Errors and Result Codes
| Condition | Result Code | Description |
| CLEAN | 0 | No matching pattern was found in the message. |
| WHITE | 0 -1 |
A White-Code pattern was found in the message. This is a rule coded to a group with a zero or one symbol value. By convention, core white rules (which are rare) are coded with a group symbol of zero. They are designed to prevent false positives that might be caused by other black rules. Think of these as very specific holes in otherwise opaque black rule sets. Also by convention, user specific white-rules are coded to a group with a symbol value of one. These are normally coded specifically to white-list content rather than to create holes. |
| MATCH | 2 - 63 |
A reportable pattern match was found in the message. The result code is the symbol assigned to the rule group. By convention, rule group symbols from 2-10 are reserved for user specific black rules. Also by convention symbols up through 32 are reserved for special cases. Note: Above-band symbols may also MATCH reporting values from 65-255 in the log file. However these will be ignored and will result in a final output of 0 unless other in-band matches apply. |
| FINAL | 2 - 63 | After all matches have been found in a message, the first match with the lowest symbol is selected for output. This match becomes the final result. |
| ERROR_CMDLINE | 65 | Command line error. Sniffer was called improperly. |
| ERROR_LOGFILE | 66 | Cannot open log File. |
| All of the following error codes are (Fail Safe) in the production version. The error code shown is for information and log analysis purposes only. Fail Safe command line scan results are ALWAYS 0 to ensure messages are not trapped by errors. All Fail Safe errors are reported to the log file with their actual result code. | ||
| ERROR_RULE_FILE | 67 | Cannot open rules file. (Fail Safe) |
| ERROR_RULE_DATA | 68 | Cannot create pattern matrix. Either an error occurred while reading the rule file or the system could not allocate sufficient memory to contain the pattern matrix. (Fail Safe) |
| ERROR_RULE_AUTH | 73 | The rulebase file was located and read but did not authenticate properly. This may indicate a corrupted or incomplete rulebase file or (more often) a typo in the authentication string or license ID. In snf2check.exe, be sure that the rulebase file being tested has a correct name such as abcd1234.snf, abcd1234.new or abcd1234.tst and that the corresponding authentication string is being used and that it has been typed properly. It is best to cut and paste license ids and authentication strings when possible. |
| ERROR_MSG_FILE | 69 | Cannot open message file, or an error occurred while reading the file. (Fail Safe) |
| ERROR_ALLOCATION | 70 | Allocation error during processing. (Fail Safe) |
| ERROR_BAD_MATRIX | 71 | Pattern trace went out of range. Possible pattern matrix compilation error. (Fail Safe) |
| ERROR_MAX_EVALS | 72 | The maximum number of evaluation paths was exceeded. This is generally harmless and should be considered informational unless it occurs frequently. (Fail Safe) |
| ERROR_UNKNOWN | 99 | An unhandled exception occurred. This is usually something that happened with the operating system. Please report these immediately to support@armresearch.com (Fail Safe) |