Q&A

Our documentation is organized in two ways: By Chapter, and By Questions & Answers. This page is the beginning of the "By Q&A " documentation. You can find the "By Chapter" under the Documentation tab. Below you will find an outline of the sections, sub sections, and pages. On the right of each page you will find related links and other tools to help you find what you are looking for.

Please keep in mind -- this section of our documentation represents a "stream of consciousness" approach to finding the information you need. Occasionally structured documentation gets in the way more than it helps. Sometimes you don't know what you're looking for until you stumble across it... This section is about making your stumbling as efficient and effective as possible.

The questions and answers found here are driven directly by our ongoing support conversations. Some of the discussions may relate to older versions of SNF or even other topics that are only loosely related to our products and the systems they touch. If you don't find what you expect at first, give another link a try -- or even better try the search function ;-)

We do our best to provide useful, accurate information and suggestions. If you find an article is in error, misplaced, confusing, or no longer relevant please let us know. Please also let us know if you have any suggestions for new QA articles that would help.

In addition to this index, you can find a dynamic [Q&A] index at the top of each page at the root of the "bread crumb trail". You can mouse-over you way through the index to navigate directly to any page you need and then click to go to that page.

• Customizing SNF
  • Are there any suggestions you have for increasing the level of spam that is caught?
  • How can I stop foreign language spam?
  • How does the weighting system work?
  • How is site specific customization helpful?
  • I have a list of domains that I want to white rule. How do I get these set up?
  • I want to tune my rule strength. What setting do you recommend?
  • Is it a good idea to hold messages based on not passing the Sniffer test?
  • What about obfuscation techniques?
  • What are my options for customizing my rulebase?
• Errors
  • Can I test email content on my own system with Message Sniffer?
  • Errors and Result Codes
  • I am using mxGuard and SNF is failing on the message. What is the problem?
  • I am seeing ERROR_SYNC_FAILED in my log file. What does it mean?
  • I am seeing ERROR_MSG_XHDRi in my log. What does this mean?
  • I noticed a large number of ERROR_BAD_MATRIX entries on and off in the Sniffer log. What is going on?
  • Is there any way to turn Sniffer on in debugging mode?
  • I've been noticing an error in our logs "EvaluationMatrix::OutOfRange!". Why?
  • My server is no longer sending email and the Dr. Watson error on the server is pointing to my Sniffer file. What's going on?
  • SNFClient.exe.err only state: Could Not Connect!
  • Sniffer doesn't seem to be reading the messages and I am seeing a "ERROR_MSG_FILE" in the log. What does this mean?
  • Sniffer has stopped functioning and I am getting a ERROR_RULE_AUTH in my log file. What is going on?
  • What does "Error!: FileError snf_EngineHandler::scanMessageFile() Open/Seek" mean?
• False Positives
  • About the False Positives Process
  • Can you tell me which rule caught this message?
  • How can I positively identify email messages handled by SNF?
  • How do I add a whitelist of domains?
  • In a false positive, why are you asking for a log file lines, I thought you would be able to find them yourself?
  • Sniffer is suddenly creating a lot of False Positives. What do I do?
  • Standard False Positive Response Codes
  • What happens after I submit a false positive?
  • What is the difference between a blocking rule and a white rule?
  • When we report these to false, how long until I get a response?
  • Why can't these failed rule ID's be place in the headers of the message?
  • Why do you keep a particular rule in a FP report?
• Functionality
  • Does Message Sniffer read the headers inserted by an another application, for example white-listed addresses?
  • Does version 3 require more RAM than version 2?
  • How long does it usually take to scan a message with Message Sniffer and how does that compare with SpamAssassin?
  • I want to know which rule fired on a specific message. Is there a way to parse a message for the specific rule ID that fires?
  • Is Message Sniffer capable of dropping spam or can it only tag the spam?
  • Is there an email I can send that SHOULD trigger Sniffer to think it contains spam?
  • Is there an increase in network traffic in Version 3?
  • Is there a message size limit for Sniffer?
  • Testing email content questions with Sniffer
  • What is the easiest way to see if an email is failing Sniffer?
  • When not using the daemon, does the sniffer queue up all incoming requests and then process them one at a time?
  • Where do I start checking to ensure that the spam is indeed being caught and tagged?
  • Will Sniffer reduce my daily workload of analyzing the spam trap?
• Integration
  • Can I integrate Message Sniffer directly with IMail?
  • Can I use Message Sniffer in other Email programs like QMail?
  • Can I use Message Sniffer with Exchange?
  • Does Sniffer integrate directly with Merak Mail?
  • Does Sniffer work directly with SmarterMail... i.e. without Declude?
  • How do I use both Sniffer and SURBL together?
  • Is Message Sniffer a good fit for running on email clients?
• Log Files
  • Are there different ways to view the log files?
  • Do you have a recommended method for archiving/maintaining the log file?
  • Do you have a simple script for rotating logs?
  • How do I tie a specific message to the corresponding log file entries?
  • I am running SNF Version 3. Do we still need to upload log files?
  • In a false positive, why are you asking for a log file lines, I thought you would be able to find them yourself?
  • Is there a tool available with which to analyze sniffer logs?
  • Is there a way to write its logs to a different location other than the default Sniffer directory?
  • No log file is being created. Why?
  • When I try to view the log files in the SNF directory, I get an XML Parsing Error. Why?
• Resellers
  • Can we resell the product in the U.S. only, U.S. and Canada, or worldwide?
  • Can you set it up so that the client pays you directly and you forward me my commission from the sale?
  • Does the open source version support the "for pay" rulebase files or would I have to use the pre-compiled binary you provide with the rulebase file?
