News and Updates
Today we have released a new SNF engine with a minor bug fix. Please update your SNF installation at your convenience. Chances are that you've not seen any problems from this bug. If you have experienced problems they most likely presented as very rare, random errors possibly causing a crash.
As with most SNF engine updates the simplest process is to replace your binary with the latest. For windows users here are some links to the latest engine:
Simply stop your SNFServer, swap in the new .exe (renamed of course) and restart SNFServer.
For folks running linux platforms the packages and source tarballs on our web site have all been updated on the Downloads page. OEMs using the windows SDK should upgrade to the latest DLL which should be a swap-in replacement.
The bug fix is for a short buffer allocation in the codedweller/configuration.cpp module. The bug fix also solves problems unrelated to SNF where applications using the CodeDweller/configuration engine to parse unusually large XML attributes could cause a stack overflow. The solution allocates the buffer for attributes from the heap instead of the stack and eliminates a short-by-one allocation error.Those curious about the source code can see the important diff here:
The latest Windows SDK is posted. It's exactly like the previous one except we changed the version number and the DLLs have been updated. They should be a drop-in replacement for the previous DLLs. Visit the Downloads page to download the new Windows SDK (version 3.3).
A new version of Message Sniffer is available. The most exciting new feature for this version is: Strangers.
The "Strangers" algorithm replaces the previous White-Guard algorithm.
Strangers prevents high-intensity pre-tested spam from poisoning IP reputations in GBUdb and enhances SNF's sensitivity to these kinds of attacks. Once pattern rules begin to match the pre-tested attack the IP reputations quickly climb into the black enhancing all of SNF's learning systems. Normal, but new, IP sources are held to low-confidence reputations for several hours, but after that are allowed to develop normally.
Short summary: Strangers lets SNF close the door more quickly on pre-tested spam while enhancing SNF's learning sensitivity to those events and without interfering with normal IP reputation processing.
Visit the Downloads page for the latest package downloads.
A rare bug has been discovered and corrected. The bug can allow a specific kind of rulebase corruption to cause short pattern matches in error and potentially create false positives. We experienced this problem during the last few days in November and we call it the "short-match" problem. In addition to changes in our back-end systems and processes, we have released a new version of the Message Sniffer engine that is immune to these short-match events.
While the bug is rare and unlikely to recur, we do recommend that you upgrade your systems to the latest version of Message Sniffer (a good idea anyway) so that your systems will be protected. Details on how to do this were posted to the sniffer community list http://email@example.com/msg04437.html
2015-06-10 SmarterTools is now offering Message Sniffer as a tightly-integrated add-on for SmarterMail!
Unlike our SNFServer/SNFClient based options, SmarterMail's OEM integration option allows the Message Sniffer scanning engine to do its work during the SMTP session allowing for spam/malware handling options that are not possible otherwise -- such as rejecting some messages before they are written to disk to reduce IO overhead and improve system performance.
We look forward to working with the SmarterMail folks to take maximum advantage of the SNF engine and this new feature.
This is not a once-size-fits-all solution either! All of the current integration options (and others that are sure to arise) are still available for the folks who fit those better.
We have improved our rulebase compiler scheduling and efficiency. This has allowed us to increase the pace of rulebase updates by approximately 50%. You should see a further reduction in leakage rates and slightly more frequent rulebase updates.
We have begun posting .DEB and .RPM packages for a variety of Linux distributions. The packages generally come in two parts. The first part installs the Message Sniffer components. The second part (optional) installs a particular default integration -- for example: connecting Message Sniffer to Postfix with a filter script. There are many combinations posted and more on the way.
2014-11-18 SNF4SA Updated for Compatibility with SpamAssassin-in-a-Box
SNF4SA has been tweaked for compatibility with SpamAssassin-in-a-box and other Windows based ports of SpamAssassin.
2014-11-03 RPMs and DEBs are Now Available for Most Linux Platforms by Request
To request one of the new RPMs or DEBs now available for most Linux platforms, please send a note to the support team.
2014-08-15 Version 3.1 of SNF is Available for All Platforms Except MDaemon (pending)
Version 3.1 of SNF is available for all platforms except MDaemon (pending). This update includes Saccades Engine which improves scanning efficiency by 10x in most cases. This update also includes an update of White-Guard to each SNF node, so it is more powerful and less heavy handed. White Guard helps to reduce IP reputation poisoning caused by new, pre-tested spam/malware.
You can get the latest SNF distributions from the Downloads page.
2014-02-13 Beta Version of Updated SNFServer Available for Download!
We are preparing to release a new version of the Message Sniffer engine that includes an exciting new technology.
The "saccades engine" allows SNF to intelligently skip large portions of most messages without missing any important content. The engine borrows from MicroNeil's synthetic intelligence research relating to visual systems processing and essentially gives SNF a behavior similar to what we all do with our eyes: http://en.wikipedia.org/wiki/Saccade.
The engine learns where matches are most likely to occur and then applies what it is learning in real-time. This allows SNF to rapidly identify messages of a type it has already seen without having to scan the entire contents. This has the potential to improve scanning efficiency by 90% or more. That is, scanning typical messages can happen with 1/10th the work for a 10x improvement in efficiency. Not kidding, we're actually seeing these results on some of our testbed servers! You may have seen me tweet about it: https://twitter.com/codedweller/status/434020178352148480
If you'd like to test the BETA verion and you are using SNFServer.exe then you can find a copy of the new engine at the following link:
BETA Version: http://www.armresearch.com/message-sniffer/download/SNFServerV3.0.2-E3.1.0.zip
To swap it in,
- Download and unzip the new engine.
- Stop your Message Sniffer.
- Rename your SNFServer.exe to something like SNFServer.exe.bakup (always a good idea to keep a backup).
- Rename the new engine to SNFServer.exe
- Restart your Message Sniffer.
Please let us know how this works for you.
2013-11-08 ARM Research Labs, Inc. Launches New Website!
2013-08-26 White-Guard Implemented
We've been experimenting with a new machine learning behavior. White-Guard is improving early capture rates for new spam and with it overall accuracy and throughput. For example, one thing we've seen since implementing White-Guard is higher truncate numbers across the network-- meaning that more messages are blocked for having bad IP reputations than before we implemented White-Guard.
Here is a new blog post that explains what White-Guard is and how it works:
You DO NOT need to install or change anything to take advantage of this. White-Guard is implemented in the "bigger brain" back here in the lab.
2013-08-21 Haraka 2.2 with Message Sniffer Plugin Released!
Haraka 2.2 has just been released with the Message Sniffer plugin.
Check out the annoucement on their site: http://baudehlo.wordpress.com/2013/08/21/announce-haraka-v2-2-0/
2013-04-30 Rulebase Compiler Improvements
We have improved our rulebase compiler scheduling and efficiency. This has allowed us to increase the pace of rulebase updates by approximately 20%.
You should see a further reduction in leakage rates and slightly more frequent rulebase updates.
2013-04-10 Convert Your Declude OEM License Now and Get Full Credit!
It appears that Declude (the company) is failing. After many rumors of problems and some first hand experience, today the Declude web site has gone dark.
We have a long standing relationship with the Declude community, and we want to make sure we do what we can to support them even if Declude itself goes away.
Place an order for Message Sniffer (SNF) now and we will give you credit for any time you have left on your Declude OEM license subscription. Tell us your Declude OEM expiration date and we will add the time you have left to your new SNF license + the renewal year.
For the best pricing we recommend you purchase through one of our resellers.
Please let us know if there is more we can do!