HELOBOGUS=WARN IPNOTINMX=IGNORE REVDNS=ALERT SPAMROUTING=WARN NOLEGITCONTENT=IGNORE WEIGHTKILL=DELETE
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] [EMAIL PROTECTED]
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=19 (26) and at least 1 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=14 (26) and at least 4 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=12 (26) and at least 6 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
05/31/2004 17:48:59 Qa83f230c00e4d595 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 61.73.93.27 ID:
05/31/2004 17:48:59 Qa83f230c00e4d595 Tests failed [weight=26]: BYPASS19=IGNORE BYPASS14=IGNORE BYPASS12=IGNORE SPAMCOP=WARN NJABLDYNA=LOG SORBS=WARN SORBS-DUHL=LOG XBL-DYNA=IGNORE HELOBOGUS=WARN IPNOTINMX=IGNORE REVDNS=ALERT SPAMROUTING=WARN NOLEGITCONTENT=IGNORE WEIGHTKILL=DELETE
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] [EMAIL PROTECTED]
Best
Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/