RE: Re[2]: [sniffer] Last chance to renew at the old price!
Agree wholeheartedly! Bill From: Dean Lawrence [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 27, 2005 2:18 PMTo: sniffer@SortMonster.comSubject: Re: Re[2]: [sniffer] Last chance to renew at the old price! You know, I just don't get where all of the doom and gloom comes from. Yes, it is a large percentage increase, but it's still only 2 bucks a day to run the best piece of software on my server. I'm sure that they have taken these comments into consideration and will try to give more advanced notice in the future. But, to start with the "Time to start looking for another solutions" talk is rediculous. Reading Michael's description of what is going on over there suggests that their business is exploding, not imploding. And to keep on top of it, they need to increase their cash flow, not to buy nicer cars. I think everyone needs to look at how much Sniffer saves you everyday instead of griping about how much it costs you. Just my 2 cents. Dean On 12/27/05, Pete McNeil <[EMAIL PROTECTED]> wrote: Part of the purpose for additional staff is to reach a goal of FPprocessing measured in minutes to hours, never days as it is sometimes now. We also have some automated tools on the drawing board that willhelp to mitigate many FP cases on a self-serve basis. These will becoming in this next year._MOn Tuesday, December 27, 2005, 4:00:59 PM, Darin wrote: DC> Hi Michael,DC> How about false positive processing? That's our biggest headache, but itDC> would be drastically reduced by faster processing than the 3-5 days weDC> currently see.DC> Darin.DC> - Original Message -DC> From: "Michael Murdoch" <[EMAIL PROTECTED]>DC> To: < sniffer@SortMonster.com>DC> Cc: "Pete McNeil" <[EMAIL PROTECTED]>DC> Sent: Tuesday, December 27, 2005 2:13 PMDC> Subject: RE: [sniffer] Last chance to renew at the old price! DC> Hi Folks,DC> Actually, here is some more detail as to the reasons for the priceDC> increase. In addition, please bear in mind that that prices haven'tDC> been raised in approximately 2 years and even with this increase we are DC> priced very competitively.DC> The new feature/benefits and more to come are as follows:DC> * In the past 6 months we have more than doubled the number of updatesDC> per day and we will continue to increase our bandwidth and the speed of DC> our updates.DC> * We have more than tripled our staff to improve our monitoring,DC> support, and rule generation capabilities. Come January, we are againDC> doubling this staff as the black-hats have gotten much more DC> sophisticated and this has become a 24x7 battle. Even Pete needs toDC> sleep sometimes. :-)DC> * We are adding new R&D programs for AFF/419 spam and Malware mitigationDC> (many of the results from these projects have already been implemented). DC> * During this next year as part of our continuous improvement policy weDC> will continue to roll out new features and enhancements such as fullyDC> automated reporting, in-band real-time updates, an optimized message DC> processing pipeline, image and file attachment tagging, advanced headerDC> structure analysis, enhanced adaptive heuristics, improved machineDC> learning systems, real-time wave-front threat detection, and many DC> more...DC> It's important to recognize that many of our improvements don't requireDC> new software to be installed on the client side since they are deliveredDC> through rulebase enhancements. Though this often causes our work to go DC> unnoticed, it is actually a design feature since it means that yourDC> installation requires very little maintenance. This translates toDC> lowered administration costs and higher reliability.DC> As a result of this "reliability-first" design strategy, it may notDC> always be obvious that our service is constantly being improved andDC> enhanced - we never stand still ;-)DC> We'd hate to see any of you go, but please do compare us with other DC> services.DC> I'm sure that you'll find we're well worth the money, but it's alwaysDC> good to keep your options open. In fact, best practice these days forDC> spam filtering is to use a blended approach that leverages many DC> services. We personally encourage that for best results.DC> Please let me know if you have any questions. Thank you for yourDC> feedback and business!DC> SincerelyDC> Michael Murdoch DC> The Sniffer TeamDC> ARM Research Labs, LLCDC> Tel. 850-932-5338 x303DC> -Original Message-DC> From: [EMAIL PROTECTED] DC> [mailto:[EMAIL PROTECTED]] On Behalf Of Fox, ThomasDC> Sent: Tuesday, December 27, 2005 1:03 PMDC> To: sniffer@SortMonster.comDC> Subject: RE: [sniffer] Last chance to renew at the old price!DC> I said the same thing, and the response was, basically,DC> "We haven't raised the price in a long time, we need DC> the money, like it or lump it.">>
RE: Re[2]: [sniffer] Last chance to renew at the old price!
