Message Sniffer (Arm Research) for MailEnable Email Servers

Using MessageSniffer with MailEnable

MxScan adds Fully Integrated Message Sniffer support

"No man is an island" and in our quest for delivering quality Anti-Spam software we evaluated various external plugins and commercial anti-spam SDKs that would work hand in hand with MxScan to provide enhanced high volume, accuracy and reliable spam filtering.

We are pleased to announce that the newest version of Message Sniffer is now an integral component of MxScan for MailEnable. Anyone wishing to use SNF only needs to enter their license ID and authentication string and enable the module by checking a box.

We at MxUptime have used Message Sniffer extensively in the past and in our opinion nothing beats it in terms of accuracy, speed, reliability and support. To activate sniffer with MxScan all you need to do is to fill in the 3 authentication fields [ScreenShot]. MxScan then takes care of the rest :

checking for updates at specified intervals and downloading the rule base only if there has been any changes
running sniffer in server mode and restarting the sniffer engine in the event it goes down (though it has never gone down before on our systems)
also uses the latest 2 result code for GBUdb (020 and 040) which has very good overall catch rates with low False Positives
and most importantly it allows you to set different scores for different result codes returned. For example result codes for Porn/Adults are scored high while other rules can be scored slightly lower.

LATEST NEW SNF V3

Here are some of the important new features:

More Accurate - Scanning engine improvements and new collaborative learning features combine to reduce both false negatives and false positives while using fewer system resources and simplifying administration.

More Powerful - Fully multi-threaded engine takes full advantage of multiple processors and hyper-threading.

More Efficient - Faster scanning engine achieves between 10% - 30% more throughput on most systems.

More Robust - Architectural changes have been made to enhance SNF's performance on systems where large numbers of SNF nodes must be configured and managed efficiently; system components must remain reliabile under adverse conditions; and system availability is at a premium.

True Client/Server Model - Socket based (TCP/Localhost) Client/Server model significantly reduces I/O loads and eliminates overload/cascade failures even when systems are "forced into the ground" by spam storms or unexpected shifts in message flow.

Redesigned for larger systems - Authentication and configuration files are separate so that deploying configuration changes to multiple systems is as easy as copying your new configuration file; or if you wish you can store your configuration file in a central location and have all of your nodes read it from there automatically.

High Availability - Changes to rulebase and configuration files are detected automatically and loaded without interrupting the scanning process. When a change is detected, any scans that are in process are completed using the old configuration. New scans that are started use the new configuration data without skipping a beat. The result is that configuration changes and rulebase updates have virtually no effect on system performance.

More Flexible - The new SNF engine has been completely redesigned: No More

XML Based Configuration - All configuration files are based on XML. XML Log Files - Log files can be produced in the old format or the new XML based format. XML logs can be configured to provide simple "one-liner" entries or highly detailed scan data.

Log Rotation and Location - Log files can now be stored wherever you want and can optionally be named for the current day to provide an automatic rotation mechanism.

Real-time Status - XML based status files an be created once per second, once per minute, or once per hour. These status reports can also be appended into a "log of status reports" to provide ready XML based data sets for trend and performance analysis.

More Intelligent - GBUdb (Good/Bad/Ugly/Ignore) collaborative IP reputation system allows SNF nodes to collectively learn IP statistics from each other while remaining specialized for each individual system.

Less Leakage - Messages from known bad IPs can be tagged with several adjustable result codes even when the message does not match any pattern rules.

Fewer False Positives - Messages from known good IPs can be automatically white-listed even when messages occasionally match pattern rules. Also new rules that match messages from known good IPs can trigger a new "Auto-Panic" feature which immediately makes the rule inert and allerts us of the conflict. Messages get through and the problem gets fixed without any administrative overhead.

Zero-Minute Response Times - Information about known bad IPs is automatically available within 60 seconds (30 on average). New data on bad IP sources reaches the entire GBUdb network within 90 seconds (typ). The result is that spam storm leakage can be reduced by more than 50%.

Virtual Spam-Traps - Messages coming from known bad IPs (the worst of the worst) can be sampled and fed into their virtual spam trap system so new rules come out faster to reduce leakage. (This feature can be easily disabled if desired).

Message Truncation - When a message comes from one of the worst known IPs the scanning process can be truncated to save CPU resources. The result code for a truncated message is unique so that other stages in your filtering system can respond accordingly.

Purchase Yearly Subscription Now!