News
2008-10-09 SNF Now directly supported in IMGate!
Message Sniffer is now directly supported in Len Conrad's IMGate. IMGate + SNF allows you to move your spam filtering out in front of your mail server improving scalability, stability, and performance.
Here are some links:
http://www.imgate.net/?page_id=101
http://www.imgate.net/?page_id=111
2008-07-31 Installers Posted (available in the Products section)
We have re-posted our Windows Installer for the new Client/Server version of SNF 3.0. This installer will help you upgrade from previous versions of SNF if you are using any of:
- IMail + Declude
- IMail + mxGuard
- SmarterMail + Declude
Other combinations are also supported and often detected automatically including raw client/server installations for use on systems we don't know about yet ;-)
This installer is relatively new (but well tested in our lab). Please keep us posted on how it works for you.
If you prefer to get the new SNF and install it yourself:
http://www.armresearch.com/message-sniffer/download/SNFWinClientServer3.0.zip
MDaemon users-- don't forget that we nave an installer for the new MDaemon plugin also!
If you prefer to install the new SNF MDaemon plugin manually:
http://www.armresearch.com/message-sniffer/download/SNFMDPlugin.3.0.zip
Linux/BSD/OSX users-- If you haven't heard, the new *nix distribution of SNF has been updated with improved V3 specific instructions and example control & update scripts. Also - if you had trouble compiling SNF before on your PowerPC or 64bit box the latest version includes big/little endian detection and bug fixes. At this time there are no known problems on all of these platforms. As always: Keep us posted please :-)
http://www.armresearch.com/message-sniffer/download/SNFSourceClientServer.3.0.1.zip
Everyone should upgrade to the newest version as soon as practical. While we will continue to support version 2 for a time, version 2 of SNF is deprecated. Of course, that's not the only reason to upgrade. SNF Version 3.0 has many improvements that reduce leakage, reduce the chance for false positives, reduce administration costs, and reduce system loads.
- More efficient, fully multi-threaded scanning engine.
- Realtime collaborative IP reputation system.
- Realtime rulebase checking and telemetry (no need to upload logs)
- Realtime system status information in XML format.
- Integrated, customizable rulebase update mechanism.
You can find links to our latest distribution files on our Products page. You can find installation guides and upgrade notes in the documentation section.
Some of our site is still under construction (it is large). If you find something under construction that would help you please let us know and we will reschedule that work to get it done more quickly. In the mean time we'll be happy to answer your questions directly.
2008-07-31 2 Millionth Rule!
We have reached our 2 Millionth Rule! -- Our rule bots now have more than 2 Million heuristics available for activation at any moment. When new spam is spotted that matches an old rule, that rule is reactivated automatically.
The vast majority of our rules have been coded by hand over the years by our amazing Rule-Techs (The SortMonsters). These highly trained professionals work around the clock (24x7x365) and consistently produce the most accurate rules available anywhere. They are really a fantastic team and a great bunch of folks to boot. :-)
At present about 122315 rules are typically active at one time.
Our most active rule at the moment was coded some 2062 days ago (has it been that long? Wow!).
Here's to the next 2 million !
2008-7-14 New verson of eWall includes tight integration with SNF!
The newest version of eWall from Server Side Solutions includes direct support for SNF:
- Simplified installation - just provide your license ID and Authentication string.
- eWall communicates directly with the SNFServer via XCI for speed and efficiency.
- New SNF specific actions and conditions.
- Automated filter generation tools in the "New Agent Wizard".
Here is a link to the announcement: http://forum.sssolutions.net/showthread.php?p=14524
2008-07-12 Rulebase Delivery System Upgraded
Our rulebase delivery subsystem has been upgraded. The new system supports 10x the previous bandwidth and a minimum of 5x the the number of transactions per second.
2008-07-10 *nix Source Distribution Upgraded to 3.0.1
The *nix source distribution has been updated to include Version 3 specific install instructions and to correct a minor bug.
2008-06-26 It's official. SNF Version 3.0 is Ready!
Back in Q1 we were sure we'd be ready with the new SNF after nearly a year of testing on both large and small systems. What a surprise!
After publishing the first release candidate we went from version 1-5 to version 2-27 at a breathtaking pace!
Thank you to everyone who has tested, poked, prodded, and twisted the new SNF -- not to mention keeping up with all of those updates during the final phase of testing. I can't imagine getting to this point without your patience, trust, attention to detail, and persistence! Bravo!
Without further fanfare: Today the latest release candidate becomes the official production release of Message Sniffer (SNF) Version 3.0.
The changes:
- Minor updates to readme files.
- Changed the build / version information and recompiled.
- Removed redundant comments from the configuration file.
We have been bug free for more than 2 months with several hundred systems using the new engine.
You can download the latest distributions from the products page:
http://www.armresearch.com/products/index.jsp
You may also notice that we've published our new web site! There are a few bits of documentation still under construction here and there, but we're well on our way to filling those in along with a stream of continues improvements and additions based on our work with you!
Once again, Thanks to everyone for a fantastic job!
Thanks for all of your support, comments, and efforts! As always we're hear to help. Now, onward to the next upgrade... always work to do ;-)2008-06-20 ARM Research Labs Launches New Website!
2008-06-10 Final RC before Version 3 (fingers crossed)
The latest SNF distributions have just been posted:
- SNFMulti engine 2-9rc 25
- SNFClient 2-9rc 7
This release is a performance update, no new bugs in many weeks now.
Here is a snip from the change log:
20080524 - Version V2-9rc2.25.7
- Optimized networking library for additional speed & stability by moving receive buffer allocation from heap to stack (automatic).
- Optimized timing parameters in SNFClient for improved speed. Polling dealys are now reduced to 10ms from 30ms.
- Removed speed-bug in SNFClient, 100ms guard time between retries was always executed after an attempt (even a successful attempt). The guard time is now condition and only fires on unsuccessful attempts.
- Updated XCI server logic to ensure non-blocking sockets for clients in all socket implementations.
PS: ****** We expect to begin wide testing of two new pieces of software soon: Windows Installers for the MDaemon plugin and Command Line versions of the new SNF. Stay tuned!
2008-04-25 New version: Engine 24, MDPlugin 6
This release is an upgrade more than a bug fix. Replace your SNFServer.exe or snfmdplugin.dll as appropriate.
No changes have been made to the configuration file.
This version improves memory management in the SNF Engine for improved performance, improves the header injection mechanism for improved reliability, and improves logging for IP scans done with the MDaemon plugin.
As usual you can get the latest distributions here:
Here is an excerpt from the change log (this time from the MDaemon plugin change log since it contains all changes from the last version):
20080424 - Version V2-9rc6.24.6
- Refactored snfScanData.clear() to reduce heap work and fragments.
- Added mutex to scanMessageFile() entry point just in case some app attempts to put multiple threads through a single engine handler. scanMessage() is already protected and fully wraped by the new scanMessageFile() mutex.
- Added non-specific runtime exception handling to XHDR injection code.
- Added 2 retries w/ 300ms delay to remove original message in XHDR inject code. If remove fails after 3 attempts the injector throws.
- Added 2 retries w/ 300ms delay to rename temp file to msg in XHDR inject code. If rename fails after 3 attempts the injector throws.
- Added IPTest logging.
