Title: Message
Thank's Matt - smart work-around. I incorporated the key concept
and it seems to work!
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ma
Andy,
I'm a big proponent of a skip if less than or more than setup, however
I would like to see this in the Global.cfg so that the filter files
don't even need to be opened and read if the proper weights have been
tripped, thus saving a bunch of processing. This could be done with
two column
>> That's the way to do it <<
Nope - it was a failure. The "WEIGHTRANGE" doesn't get processed by Declude
until the end. So when the FITLER is running, the WEIGHTRANGE hasn't been
set yet - apparently.
So, Scott... We're back to needing "SKIPIFWEIGHTLESS"!
Best Regards
Andy Schmidt
Phone: +1
That's the way to do it :)
Matt
Andy Schmidt wrote:
I think I found a solution.
Global.cfg:
SNIFFER externalnonzero "D:\IMAIL\Sniffer\Win32\.EXE
" 4 0
SNIFFER-SNAKE external052 "D:\IMAIL\Sniffer\Win32\.EXE
" 1
I think I found a solution.
Global.cfg:
SNIFFER externalnonzero "D:\IMAIL\Sniffer\Win32\.EXE
" 4 0
SNIFFER-SNAKE external052 "D:\IMAIL\Sniffer\Win32\.EXE
" 1 0
SNIFFER-SCAMS external0
I'm just curious...
Wouldn't the following work for the intended purpose (in this case)...
NOTSNIFFED external 0 "." ...
Specifically - an external test that fails on a zero result should
work right Scott?
_M
On Monday, May 31, 2004, 7:01:50 PM, Matt wrote:
M> I believe that MINWEIGHT 15 a
Title: Message
Hi
Andrew,
cool. Unfortunately, my goal was to route the messages not just
"count".
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Co
I believe that MINWEIGHT 15 always exits the filter since it starts
with a score of zero.
If Andrew's suggestion doesn't work for your purposes, there's likely a
kludge that can be written with multiple filter files that can do this.
Matt
Andy Schmidt wrote:
Message
Hi Matt:
Title: Message
Hi
Matt:
Uh - I
see. We would need a "SKIPIFWEIGHTLESS" option.
Scott?
But -
I still don't understand why I don't see lots of entries for "NOTSNIFFed".
If anything, now I should see lots of legitimate mail "match" that
test?
Best
RegardsAndy SchmidtH&M Systems Softwa
Title: Message
fgrep "Total weight = " dec0531.log |
fgrep -v "SNIFFER" | gawk "$NF >=20"
>result.txt
sample
contents of result.txt:
05/31/2004
00:01:44 Qd84b1ec600561d03 IPNOTINMX:2 HELOBOGUS:6 MAILFROM:9 REVDNS:4
CMDSPACE:5 COUNTRY:10 DSBL:6 SPAMCOP:3 SPAMCOP-DYNA:7 FIVETENSRC:2
FIVETE
I'm trying to detect mails weight >= 15 that did NOT fail "Sniffer".
In "NOTSNIFFEDfilter.txt"
MINWEIGHT 15
TESTSFAILED END CONTAINS SNIFFER
REMOTEIP 0 CONTAINS .
The problem here is that the MINWEIGHT option in a filter determines a
minimum weight at which filter processing will stop. This is a
Andy,
That's not how MINWEIGHT works. MINWEIGHT is used for a filter so that
it doesn't subtract any more than the value that you give it, generally
a negative number unless you get fancy and apply scoring tests first.
The only way to do this currently would be to create an external test
to
Title: Message
Hi,
I'm trying to detect
mails weight >= 15 that did NOT fail "Sniffer".
I
have:
Global.cfg:
SNIFFER
external nonzero "D:\IMAIL\Sniffer\Win32\.exe
?" 4 0SNIFFER-SNAKE external
052 "D:\IMAIL\Sniffer\Win32\.exe
?" 1 0SNIFFER-SCAMS external
Title: Message
Ah, the easy
answer is that grep is not the way. You want something a little higher up
on the food chain, awk.
gawk "$4 == 2"
netflow.txt
or the identical
but clearer:
gawk "$4 == 2
{print $0}" netflow.txt
will parse the
file called netflow.txt and only output the
14 matches
Mail list logo