Thomas, if your company cannot afford the rather small monetary increase, and you are running that close to the edge, then maybe you should not be in business. I for one am glad to hear the SNF is adding resources and has mapped out a list of future feature enhancements. Please quit your gripping or take it off list. Bill -Original Message- From: Fox, Thomas [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 27, 2005 2:40 PM To: sniffer@SortMonster.com Subject: RE: Re[2]: [sniffer] Last chance to renew at the old price! Your interpretation of "a bit" as being 50+% is disingenuous at best, and thievery at the worst. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Tuesday, December 27, 2005 5:34 PM > To: Fox, Thomas > Subject: Re[2]: [sniffer] Last chance to renew at the old price! > > On Tuesday, December 27, 2005, 5:14:13 PM, Thomas wrote: > > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of Michael Murdoch > >> > >> If you don't feel that's the case, then you > >> are free to decide if you think otherwise. Thanks and take care! > > FT> EASY FOX TRANSLATION: > > FT> "Like it, or lump it." > > Translated another way... > > We could keep things as they are, stand still while spam generation > technology advances rapidly, whither away, and die. > > OR > > We could charge a bit more, accelerate development and make sure that > SNF stays out in front and even expands the gap. > > I, for one, am not willing to make the first choice, and I doubt that > it would be in anyone's best interests - except, perhaps, the > blackhats. > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Bad Rule - 828931
Don't know about the proper syntax for baregrep, but for the standard UNIX grep for Win32, the following would give you an accurate count: grep -c "Final.*828931" c:\imail\declude\sniffer\logfile.log Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Tuesday, February 07, 2006 4:12 PM To: sniffer@SortMonster.com Subject: Re[2]: [sniffer] Bad Rule - 828931 Hello Matt, Tuesday, February 7, 2006, 6:27:25 PM, you wrote: M> rule number, and I don't have the tools set up or the knowledge of M> grep yet to do a piped query of Sniffer's logs to extract the spool file names. http://www.baremetalsoft.com/ is a great grep'er for windows. In BSD I always used ".*" to represent any number of characters, white space or non, but that didn't seem to work with baregrep. That's why I was trying to confirm with anyone on the list my regex of "Final\t828931" was an accurate regex to find every message that 'finaled' on that rule. I'm praying that I screwed up the expression and I don't have 22,055 messages held by that rule. M> BTW, David, it is generally better not to hold or block on one single M> test, especially one that automates such listings (despite whatever M> safeguards there might be). I know, shame on me. I guess I'm used to the days that we used to be able to hold on sniffer alone. We have some safeguards in place now and are transitioning our rule methodologies but hadn't gotten to this one yet as this always seems to hit back-burner. This is also why I'd really like to see the content of the rule to see how it made it passed our safeguards. -- Best regards, Davidmailto:[EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] problems!!!!
I think a better solution or check-point might be to run any new rules (at lease ones that may be questionable) though a corpus test of known spam and ham to see how the new Sniffer rule functions. This is how the SARE and SA folks evaluate their new rules and determine an appropriate weight to apply to the individual rules. Thoughts? Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, February 08, 2006 8:20 AM To: sniffer@SortMonster.com Subject: [sniffer] problems Pete, The only idea I came up with, would be to have ALL new rules go into a 6 hour "proving" category (=return code) before they are moved into their "final" category. By using Sniffer return codes, folks could decide to "trust" the established rules and decide to "cross-check" any new rules by weighing them against other sources/methods. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
Sniffer can be integrated into amavisd-new via spamassassin. SA will capture the Sniffer score and add it to its total score and amavisd-new will act on that score as it currently does with spamassassin integration. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 8:49 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > > Does not require spamassassin or amavis. You can do it just with > postfix. > > DustyC > True, but he wanted it to work with amavisd-new. Less risk of a false positive if its part of a weighted system. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
Yep, but for someone not running IMail/Declude, the integration with spamassassin and amavisd-new works great. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NetEase Operations Manager Sent: Wednesday, February 08, 2006 8:45 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix Does not require spamassassin or amavis. You can do it just with postfix. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 10:41 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > Is there anyone else who would like to see Message Sniffer > incorporated into Amavis-new? This would be a great addition to my > IMGate - Postfix mail gateway. Currently I use message sniffer on my > Imail box but would like to offload that server and do the "sniffing" > before the mail hits Imail. > This is already available by using Sniffer with Spamassassin. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
