News

2010-02-05 Rulebase updates increased by 25%!

After more back-end improvements and some careful analysis we have increased our rulebase update rate by another 25%.

This will mean:

• Less time for new spam to get through between updates
• More accurate IP reputation information against new bots
• Faster removal of troublesome rules (fewer false positives)

2010-02-04 New Proactive False Positive Prevention Initiatives

Unqualified false positive candidates: Through this review process we are able to remove and modify pattern rules that cause occasional low-level false positives that would otherwise not be reported. This system is already allowing us to recode or remove dozens of rules per day to make them more accurate; and to update our rule coding practices and support systems to further improve our accuracy moving forward.

Real-time rule / IP conflict analysis: This system monitors conflicts between IP reputations and pattern rule matches across the entire fleet of Message Sniffer installations in real-time. Any time a pattern match is in disagreement with a source IP's reputation that information is analyzed and pumped through a sophisticated collection of filters and data-mining tools. The resulting analysis is displayed in real-time in our spam-weather center so that our staff can respond immediately (24x365) if there is any sign of a "bad rule".

2010-01-04 Message Sniffer DLL now used in Declude

The Declude folks have announced version 4.10.42. With this version Declude now integrates Message Sniffer via our DLL.

Benefits:

• Improved performance
  • Not an external test, so no program must be launched
  • Uses the message already in RAM thus saving disk IO
  • SNFMulti engine runs inside of the Declude service (one less program / service)
  • No XCI calls required to request scans (reduced communications overhead)
• Provides direct access to the GBUdb IP Reputation system for additional scoring options

Here is a link to their announcement as archived on "The Mail Archive".

http://www.mail-archive.com/declude.junkmail@declude.com/msg33094.html

2010-01-01 New Year's Message Sniffer Promotion

For each NEW customer in the month of January 2010, MicroNeil will donate a new sleeping bag to TOP to benefit the homeless in the Washington DC Area!

2009-11-21 Message Sniffer Antispam/Antimalware plugin for CommuniGate Pro Beta Released

Today we're releasing version 0.1.0 (a beta) of our spam filter plugin for CommuniGate Pro (CGP). You can find the distributions on our Products page.

We've been testing this for a while in the lab and in our spamtrap processing servers. It's very fast and very stable.

More documentation is on it's way -- however each distribution also contains the documentation typical of CGP plugins.

SNF4CGP (CGPSNF) does everything a typical CommuniGate filter plugin does and a bit more. In addition to providing X- headers that can be used with filter rules, CGPSNF can also be configured to take any of these actions (configurable by result code, of course):

Allow - This is the typical CommuniGate plugin response. CGPSNF will provide X- headers as configured. The X- headers can be used to trigger CGP message processing rules.

Bypass - This action bypasses SNF4CGP -- the message has been scanned and logged, but CGP is not provided with headers and no additional action is taken.

Delete - This action tells CGP to discard the message.

Hold - This action takes the message as it was provided by CGP, injects the SNF headers, and then puts that message in a folder of your choice for later processing. This is a great hook to use if you are a service provider and you want to build sophisticated quarantine and/or policy review processes.

Reject - This action tells CGP to reject the message with the provided reason.

CGPSNF can also be configured to add its log entries to the CGP log for easy review -- even if the log is not stored as a file by SNF (use mode='api'). Also, just like SNFServer, the XCI interface is provided so you can use SNFClient for GBUdb manipulation or "out of band" message scanning. The full SNFServer engine is in place whenever the CGPSNF plugin is active.

As always - there is no need to restart SNF after making changes to the configuration -- so you can change these options on the fly as needed.

If you have any questions please let us know.

2009-09-11 SNFMilter 1.0.3 released -- bug fix

Those of you using SNFMilter should upgrade to the latest.

We have fixed a bug which would cause SNFMilter to exit with a SIGSEGV under some conditions -- Specifically the error would occur when mlfi_connect() was called with a NULL host address.

2009-08-30 Postfix with Milter, Out-of-Sync Issue Fixed

This week Postfix stable release 2.6.5 as well as Postfix legacy release 2.5.9, 2.4.13, and 2.3.19 have been posted. These versions fix the Milter out-of-sync problem. If you are using SNFMilter with postfix, you should consider upgrading to one of these version so that you can enable use of the quarantine method.

2009-08-26 Updates for SNFServer and SNFMilter

We have posted the following new *nix distributions for SNFServer and SNFMilter & Windows SNFServer:

snf-milter-1.0.2.tar.gz
snf-server-3.0.10.tar.gz
SNFServerV3.0.2-E3.0.11.exe

These new versions fix a rare memory leak bug that occurs when corrupt rulebase files are presented to the SNF engine. The SNF engine would read and ultimately reject the bad rulebase file but would not release the memory associated with it.

Most systems never saw this bug because their update mechanism would validate the rulebase (.snf) file before swapping it into place.

As a result most folks don't technically _need_ this update--- but it is best if you update to this latest version when you can schedule it in.

Windows users can download the SNFServerV3.0.2-E3.0.11.exe file,
Stop SMTP (to prevent queuing)
Stop SNFServer
Rename SNFServer.exe to SNFServer.exe.bak
Copy SNFServerV3.0.2-E3.0.11.exe over SNFServer.exe
Start SNFServer
Start SMTP

2009-07-29 SNFMilter Released

Today we've officially released SNFMilter - a version of Message Sniffer that integrates directly with sendmail and postfix servers.

2009-07-29 Updated Client/Server Distribution for Linux, BSD, and & *nix Systems

We've posted a new version of our Client/Server distribution for Linux, BSD, & other *nix systems. You can find snf-server-3.0.9.tar.gz on our products page.

This update contains a fix for a minor bug in the CodeDweller/Networking code: Under some (rare) circumstances SNFServer would exit with SIGPIPE. The new code includes an appropriate use of MSG_NOSIGNAL or SO_NOSIGPIPE depending on the platform used to build the software.

The SIGPIPE bug does not affect Windows systems. However, a new update to the Windows installer is due relatively soon just to keep all of the versions up to date and to update some documentation for some of the integrated platforms.

This update includes improved control scripts that provide for a special debug mode. The debug mode runs SNFServer with a number of debugging options enabled to capture detailed information about how SNFServer is running. Most folks will never need this ;-)

Other improvements to the source code have also been included.

2009-05-12 SNF4SA - Message Sniffer Anti-Spam Plugin for SpamAssassin Released

We have just released a MUCH improved plugin for SpamAssassin. Our new plugin makes full use of the SpamAssassin Plugin API to provide features like:

• Add weights for specific scan result codes.
• Add (or subtract) additional weight based on IP reputation statistics.
• Optionally skip other tests.
• Inject SNF headers.

The SNF4SA plugin is included in the latest *nix distribution of SNF on our Products page.

Also we have packaged the SNF4SA plugin separately for those of you running SpamAssassin on Windows machines -- or if you already have SNF up and running and just want to switch to the latest SpamAssassin plugin.

For more information visit our SNF4SA page.

We look forward to your feedback!

News Archive