Using MessageSniffer with MailEnable
MxScan adds Fully Integrated Message Sniffer support
"No man is an island" and in our quest for delivering quality Anti-Spam software
we evaluated various external plugins and commercial anti-spam SDKs that would work hand in hand with MxScan to provide enhanced high volume, accuracy and reliable
We are pleased to announce that the newest version of Message Sniffer is now an
integral component of MxScan for MailEnable. Anyone wishing to use SNF only needs
to enter their license ID and authentication string and enable the module by checking
We at MxUptime have used Message Sniffer extensively in the past and in our opinion nothing beats
it in terms of accuracy, speed, reliability and support. To activate sniffer with
MxScan all you need to do is to fill in the 3 authentication fields
[ScreenShot]. MxScan then takes care of the
- checking for updates at specified intervals and downloading the rule base only if
there has been any changes
- running sniffer in server mode and restarting the sniffer engine in the event it
goes down (though it has never gone down
before on our systems)
- also uses the latest 2 result code for GBUdb (020 and 040) which has very good overall
catch rates with low False Positives
- and most importantly it allows you to set different scores for different result
codes returned. For example result codes for Porn/Adults are scored high while other
rules can be scored slightly lower.
LATEST NEW SNF V3
Here are some of the important new features:
More Accurate - Scanning engine improvements and new collaborative learning features
combine to reduce both false negatives and false positives while using fewer system
resources and simplifying administration.
More Powerful - Fully multi-threaded engine takes full advantage of multiple processors
More Efficient - Faster scanning engine achieves between 10% - 30% more throughput
on most systems.
More Robust - Architectural changes have been made to enhance SNF's performance
on systems where large numbers of SNF nodes must be configured and managed efficiently;
system components must remain reliabile under adverse conditions; and system availability
is at a premium.
True Client/Server Model - Socket based (TCP/Localhost) Client/Server model significantly
reduces I/O loads and eliminates overload/cascade failures even when systems are
"forced into the ground" by spam storms or unexpected shifts in message flow.
Redesigned for larger systems - Authentication and configuration files are separate
so that deploying configuration changes to multiple systems is as easy as copying
your new configuration file; or if you wish you can store your configuration file
in a central location and have all of your nodes read it from there automatically.
High Availability - Changes to rulebase and configuration files are detected automatically
and loaded without interrupting the scanning process. When a change is detected,
any scans that are in process are completed using the old configuration. New scans
that are started use the new configuration data without skipping a beat. The result
is that configuration changes and rulebase updates have virtually no effect on system
More Flexible - The new SNF engine has been completely redesigned: No More
XML Based Configuration - All configuration files are based on XML. XML Log Files
- Log files can be produced in the old format or the new XML based format. XML logs
can be configured to provide simple "one-liner" entries or highly detailed scan
Log Rotation and Location - Log files can now be stored wherever you want and can
optionally be named for the current day to provide an automatic rotation mechanism.
Real-time Status - XML based status files an be created once per second, once per
minute, or once per hour. These status reports can also be appended into a "log
of status reports" to provide ready XML based data sets for trend and performance
More Intelligent - GBUdb (Good/Bad/Ugly/Ignore) collaborative IP reputation system
allows SNF nodes to collectively learn IP statistics from each other while remaining
specialized for each individual system.
Less Leakage - Messages from known bad IPs can be tagged with several adjustable
result codes even when the message does not match any pattern rules.
Fewer False Positives - Messages from known good IPs can be automatically white-listed
even when messages occasionally match pattern rules. Also new rules that match messages
from known good IPs can trigger a new "Auto-Panic" feature which immediately makes
the rule inert and allerts us of the conflict. Messages get through and the problem
gets fixed without any administrative overhead.
Zero-Minute Response Times - Information about known bad IPs is automatically available
within 60 seconds (30 on average). New data on bad IP sources reaches the entire
GBUdb network within 90 seconds (typ). The result is that spam storm leakage can
be reduced by more than 50%.
Virtual Spam-Traps - Messages coming from known bad IPs (the worst of the worst)
can be sampled and fed into their virtual spam trap system so new rules come out
faster to reduce leakage. (This feature can be easily disabled if desired).
Message Truncation - When a message comes from one of the worst known IPs the scanning
process can be truncated to save CPU resources. The result code for a truncated
message is unique so that other stages in your filtering system can respond accordingly.
Purchase Yearly Subscription Now!
The default Sniffer rule base (snfrv2r3.snf) is included with MxScan. The technology
demonstrator software can be used on your systems for as long as you like.
You may use the technology demonstrator software and rulebase as long as you need
to assure yourself it will work reliably in your environment.
However, the technology demonstrator rulebase is *limited* and will not effectively
filter spam! spam.
Sniffer Integration ScreenShot