Result Codes
Errors / Fail Safe (usually* return 0)
When an error occurs the usual response is to produce a result code of zero and to create an appropriate log entry. The exception to this is when a status report has been requested (more on this later).
If the error occurred while the SNF Server was processing the message then the entry will be made in the SNFServer's log file.
If the error occurred while SNF Client was processing the request then the error will be logged in SNFClient.exe.err. The error log file name/path is derived from the SNFClient.exe file name/path so that the .err file should always appear in the same directory where SNFClient.exe resides.
Message Scan Result Codes
Generally a non-zero result code indicates that an unwanted message (spam) was detected and a zero result indicates that the message is probably ok.
Each result code carries a specific meaning indicating either the rule-group (loosely - type of spam) that contains the rule that was used to identify the message, or the GBUdb override condition that occurred.
That said, each system that uses SNF may have local customizations so there are a number of special cases and conventions to consider:
- Result codes in the range 1 - 10 may have special meanings.
- A result code of 1 is sometimes used to indicate a white-list condition.
- A result code of 5 is sometimes used to indicate a system specific black-list condition.
- Above band ( number > 64 ) result codes are generally converted to 0 by SNFClient.
Systems using SNF may wish to assign special actions, weights, or meanings to the result codes produced by an SNFClient message scan.
If you use the default configuration for the SNF engine and your SNF rulebase then you can find detailed descriptions of the "standard" result codes here:
Note that the "standard" result codes and meanings may change from time to time as SNF continues to develop. This doesn't happen frequently but it's important to check your result code mappings periodically, and especially when making any upgrages or customizations.
IP Test Result Codes
IP test result codes will match the GBUdb range codes as defined in the SNF Engine's configuration file. By default these are a subset of the message scan result codes:
0 - Normal (White)
Generally the zero result indicates that the message should be processed normally. Note that IPs that fall in the White range are also normally mapped to this result code. However, in some systems the White GBUdb range may be mapped to a special result code (typically 1) indicating that the message should also bypass other tests.
40 - Caution
A Caution result indicates that the IP is relatively new / unknown and that what has been seen of this IP's behavior is not good. When the default settings are used a Caution result is a good indication of a new spam-bot being recognized.
Systems should usually tar-pit and/or gray-list this IP.
63 - Black
A Black result indicates that there is very strong evidence of bad behavior by this IP. There are a sufficient number of bad encounters with this IP that it is unlikely the IP will produce a legitimate message.
Systems should usually quarantine or reject messages produced by this IP.
20 - Truncate
A Truncate result indicates that there is overwhelming evidence that the IP will produce only unwanted messages.
Systems should usually refuse connections from this IP.
GBUdb Updates
GBUdb requests through SNFClient always return zero.
Status Reports *
Status report requests return result code 99 if SNFClient was unable to connect to the SNF Server.
In all other cases SNFClient will return zero.
Server Control
Server control commands always return zero from SNFClient.
Please email support@armresearch.com with any questions.