Q&A

Our documentation is organized in two ways: By Chapter, and By Questions & Answers. This page is the beginning of the "By Q&A " documentation. You can find the "By Chapter" under the Documentation tab. Below you will find an outline of the sections, sub sections, and pages. On the right of each page you will find related links and other tools to help you find what you are looking for.

Please keep in mind -- this section of our documentation represents a "stream of consciousness" approach to finding the information you need. Occasionally structured documentation gets in the way more than it helps. Sometimes you don't know what you're looking for until you stumble across it... This section is about making your stumbling as efficient and effective as possible.

The questions and answers found here are driven directly by our ongoing support conversations. Some of the discussions may relate to older versions of SNF or even other topics that are only loosely related to our products and the systems they touch. If you don't find what you expect at first, give another link a try -- or even better try the search function ;-)

We do our best to provide useful, accurate information and suggestions. If you find an article is in error, misplaced, confusing, or no longer relevant please let us know. Please also let us know if you have any suggestions for new QA articles that would help.

In addition to this index, you can find a dynamic [Q&A] index at the top of each page at the root of the "bread crumb trail". You can mouse-over you way through the index to navigate directly to any page you need and then click to go to that page.

• Customizing SNF
  • Are there any suggestions you have for increasing the level of spam that is caught?
  • Can I add addresses to an Imail white list or will that list be overlooked by SNF?
  • Can Message Sniffer inject headers?
  • How can I stop foreign language spam?
  • How does the weighting system work?
  • How is site specific customization helpful?
  • I have a list of domains that I want to white rule. How do I get these set up?
  • I want to tune my rule strength. What setting do you recommend?
  • Is it a good idea to hold messages based on not passing the Sniffer test?
  • What about obfuscation techniques?
  • What are my options for customizing my rulebase?
• Errors
  • General Errors
    • Can I test email content on my own system with Message Sniffer?
    • Errors and Result Codes
    • Is there any way to turn Sniffer on in debugging mode?
    • I've installed SNF4SA with Amavisd + SpamAssassin and it's not showing up. What's wrong?
    • My server is no longer sending email and the Dr. Watson error on the server is pointing to my Sniffer file. What's going on?
    • Sniffer is exiting as soon as it tries to start. What is going on?
  • Specific Error Codes
    • I am using mxGuard with SNF and it is failing with ERROR_MSG_FILE. What is the problem?
    • I am seeing ERROR_SYNC_FAILED in my log file. What does it mean?
    • I am seeing ERROR_MSG_XHDRi in my log file. What does this mean?
    • I noticed a large number of ERROR_BAD_MATRIX entries on and off in the Sniffer log. What is going on?
    • I see "Bad file descriptor Retrying" in my log file. What does this mean?
    • I see "code 2, file not found" in my ORF log while trying to call SNF.
    • I see --RELOADING-- AuthError in my log file and now I can't start SNF. Does that mean my subscription has lapsed?
    • I've been noticing an error in our logs "EvaluationMatrix::OutOfRange!". Why?
    • SNFClient.exe.err only state: Could Not Connect!
    • Sniffer doesn't seem to be reading the messages and I am seeing a "ERROR_MSG_FILE" in the log. What does this mean?
    • Sniffer has stopped functioning and I am getting a ERROR_RULE_AUTH in my log file. What is going on?
    • Unhandled Exception: snf_LoadNewRulebase()
    • What does "Error!: FileError snf_EngineHandler::scanMessageFile() Open/Seek" mean?
    • What does "Error from SNFServer: cannot connect to socket (Connection refused)" mean?
    • What does the error "[FAILURE]- MessageSniffer abcd1234.snf rule does NOT match with AuthenticationCode=abcdefghijkl123" mean?
    • What does "error:libpthread is required to build snf-server" mean?
    • What is "Unhandled Exception: _snf_LoadNewRulebase() readIgnoreList()"?
• False Positives
  • About the False Positives Process
  • Can you tell me which rule caught this message?
  • How can I positively identify email messages handled by SNF?
  • How do I add a whitelist of domains?
  • In a false positive, why are you asking for a log file lines, I thought you would be able to find them yourself?
  • Sniffer is suddenly creating a lot of False Positives. What do I do?
  • Standard False Positive Response Codes
