Hello Darin, Wednesday, June 7, 2006, 7:26:48 PM, you wrote:
>>Unfortunately, by the time the message gets to us it is sometimes just >>different enough that the original pattern cannot be found. There are >>some folks who consistently have success, and some who occasionally >>have problems, and a few who always have a problem. > Different in what way? Is the mail client encoding differently in the > forwarding process? If so, do you know what clients are altering the > messages and how? If there's one that's better for this, we could always > use it for forwarding since we currently send it to ourselves first, then > forward. It is unclear - we receive FPs that have traveled through all sorts of clients, quarantine systems, changed hands various numbers of times, or not (to all of those)... Right now I don't want to make that research project a high priority. > If we rewrite the Q file and queue directly from IMail, encoding shouldn't > change, correct? If that avoids this issue, we could do that instead. That's true it wouldn't change, but submitting the message directly would not be correct - the dialogue is with you, and in any case, additional trips through the mail server also modify parts of the header and sometimes parts of the message (tag lines, disclaimers, etc)... >>The best solution is to include the headers during the scan since they >>will travel with the message. > What do you mean? The XHDR? We would love that for more several reasons, > but Declude is not the same company anymore. At some point perhaps they will include the SNF engine in DLL form and all of these issues will become simpler. For now there's no definitive answer on that possibility so we will have to find other solutions. I don't like the idea of rewriting the message file more often than absolutely necessary, but that is a feature that is on the todo list and so it may make it into the next heavy update (work in progress). >>The next best is to automate matching >>the log entries with the message so they can be included with the >>submission (some do this to prevent the "second trip"). > Yeah, we'd have to automate it. I can't imagine taking the time to manually > match for each occurrence of "no rule found". Another item for the > automation list. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
