Message Sniffer.TechnicalDetails.Tools
From ARM-KB
This page is no longer maintained and may contain information that is out of date. We have left this page in place to provide a historical reference and to provide assistance to folks who may have not yet upgraded from Version 2 to Version 3. EVERYONE should upgrade to the latest version if they have not done so already.
For the latest information covered on this page, please see the following pages on our web site: http://www.armresearch.com/tools/index.jsp
Home -> Message Sniffer -> Technical Details -> Tools
Contents |
gzip
gzip is a widely used open source utility for compressing files.
mod_gzip is now configured on our web server to handle .snf files. This means that if your download mechanism (browser or utility) is capable of accepting gzip encoding then you can get your .snf file from the web server much more efficiently.
For example, if you know how to chain gzip into the wget part of your update script then you can save yourself and us a good deal of bandwidth and time.
The use of gzip in your rulebase download scripts can reduce the bandwidth required for your download significantly (typically 70% or more!).
Wget w/ gzip Setup instructions:
In the wget command change
-O sniffer.new
- to
-O sniffer.new.gz
- and add the switch
--header=Accept-Encoding:gzip
- and in the next line put the command
gzip -d -f sniffer.new.gz
Of course you will also need to download gzip to make this work if you don't already have it.
SpamSource
SpamSource is a toolbar applet that you can configure in Microsoft Outlook. It allows you to forwarded spam to any recipient and it will include all the original mail headers - just the way Sniffer, Spamcop etc. like it. This button allows messages to be forwarded, deleted from your inbox and not even appear in your "sent" folder (all configurable).
Wget
WeightGate
WeightGate.exe
(C) 2006 ARM Research Labs, LLC.
This program is distributed AS-IS, with no warranty of any kind. You are welcome to use this program on your own systems or those that you directly support. Please do not redistribute this program except as noted above, however feel free to recommend this program to others if you wish and direct them to our web site where they can download it for themselves. Thanks!
This program is most commonly used to control the activation of external test programs from within Declude (www.declude.com) based on the weigth that has been calculated thus far for a given message.
As an added feature, if you rename this program to ShowMe.exe then it will emit all of the command line arguments as it sees them to a file called c:\ShowMe.log so that you can use it as a debugging aid.
If you are seeing this message, you have used this program incorrectly. The correct invocation for this program is:
WeightGate <low> <weight> <hight> <program> <arg 1>, <arg 2>,... <arg n>
Where:
- <low> = a number representing the lowest weight to run <progra>.
- <weight> = a number representing the actual weight to evaluate.
- <high> = a number representing the highest weight to run <program>.
- <program> = the program to be activated if <weight> is in range.
- <arg 1>, <arg 2, ... <arg n> = arguments for <program>.
If <weight> is in the range [<low>,<high>] then WeightGate will run <program> and pass all of <arg 1>, <arg 2>,... <arg n> to it. Then WeightGate will collect the exit code of <program> and return it as WeightGate's exit code.
If WeightGate gets the wrong number of parameters it will display this message and return FAIL_SAFE (zero) as it's exit code.
If <weight> is not in range (less than <low> or greater than <high>) then WeightGate will NOT launch <program> and will return FAIL_SAFE (zero) as it's exit code.
As a deubgging aid, I was called with the following arguments:
arg[0] <me> = WeightGate
Scenerio:
Suppose you wanted to use it in Declude to skip running SNF if your weight was already ridiculously low (perhaps white listed) or already so high that you want to save the extra cycles. Then you might do something like this:
SNF external nonzero "c:\tool\WeightGate.exe -50 %WEIGHT% 30 c:\SNF\sniffer.exe authenticationxx" 10 0
(hopefully that didn't wrap, and if it did you will know what I meant ;-)
To test this concept out you might first create a copy of WeightGate.exe callled ShowMe.exe (case matters!) and then do something like this:
SNF external nonzero "c:\tool\ShowMe.exe -50 %WEIGHT% 30 c:\SNF\sniffer.exe authenticationxx" 10 0
The result of that would be the creation of a file c:\ShowMe.log that contained all of the parameters ShowMe.exe was called with -- that way you wouldn't have to guess if it was correct. ShowMe.exe ALWAYS returns zero, so this _should_ be safe ;-)
If you run WeightGate on the command line without parameters it will tell you all about itself and it's alter ego ShowMe.exe.