  • What you mean when you say "the rule is strong". How is strength measured?
  • What happens after I submit a false positive?
  • What is the difference between a blocking rule and a white rule?
  • When we report these to false, how long until I get a response?
  • Why can't these failed rule ID's be place in the headers of the message?
  • Why do you keep a particular rule in a FP report?
• Functionality
  • Does Message Sniffer read the headers inserted by an another application, for example white-listed addresses?
  • Does version 3 require more RAM than version 2?
  • How long does it usually take to scan a message with Message Sniffer and how does that compare with SpamAssassin?
  • I want to know which rule fired on a specific message. Is there a way to parse a message for the specific rule ID that fires?
  • Is Message Sniffer as fast as CommuniGate?
  • Is Message Sniffer capable of dropping spam or can it only tag the spam?
  • Is there a message I can send through Sniffer to see if it is detecting spam?
  • Is there an email I can send that SHOULD trigger Sniffer to think it contains spam?
  • Is there an increase in network traffic in Version 3?
  • Is there a message size limit for Sniffer?
  • Testing email content questions with Sniffer
  • What is the easiest way to see if an email is failing Sniffer?
  • When not using the daemon, does the sniffer queue up all incoming requests and then process them one at a time?
  • Where do I start checking to ensure that the spam is indeed being caught and tagged?
  • Will Sniffer reduce my daily workload of analyzing the spam trap?
• Integration
  • Can I integrate Message Sniffer directly with IMail?
  • Can I use Message Sniffer in other Email programs like QMail?
  • Can I use Message Sniffer with Exchange?
  • Does Sniffer integrate directly with Merak Mail?
  • Does Sniffer support GTUBE?
  • Does Sniffer work directly with SmarterMail... i.e. without Declude?
  • How do I add Message Sniffer to eWall v3?
  • How do I get SNF to pay attention to Hotmail's X-Originating-IP: or AOLs X-AOL-IP: or 21cns X-MAIL-SOURCE-IP:?
  • How do I use both Sniffer and SURBL together?
  • I am using Amavis and having trouble seeing additional headers. What is going on?
  • I have eWall v3. I installed Message Sniffer but it's not helping.
  • Is Message Sniffer a good fit for running on email clients?
• Log Files
  • Are there different ways to view the log files?
  • Do you have a recommended method for archiving/maintaining the log file?
  • Do you have a simple script for rotating logs?
  • How do I tie a specific message to the corresponding log file entries?
  • How do the counters for the status reports work?
  • I am running SNF Version 3. Do we still need to upload log files?
  • In a false positive, why are you asking for a log file lines, I thought you would be able to find them yourself?
  • Is there a tool available with which to analyze sniffer logs?
  • Is there a way to write its logs to a different location other than the default Sniffer directory?
  • No log file is being created. Why?
  • When I try to view the log files in the SNF directory, I get an XML Parsing Error. Why?
• Plugins/Milter
  • SNFMilter
    • Can SNFMilter run as a sole anti-spam milter or do I need additional milter filters (exm. SA or Amavis)?
  • SNF4CGP
    • How is Sniffer installed into CGP?
  • SNF4SA
    • I've installed SNF4SA with Amavisd + SpamAssassin and it's not showing up. What's wrong?
    • SpamAssassin is calling SNF4SA, but it's not working. Why?
    • What is the marking process for SNF4SA?
• Resellers
  • Can we resell the product in the U.S. only, U.S. and Canada, or worldwide?
  • Can you set it up so that the client pays you directly and you forward me my commission from the sale?
  • Does the open source version support the "for pay" rulebase files or would I have to use the pre-compiled binary you provide with the rulebase file?
  • Does the product include or offer separately maintenance, support, or both? What is the length of coverage?
  • Do you have any performance information?
  • Is the product available through Ingram Micro, LifeBoat, Tech Data or any other distributors?
  • Is Sniffer available on CD, 3.5, or ESD (electronic software distribution)?
  • What are your payment terms?
  • What is the best way to make a reseller purchase? Can I do it online?
  • What is the codebase written in?
  • What is your return policy?
  • What options do we have to integrate your product into different environments?
  • What platforms are supported?
• Result Codes
  • Core Rule Group Result Codes
  • Do I have to use all fo the result codes?
  • Does Sniffer award a point value per message or only a Spam/Non-SPAM response?
