News & Updates Archive
2007-10-17 Message Sniffer Version 2-9b1.5 Wide Beta
This version is considered stable for production environments. The next release will include some minor feature additions and improved default settings (thus our long wait while we monitor installed systems and refine our data). If there are no problems with the next release then we will freeze all features and create the official production release in Q1.
2007-10-05 Message Sniffer Version 2-9b1.1 Wide Beta
At your earliest convenience, please follow the following link to read about the newest version of Message Sniffer which has just been released for wide beta testing.
http://kb.armresearch.com/index.php?title= Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta
The command line client/server version is available now. It is a drop-in replacement for folks who have been running the current command line version (2-3.5) with a persistent instance on Winx platforms. The version in the posted distribution file requires a P3 or better.
MDaemon and *nix (source) distributions will be coming shortly.
This new engine has been in testing on a number of production systems from the very big to the very small for quite some time. There are no known bugs at this time. None the less, please be careful :-) and read carefully!
A GREAT BIG THANK-YOU goes out to the folks who have helped us alpha test and refine this version over the previous months and weeks through scores of alpha iterations! We really appreciate the help.
Over the next few days/weeks we will be adding documentation and answering questions to help folks explore and make the most use of the new features. We will also be looking for any last minute tweaks that might be needed; and we will be building a list of any additional features and/or refinements that come to light so we can get them into the production release, or at the very least the .1 that will follow.
As always, your comments, questions, and feedback will help guide our efforts. The value of the discussions we share both privately and on this list cannot be overstated.
Thanks for your patience, trust, and participation!
2007-06-26 Rulebase Compiler Upgrade
We have just completed an upgrade to the rulebase compiler software.
The new version is 20-50% more efficient - as a result, updates will be produced a bit more quickly and consistently.
There is no need to make any changes on your systems.
2007-02-05 SurgeMail adds a feature to call Message Sniffer.
2007-01-05 Rulebase Update Rate Increased by 16.6%.
Now that the new delivery server is in place and functioning properly, we have re-tuned the rulebase compilers to deliver updated rulebase files 16.6% more quickly on average.
This means that you will receive updated rules more frequently throughout the day and as a result you should also see less leakage and quicker responses to new mutations of spam.
2007-01-05 FTP Access to Rulebases Being Deprecated
Note that FTP downloads of SNF rulebases is deprecated. If you are using FTP to download your rulebase files you should switch to using http w/ gzip as soon as practical.
FTP access to SNF rulebase files will continue for a time but support may be removed without notice in the future. It's a safe bet that FTP access for SNF rulebase files will remain functional through the end of this month however.
2007-01-03 Upgrading SNF rulebase delivery servers
Over the next few days we will be upgrading the SNF rulebase delivery servers. If all goes well - nobody will notice except that downloads will become faster and (likely) more frequent.
On the off- chance that this might effect you or that something unpredicted might happen we am making this announcement :-)
Expect to see the IP change for http://www.sortmonster.net. If you have closed your firewall to outgoing traffic then this may effect you - you will need to make a new "hole". Please also note that the authentication realm has changed on our delivery servers. The old realm was "SortMonster". The new realm is "SNF".
It is possible that you may miss one or more updates during the transition. We will do what we can to minimize this possibility.
2006-10-23 Version 2-3.5 Release -- Faster Engine
The plan was to hold off until the next major release, however in light of recent increases in spam traffic we are pushing out a new version with our faster engine included. All other upgrades are will wait for the major release ;-)
The scanning engine upgrade results in a 2x speed increase that hopefully will help with the higher volumes we are seeing now. Version 2-3.5 also rolls up 2-3.2i1 which included the timing and file locking upgrades. Version 2-3.5 can be found in our wiki, in the Distributions area.
2006-06-19 Rulebase Pacing Updated
We have just reduced our rulebase update pacing from 150
minutes to 120 minutes. This means rulebase updates will now
arrive 20% faster.
