Re: [sniffer] spam leakage up

2004-06-24 Thread Nick Hayer
On 24 Jun 2004 at 10:46, Herb Guenther wrote: Herb, very kool - nice output. How do you compile the info if you don't mind me asking? -Nick Hayer > Here is our last weeks stats, we did not see an increase in volume, so > much as the amount gettig thru in the last couple days and

Re: [sniffer] spam leakage up

2004-06-24 Thread Nick Hayer
On 24 Jun 2004 at 10:55, Herb Guenther wrote: Herb, If you would be so generous it would be much appreciated... -Nick > I wrote a coldfusion page that parses the logs into a sql database > every night, and then the display page you saw. If you have a > coldfusion server I would be happy to gi

Re: [sniffer] Spam Leakage - last 2-3 weeks. - topic change

2004-09-15 Thread Nick Hayer
hat are your estimated accuracies for the various rule groups? Thanks much! -Nick Hayer This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

RE: [sniffer] Your Sniffer Setup

2004-11-01 Thread Nick Hayer
On 1 Nov 2004 at 14:03, Andy Schmidt wrote: Andy, Here is an alternative freeware utility to run sniffer as a service in case youi want to try something different: http://www.judoscript.com/goodies/RunExeSvc/runexesvc.html This was posted awhile ago with setup instructions - it seems to work s

Re: [sniffer] New Spam/Virus?

2005-06-06 Thread Nick Hayer
Was this the ip? 209.67.220.164 This is the only address I have seen - -Nick Scott Fisher wrote: Yes I have seen them too:   email starts with:   Dear Valued Member, According to our site policy you will have to confirm your account by the following link or else y

Re: [sniffer] Declude and Sniffer

2005-07-20 Thread Nick Hayer
Hi John, I do not. As you I score some sniffer tests at 9 and tag the subject at 10. I do occasionaly see fp's with sniffer - particulary with legit newsletters. So what I have done is leave sniffer where it is and combo it up with other tests to push it to and over the 10 threshold. -Nick

Re: [sniffer] Sniffer taking a long time?

2005-08-02 Thread Nick Hayer
Without regard to content I believe the edits would be made in CurrentControlSet - not in ControlSetxxx - the later are the backups. -Nick Matt wrote: Dan, I seem to recall trying to use the AppParameters key and having difficulty with it.  I think that you might want to try removing th

Re: [sniffer] Dead List ?

2005-10-24 Thread Nick Hayer
Hi Pete, I must be missing some of these posts - would you kindly let me know the latest version of Sniffer and the url to download and the same for MDLP? Thanks! -Nick Pete McNeil wrote: Just very quiet. Still here :-) _M This E-Mail came from the Message Sniffer mailing list. For

Re: [sniffer] F001 Rule Bot Change

2006-03-09 Thread Nick Hayer
Hi Pete - Pete McNeil wrote: Hello Sniffer Folks, The F001 Rule Bot has been adjusted. Is it possible for you to recommend a percentage of accuracy or maybe better stated a percentage of delete weight for each rule? I am wondering which rules you feel are the weakest and which are the

Re: [sniffer] F001 Rule Bot Change

2006-03-09 Thread Nick Hayer
Hi Pete, It's a bit too early to know about the reliability of F001. Understood - sorry I was not clear on this :) I was referring to all your tests eg: printers, snake oil, what have you. which one do you have the most confidence in maybe get the least false positive reports on? -Nick T

Re: [sniffer] F001 Rule Bot Change

2006-03-09 Thread Nick Hayer
Thanks. -Nick Scott Fisher wrote: I'd say I get least FPs on: warez (50), av push (49), advertising (56), insurance (48), and gambling (59) Most FPs on general (60), experimental (61) and travel (47) - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]

Re: [sniffer] Test

2006-05-16 Thread Nick Hayer
pong... Pete McNeil wrote: Hello sniffer, Just testing. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer]A design question - how many DNS based tests?

2006-06-06 Thread Nick Hayer
Hi Pete, Pete McNeil wrote: How many DNS based tests do you use in your filter system? approx 100 How many of them really matter? depends :) I generally weight them all very low; its the combination of several that make each 'matter'. As I review held mail I remove ones that are b

Re: [sniffer]Numeric spam topic change to png stock spam

2006-06-06 Thread Nick Hayer
Hi Markus - Markus Gufler wrote: There is also another type of spam (stock spam now with attached png image) this morning passing our filters. I am catching these fairly easily - a combo filter - #combo-stockspammer-png.txt SKIPIFWEIGHT26 TESTSFAILEDENDNOTCONTAINSEXTERNAL.REGE

Re: [sniffer]Re[2]: [sniffer]Numeric spam topic change to png stock spam

2006-06-06 Thread Nick Hayer
Pete McNeil wrote: Hello Nick, What is your false positive rate with that pattern? Hmm lets go to the MDLP for yesterday  :)                                            SS   HH  HS  SH   SA            SQ REGEX.STOCK.BODY    331    0    0    66    0.667506   0.445565 COMBO.STOCK_PNG   16

[sniffer] MDLP

2006-07-12 Thread Nick Hayer
Pete, I just moved to Declude 4x - how compatible is MDLP with this log format? Although reports are generated it seems to me some tests are missing, etc. Thanks! -Nick # This message is sent to you because you are subscribed to