Documentation Home
Help! Errors
Help! False Positives
Help! Spam Leakage
Installation Guides
Features
Procedures
SNF Community
Software
Technology
Tools
Direct Support
Glossary
Q&A
Features
Flexibility
Highly Configurable
SNF has a comprehensive list of configurable options that allow it to work efficiently in a wide range of applications. SNF remains robust, flexible, and well behaved as a stripped-down scanning engine running from a flash drive in an email appliance, as a filtering component on a company email server, or as a critical component in a large-scale hosted email services infrastructure. For a full list of configuration options please refer to the SNFServer Configuration documentation.
Multi-Platform Compatibility
From the very beginning we wanted Message Sniffer to deliver top performance on a wide range of platforms, so we made solid cross-platform compatibility a design constraint and stuck to it! The source code for the SNF software strictly avoids complex per-platform switches unless they are absolutely necessary and the underlying libraries for critical functions like networking, threading, and timing are all tightly coded translations to native platform features. As a result the SNF code base compiles without modification on Windows (using MinGW), Linux, BSD, and OS/X. Essentially any platform that provides a GNU based C++ compiler or something like it.
Command Line Interface
Often the simplest way to integrate a new component, like a message scanner, is through scripting and simple efficient utilities. In these environments, SNFClient provides full access to message scanning, status reporting, and IP reputation database features. This has proven to be an effective and efficient way to integrate SNF into many email platforms and filtering tools. See the SNFClient Documentation for details on what SNFClient can do.
TCP (XCI) Interface
One of the most powerful features of Message Sniffer is the TCP based XCI (XML Command Interface). The XCI allows programs to use simple text commands in an XML format to access the SNFEngine. In fact, the command line interface (described above) translates command line parameters into XCI requests and inteprets XCI responses. When used in debug mode the SNFClient is a great development tool for exploring the syntax of XCI requests and responses.
The XCI interface provides an efficient interface to the SNFServer without the extra overhead of launching the SNFClient utility. It is as close as you can get to implementing SNFServer directly in your own software without actually doing it...
Sendmail / Postfix Milter (SNFMilter)
In *nix environments Message Sniffer can be integrated as a milter with either sendmail or postfix. This allows Message Sniffer to either reject spam and malware during the SMTP session, quarantine the messages, or pass them on for further processing after injecting headers containing information about the scan.
For example, SpamAssassin rules can be added to increase the scores for messages that were tagged as spam by SNFMilter during SMTP. Often a significant amount of traffic can be safely rejected during SMTP while allowing other messages to be scored using existing SpamAssassin installations with additional assistance from Message Sniffer. Since Message Sniffer is generally much more efficient than SpamAssassin and requires less maintenance this configuration can provide a signficant performance gains on existing hardware and significant improvements in accuracy along with a reduction in administration and support costs.
SNFMilter also provides the full SNFMulti engine via XCI so that SNFClient or direct XCI requests can be used to perform additional scans.
SpamAssassin Plugin (SNF4SA)
For other systems that have a SpamAssassin infrastructure in place Message Sniffer can be added to SpamAssassin as a plugin. This provides two additional SA tests each with their own scores. One configurable test provides a score based on the source IP's reputation using GBUdb data. Another configurable test provides a score based on the content scan analysis. In addition this plugin can be configured to make use of the "short-circuit" feature so that in some cases other SA tests can be skipped when Message Sniffer detects spam or malware.
Direct Integration / Embedding
Of course, there are those who want the highest possible performance and the tightest possible integration. For those folks there are three options:
- Windows DLL - For the Windows platform, we have a 32bit DLL (source available if needed for 64bit - some assembly required). The DLL provides the calling program with full SNFServer functionality (including XCI) as well as direct access to the scanning functions. This allows your program to pass messages as buffers rather than files for extremely efficient processing. It is fully multi-threaded. This package is in use in large scale proprietary filtering systems and will be released shortly as part of a windows SDK. If you need it sooner please let us know and we will work with you!
- *nix Lib / .SO - For *nix platforms, we have source distirbution for a shared library (.so) or lib (.a) that provides a C style interface to the SNF engine while also providing the full SNFServer functionality (including XCI). Using this package the calling program "opens" a rulebase manager, and then as many scanning engines as needed (presumably one per thead) attached to that rulebase manager. The library is thread safe and accepts scan requests as buffers. This package is in use in email filtering appliances and will be released soon as part of a source based SDK. If you need it sooner please let us know and we will work with you!
- SNFMulti C++ Object - For those developing filtering systems in C++, the SNFMulti Engine is available as provided in the source distribution under closed and open source licensing. (Ask us for details). Using the SNF code as a C++ source library you can compile the SNF engine components directly into your code and use the existing SNFSource and SNFClient code as guides and examples. We will be releasing an SNF Source SDK when the documentation is ready. The source code itself is available now and we stand ready to assist you.