If you are using a scheduled task to retrieve your updates,
please adjust your timing appropriately (about every 60 minutes
should be reasonable provided your script checks for an updated
file before performing the download).
If you are triggering your updates based on the arrival of
our update notification messages then you need not take any
additional action - the change will be automatic.
2006-06-07 WeightGate Available
This program is distributed AS-IS, with no warranty of any
kind. You are welcome to use this program on your own systems
or those that you directly support. Please do not redistribute
this program except as noted above, however feel free to recommend
this program to others if you wish and direct them to our wiki where they can download it for themselves. Thanks!
This program is most commonly used to control the activation
of external test programs from within Declude based on the weight that has been calculated thus far for
a given message.
For more information and to get WeightGate, please visit
the Tools page (in the Technical Details section) in the wiki.
2006-05-12 Compressed Log Files
Now Accepted!
We are now able to accept compressed log files. Compressed
log files can either be in zip or gzip form. For complete
guidelines on submitting compressed log files please visit
the Log
Files Technical Details page in our wiki.
2006-04-26 Update Notification
FROM Address Changing
We are changing the rulebase update notification's FROM address
to:
updates@armresearch.com
You shouldn't have to take any action on this, but just
in case you have any filtering or whitelists set up you should
change them.
2006-04-05 SNFRV2R3i1 - ready
for testing...
The first in a long line of coming updates has been posted
for those brave souls who wish to test or may have use for
the changes. You are looking for the file: snfrv2r3i1-EngineOnly.zip
You can find the current interim release, Version 2-3.2i1
(Engine Only) on the following page:
http://kb.armresearch.com/index.php?title=
Message_Sniffer.GettingStarted.Distributions
Be aware - this distribution only contains the SNF executable
for Winx systems and source code for BSD, Linux, & other
GNU (g++) capable *nix boxen.
BTW: The source now contains a handy make file for a change
;-) Also, we are now using all gnu compilers for testing and
development. We previously used Code Warrior for Winx and
g++ for *nix. We now use minGW (Code::Blocks) on Winx and
g++ on Linux (RHES3) for testing and development.
This release addresses two key areas that are related:
* The timing functions have been replaced using a new cross-platform
Timing Module. If you are curious or interested in cross-platform
development in C++ you can find more info on that module here:
http://www.microneil.com/OpenLibrary/index.html
The Timing Module simplifies a number of critical timing
features in SNF and made it simple to correct some unusual
timing and control conditions that would occur on some systems
under very specific circumstances -- these were odd, difficult
to reproduce bugs which by all indications have been solved
now. That is to say, those that I have been able to reproduce
have been repaired and tested -- those that I had strong theories
about have also been addressed and are very likely solved
-- I will know more after your reports ;-)
* During the refit I also did some additional testing and
tuning to improve SNF's command-line scanner performance under
heavy loads, in transition (dynamic loads) and during live
configuration changes (switching from persistent mode to peer-server
mode and back), and on systems with multiple processors and
higher speed processors (it still works great on slower boxen
too). Comparative testing in the lab shows some noticeable
improvements in throughput and resilience - YMMV, I look forward
to your reports.
There is NO NEED to upgrade to this version at this
time unless you are looking for a tiny bit more speed or solving
one of the previous timing and/or control bugs (reload, rotate
& stop commands for example, or the "Adjusted Persistence
Race Condition" on some bsd or linux boxes -- these are
now fixed and tested as far as we can test them).
The other reason you might try the new version is if you
would like to help us (and others who are cautious of early
adoption) by testing the latest and greatest.
Folks using the MDaemon plugin are not effected by these
updates since they apply almost exclusively to command line
coordination code -- the plugin has no such code ;-) Folks
using other plugins, DLLs, SNFMulti or other custom configurations
are also not effected by these updates.
Please keep us posted on your results.
