SNFClient Command Line: Perform SMTP Message Scan

SNFClient.exe <FileNameToScan>

This is the normal message scan mode. <FileNameToScan> should be replaced with the full path to an SMTP message file.

SNFClient.exe <authenticationxx> <FileNameToScan>

This is the version 2 backwards compatible message scan mode. <authenticationxx> should be replaced with the 16 character authentication string (in fact, any string of letters and numbers will work). <FileNameToScan> should be replaced with the full path to an SMTP message file.

This mode offers backward compatibility to SNF version 2.x by accepting and ignoring an authentication string. When in compatibility mode it is ok to rename the SNFClient.exe program to match the SNF license id as was required for versions prior to 3.0. Note that although the 3.x SNFClient can be called like the 2.x versions of SNF, it cannot load the rulebase file and scan the message like version 2.x could. The SNFServer engine must be running in order for SNFClient to scan messages. If SNFClient cannot connect to SNFServer it will continue to try for a while and then will return a 0 (fail-safe) result.

SNFClient.exe -xhdr <FileNameToScan>

This mode will scan an SMTP message and return the X-Headers that SNF would (or did) add to the message. The result may look somehting like this:

>SNFClient.exe -xhdr \SNF\test\junkmsg.txt
X-Sniffy-Version:
        SNFMulti Engine Version 2.9rc25 Build: May  1 2008 14:19:06
        SNF Server Version 2-9b2 Build: May  1 2008 14:19:17
X-Sniffy-License: prescale
X-Sniffy-RulebaseUTC: 20070516185328
X-Sniffy-Identifier: \SNF\test\junkmsg.txt
X-Sniffy-GBUdb-Result: 0, 69.251.204.89, Ugly c=0.214287 p=1 Source Truncate
X-Sniffy-Scan-Result: 20
X-Sniffy-Rules:
        20-0-0--1-f
X-Sniffy-Spam: Yes
X-Sniffy-SNF-Group: Truncated

The X- headers that are reported are identical to what would be (or has been) injected into the message.

If the SNF engine is configured to provide the X- headers to the API then the X- headers will be created but will not be added to the message. In this mode a system can use the -xhdr option to collect the headers that SNF would like to add to the message so that they can be interpreted and perhaps added later along with any other headers the system might want to inject (thus rewriting the message only once).

If the SNF engine is configured to inject the X- headers into the message then the X- headers are provided through the API AND the message file will be re-written to include the X- headers.

The X- headers that are produced are highly customizable and depend upon the settings provided in the SNF configuration file (usually snf_engine.xml, or snfmdplugin.xml).

SNFClient.exe -source=<IP4Address> <FileNameToScan>

This mode will scan an SMTP message and use the provided IP address as the source IP for the message disregarding what is found in the Received: headers. This is useful when the calling system knows the source IP and that IP is not present in the Received: headers.

SNFClient.exe -xhdr -source=<IP4Address> <FileNameToScan>

This mode combines the X-Header and IP Source modes (see above).

Related Topics