On 2015-02-10 01:20, Daniel Bayerdorffer wrote: > But there are no headers in the messages showing snf's results. I can see > that the snf4sa.cf has it set to add them though. > > # Header line containing the results from SNFServer. > add_header all SNF-Result _SNFRESULTTAG_ > add_header all MessageSniffer-Scan-Result _SNFMESSAGESNIFFERSCANRESULT_ > add_header all MessageSniffer-Rules _SNFMESSAGESNIFFERRULES_ > add_header all GBUdb-Analysis _SNFGBUDBANALYSIS_ > > Do you have any more suggestions?
Unfortunately, some implementations of SA are hiding these headers. We've seen this a few times recently. There doesn't seem to be a way around it outside of hacking SA itself. (A few people have done that,... but it was ugly). If you want to be able to more easily associate SNF logs with messages you might consider changing SNF's message identifier to use the Message ID. http://www.armresearch.com/Documentation/QA/ltidentifiergt-2021367617.jsp _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>