I have an idea. These problems seem to stem
mostly from changes in the methods of handling rulebase updates.
We were lucky enough not to be affected with the
latest rule issue, but the previous one made for a very long day
and some disgruntled customers.
Would it be feasible to announce in advance when
such changes are to be implemented? With advance notice of a date and
time for the switch we could choose to freeze our rulebases just before that
for a day to make sure the kinks were worked out before updating. A few
spam messages that slip through are better than a slough of false positives
that require review and are delayed in reaching the customer.
Thoughts?
Darin.
----- Original Message -----
Sent: Wednesday, February 08, 2006 10:02 AM
Subject: [sniffer] problems!!!!
With the recent issues at sniffer it has caused
tremendous problems with the entire client base here.
Sniffer has been so reliable for so lond and al of a
sudden recently I cannot rely on it any more
What is going on with sniffer
Will these issues get resolved or is it going to be more
unstable than what we have come to rely on?
I need my spam trap software to work without spend hours
everyday and without getting a large group of my customers questioning
the reliability of what I am doing.
Hope there will be some indication of
improvement.
The following is my sniffer code
SNIFFER external nonzero
"D:\IMail\Declude\sniffer\umzqbs4l.exe dky4t444qqpk69j6" 10 0
Should I be doing something different?
This
has worked very well for a year now.
Harry Vanderzand
inTown Internet & Computer Services
519-741-1222
Goran, this is pretty much what I did to
get to re-queuing:
gawk "$0 ~
/Final\t828931/ {print substr($3,2,16)}" gxamq2kt.log.20060207*
>msgids.txt
The file msgids.txt will now contain just the
GUID part of the D[guid].SMD from column 3 in the tab delimited Message
Sniffer log files.
I then used a batch file I had previously created
called qm.cmd (for queue and move). Note that the folders I specify
are for Declude 1.x, which has an overflow folder. I use the overflow
folder so that Declude will re-analyze the message:
Rem this is the qm.cmd file listing
move
d:\imail\spool\spam\d%1.smd u:\imail\spool\ >nul
move
d:\imail\spool\spam\q%1.smd u:\imail\spool\overflow\ >nul
I
then issued from the command line:
for /F %i in (msgids.txt) do
@qm.cmd %i
That takes of re-queuing all the held messages. I am
using a move instead of a copy because I want Declude to be able to move a
message it deems spam to the spam folder. If I used a copy, it would
fail to do the move because the file is already in the spam folder, and
Declude would then pass control back to Imail, which would then deliver the
spam inbound.
After my queue went back to normal, I then set to work
on my dec0207.log file to determine if the entirety of the message was spam
or ham based on whether it was held or not (which is the simple scenario I
have).
I hope that helps,
Andrew 8)
p.s. Another re-posting in HTML so as to
preserve the line breaks. Sorry for the duplication,
folks.
> -----Original
Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On
Behalf Of Goran Jovanovic
> Sent: Tuesday, February 07, 2006 5:39
PM
> To: sniffer@SortMonster.com
> Subject: RE: Re[4]: [sniffer]
Bad Rule - 828931
>
> I just ran the grep command on my log and
I got 850 hits.
>
> Now is there a way to take the output of the
grep command and
> use it pull out the total weight of corresponding
message
> from the declude log file, or maybe the
subject?
>
> Goran Jovanovic
> Omega Network
Solutions
>
>
>
> > -----Original
Message-----
> > From: [EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]]
>
> On Behalf Of David Sullivan
> > Sent: Tuesday, February 07,
2006 7:47 PM
> > To: Landry, William (MED US)
> > Subject:
Re[4]: [sniffer] Bad Rule - 828931
> >
> > Hello
William,
> >
> > Tuesday, February 7, 2006, 7:39:05 PM,
you wrote:
> >
> > LWMU> grep -c "Final.*828931"
c:\imail\declude\sniffer\logfile.log
> >
> > That's what I
tried. Just figured out I forgot to
> capitalize the "F".
> >
It works.
> >
> > Confirmed - 22,055
> >
>
> I'm writing a program now to parse the sniffer log file,
>
extract the
> > file ID, lookup the id in sql server, determine
quarantine
> location,
> > extract q/d pair from quarantine
and send to user.
> >
> > --
> > Best
regards,
> >
David
mailto:[EMAIL PROTECTED]
>
>
> >
> >
> > This E-Mail came from the
Message Sniffer mailing list. For
> information
> > and
(un)subscription instructions go to
> > http://www.sortmonster.com/MessageSniffer/Help/Help.html
>
>
> This E-Mail came from the Message Sniffer
mailing list. For
> information and (un)subscription instructions go
to
> http://www.sortmonster.com/MessageSniffer/Help/Help.html
>