2006-03-10 New RuleBot F002
Online
This rulebot captures and creates geocities web links from
the "chatty" campaigns. This is largely a time saver
for us humans... we will focus our attention more on abstracts
for these campaigns now that F002 will be capturing the raw
links. Rules from F002 will produce a 60 result code (Ungrouped).
2006-03-06 New Rulebase Compliers
Online
Work has been completed to upgrade the rulebase compiler
bots.They are now significantly more efficient. As a result,
you will be seeing updates more frequently. Previous lag was
between 40-120 minutes. Current lag (sustained) is < 5
minutes. More timely updates should equate to lower spam leakage
for new spam.
2006-03-06 New Rulebot F001
is Online
Rulebot F001 creates IP rules for sources that consistently
failmany tests while also reaching the cleanest of our spamtraps.
The rules will appear in group 63. Expect an increase in your
rulebase size while F001 catches up with current spamtrap
data.
2006-02-15 Updated Expired
Rulebase Cleanup Code
New code has been added to the server that delivers rulebase
files. The code removes any rulebase file where the license
is disabled. This was a task tha was done manually, but is
now automated.
If you get a 404 when you attempt to download your rulebase
file then it is very likely you need to renew.
If you want to check first, feel free to send us a note at
support@armresearch.com.
2005-12-21 Sniffer Engine Updates
Increased Updates per Day: Standard rulebase delivery
pacing has been changed from 200 to 150. This means that,
on average, rulebase files will be recompiled every 2.5 hours
or so. This timing will be variable based on system loads
etc, but it is a significant improvement. We have sped up
our rulebase delivery process by 267%!! (from 3.6 updates/day
to 9.6 updates/day).
Improved IP Rule Coding: A new piece of optimization
code was added to drop any Received IP rule that has 0 rule
strength and is more than 30 days old. This will help to reduce
false positives caused by IP rules that "hang on"
after the infection/problem with the source is fixed. It also
reduces the compiler workload a bit by reducing the core rulebase
size.
2005-11-02 Rule Strength Analysis
Upgrades
The Rule Strength Analysis upgrade makes the rule strength
calculation more sensitive to the recent activity of any given
rule. This will also cause rule fitness decisions to be more
competitive so that the most effective rules will be more
strongly selected over time.
This will improve SNFs performance in two ways:
1. Rulebase files will be smaller and will require less
bandwidth to download and to load during operation. There
will also be a measurable increase in scanning speed (though
this is already measured in small numbers of milliseconds
on most systems).
2. The smaller, more efficient files can be compiled and
delivered more quickly which will allow us to increase the
rate at which we deliver updates.
2005-08-11 Message Sniffer
and Assert! Used to Halt New Bagle Variant
Assert! and Message Sniffer rules were quickly updated upon
news that a Bagle variant outbreak had reached very high numbers
according to AppRiver, a leading anti-spam service provider.
Within hours customers were protected from the rapidly spreading
variant, contained in compressed .RAR and .ZIP files.
Though Message Sniffer primarily focuses on anti-spam content
filtering, the engine can also help prevent email-borne virus
outbreaks.
2005-08-01 ARM Research Releases
"Assert! Message Sniffer for SMTP and Exchange"
Assert! version 1.1 encapsulates the raw power of the Message Sniffer
engine with an easy, intuitive interface for Exchange or the
IIS SMTP Service. Assert! is a powerful anti-spam tool that
does not require a bloated feature set or period of tuning
to be effective. Assert! includes a one-year subscription
to the Message Sniffer spam database, which is automatically
updated multiple times daily for pinpoint accuracy.
2005-07-01 AppRiver LLC and MicroNeil
Research Corporation form ARM Research Labs (ARM).
With the goal of exploring ideas and raw data as a means for producing
internet-based technology products, a leading anti-spam service
provider AppRiver LLC and software research innovator Microneil
Research Corporation have joined efforts as ARM Research Labs
LLC. ARM is dedicated to strengthening the world of
computing online innovations in areas such as application
development, security services and other web-based operations.
|