  • Does the product include or offer separately maintenance, support, or both? What is the length of coverage?
  • Do you have any performance information?
  • Is the product available through Ingram Micro, LifeBoat, Tech Data or any other distributors?
  • Is Sniffer available on CD, 3.5, or ESD (electronic software distribution)?
  • What are your payment terms?
  • What is the best way to make a reseller purchase? Can I do it online?
  • What is the codebase written in?
  • What is your return policy?
  • What options do we have to integrate your product into different environments?
  • What platforms are supported?
• Result Codes
  • Core Rule Group Result Codes
  • Do I have to use all fo the result codes?
  • Does Sniffer award a point value per message or only a Spam/Non-SPAM response?
  • Errors and Result Codes
  • How can I use result codes to increase performance of Sniffer?
  • Result Code Listing
  • What is a result code?
• Rulebase Updates
  • Downloading Rulebase Updates
    • Do you zip the updates files?
    • How do I get Message Sniffer updates?
    • How does the update detection work?
    • I am experiencing extremely slow downloads getting updates. What's going on?
    • I have been having trouble with my update script. Nothing has changed, so what could be wrong?
    • Is there a way I can check for a 0 byte .snf file?
    • My server is continuously attempting to download my rulebase file as if it is stuck in a loop. What's going on?
    • The 'getrulebase.cmd' file works if I run it manually, but does not work when left to run by itself. Why?
    • We are using the wget update script running for our automated downloads, but it is giving an unexpected end of file using the gzip. Why?
    • What is the recommended interval of time I should set to get updates for the *.snf file?
    • When I download the update the .snf in the sniffer directory doesn't get updated. Why?
    • When should I download my updates?
    • Why are you deprecating the FTP access to updates?
  • Using Rulebase Updates
    • Do we need to restart the SMTP server every time we update the rulebase?
    • Does SNFServer automatically load the new updated rulebase if I copy it to the snf directory while SNFServer.exe is running?
    • How long does it usually take before SNFServer realizes that there is a new rulebase?
    • How do I verify that SNFServer has loaded the latest rulebase?
    • What is snf2check.exe? Do I need to rename it?
• Software
  • How can I tell which version of Sniffer I am running?
  • How can I see how well Sniffer is working?
  • How do I download/install latest .exe for sniffer?
  • Why are there so many places to configure paths in the setup?
  • Why does your installation zip file NOT have subfolders?
• Spam
  • Submitting Spam
    • Can I auto forward spam to you?
    • Do you respond to spam submissions?
    • Guidelines for Submitting Spam
    • How can I be sure that my spam submissions were received?
    • How does Message Sniffer deal with spam in foreign languages?
    • How do you handle spam submissions?
    • If I set up an account for you, can I have all of my users forward "spam" to that account?
    • POP Approach for Submitting Spam
    • What is a virtual spamtrap?
    • What spam do you want?
  • General Spam Questions
    • How can I reduce or block spam storms?
    • How can I tell when there is a spam storm?
• Subscriptions
  • Can I subscribe on a monthly basis, rather then prepaying for a year upfront?
  • Does the Sniffer license change from platform to platform?
  • How can I purchase Message Sniffer?
  • How do I know how many Sniffer licenses (subscriptions) I need?
  • I currently have a trial license. When I order the full subscription, will I be able to keep my same license and authentication code that you gave me in the trial?
  • If I renew my Sniffer subscription will I get new license ID or can I keep my old one?
  • My company would like to build backup mail gateway. Do I need another license for this?
  • We are changing domains. What do I need to do from our end to keep the updates coming from you and is there any config involved?
  • We are changing servers. Can I keep my license active on both servers while we are transition?
  • What is my license ID / authentication code?
• Trials
  • Are there email requirements on signing up for the 30 day free trial?
  • How do I get started with the 30 day free trial?
  • I am currently a Message Sniffer customer. We are setting up a new server and I'd like to have a trial license for testing only. Can I sign up for a trial?
  • I am ready to purchase Message Sniffer. What do I need to do to convert from a trial license to a full subscription?
  • I currently have a trial license. When I order the full subsciption, will I be able to keep my same license and authentication code that you gave me in the trial?
  • What do I get in my 30 day free trial?
  • What happens once I sign up for a 30 day free trial?
  • What if I have trouble getting my trial set up?
  • Where do I sign up for the 30 day free trial?
• Version 3 Architecture
  • SNFClient
  • GBUdb
    • General Questions
      • How do I implement GBUdb?
      • How do the GBUdb and the Pattern Matching Engine work together?
      • How often does the engine (re)reads the GBUdbIgnoreList.txt?
      • How soon should we expect to see a new gbx file after a GBUdb dump?
      • Is it possible to have sniffer NOT automatically input data into GBUdb with each sniffer scan?
      • Is it possible to tell Sniffer to NOT allow the possibility of "truncating" on a message-by-message basis?
      • It appears that all of the IPs that I test turn up as ugly in GBUdb. Am I doing something wrong?
      • Other than using the SNFClient to send command to GBUdb (i.e snfclient -test <IPaddress), can this be done over XML?
      • What is the <licenseid>.gbx file?
    • Collaborative Features
      • For testing purposes, do the collaborative features of GBUdb work with SNF demonstrator rulebase?
      • I understand that the GBUdb has collaborative features. How does the work exactly?
  • SNFServer
    • Does SNFServer automatically load the new updated rulebase if I copy it to the snf directory while SNFServer.exe is running?
    • How do I verify that SNFServer has loaded the latest rulebase?
    • How long does it usually take before SNFServer realizes that there is a new rulebase?
    • What do the #'s mean on the status screen when SNFServer is running?
    • What is the <licenseid>.gbx file?
  • How do I see the real-time stats?
  • How do I set up my mail server and Message Sniffer on different servers?
  • When SNF connects to your SYNC servers, what information/data is it exchanging?