  • Errors and Result Codes
  • How can I use result codes to increase performance of Sniffer?
  • Result Code Listing
  • What is a result code?
• Rulebase Updates
  • Downloading Rulebase Updates
    • Do I need to create a scheduled task for the getRulebase.cmd?
    • Do you zip the updates files?
    • How do I get Message Sniffer updates?
    • How does the update detection work?
    • I am experiencing extremely slow downloads getting updates. What's going on?
    • I have been having trouble with my update script. Nothing has changed, so what could be wrong?
    • I run the getRulebase script but nothing happens.
    • Is there a way I can check for a 0 byte .snf file?
    • My server is continuously attempting to download my rulebase file as if it is stuck in a loop. What's going on?
    • The 'getrulebase.cmd' file works if I run it manually, but does not work when left to run by itself. Why?
    • My SNF updates are too slow; Rulebase timestamps are in the future??
    • We are using the wget update script running for our automated downloads, but it is giving an unexpected end of file using the gzip. Why?
    • What is the recommended interval of time I should set to get updates for the *.snf file?
    • When I download the update the .snf in the sniffer directory doesn't get updated. Why?
    • When should I download my updates?
    • Where is the UpdateReady.txt file created?
    • Why am I receiving a "Bad Command Line" error in my getRulebase.cmd file?
    • Why are you deprecating the FTP access to updates?
  • Using Rulebase Updates
    • Do we need to restart the SMTP server every time we update the rulebase?
    • Does SNFServer automatically load the new updated rulebase if I copy it to the snf directory while SNFServer.exe is running?
    • How long does it usually take before SNFServer realizes that there is a new rulebase?
    • How do I verify that SNFServer has loaded the latest rulebase?
    • SNF Updates stopped working after installing a firewall (cisco asc). I can still force an update if I touch UpdateReady.txt and run the getRulebase script, but I'd like to fix this and go back to it being automatic.
    • What is snf2check.exe? Do I need to rename it?
• Software
  • How can I tell which version of Sniffer I am running?
  • How can I see how well Sniffer is working?
  • How do I download/install latest .exe for sniffer?
  • What options are there for a *nix SNF distribution?
  • Why are there so many places to configure paths in the setup?
  • Why does your installation zip file NOT have subfolders?
• Spam
  • Submitting Spam
    • Can I auto forward spam to you?
    • Do you respond to spam submissions?
    • Guidelines for Submitting Spam
    • How can I be sure that my spam submissions were received?
    • How does Message Sniffer deal with spam in foreign languages?
    • How do you handle spam submissions?
    • If I set up an account for you, can I have all of my users forward "spam" to that account?
    • POP Approach for Submitting Spam
    • What is a virtual spamtrap?
    • What spam do you want?
  • General Spam Questions
    • How can I minimize the spam mails being delivered to my users?
    • How can I reduce or block spam storms?
    • How can I tell when there is a spam storm?
• Subscriptions
  • Are there any special prices for small businesses?
  • Can I subscribe on a monthly basis, rather then prepaying for a year upfront?
  • Does the Sniffer license change from platform to platform?
  • How can I purchase Message Sniffer?
  • How do I know how many Sniffer licenses (subscriptions) I need?
  • I currently have a trial license. When I order the full subscription, will I be able to keep my same license and authentication code that you gave me in the trial?
  • I see --RELOADING-- AuthError in my log file and now I can't start SNF. Does that mean my subscription has lapsed?
  • If I renew my Sniffer subscription will I get new license ID or can I keep my old one?
  • My company would like to build backup mail gateway. Do I need another license for this?
  • We are changing domains. What do I need to do from our end to keep the updates coming from you and is there any config involved?
  • We are changing servers. Can I keep my license active on both servers while we are transition?
  • What are the options for additional server licensing?
  • What is my license ID / authentication code?
  • Why can I not subscribe to SNF with an address from hotmail, gmail, yahoo, or other public webmail site?
• Trials
  • Are there email requirements on signing up for the 30 day free trial?
  • How do I get started with the 30 day free trial?
  • I am currently a Message Sniffer customer. We are setting up a new server and I'd like to have a trial license for testing only. Can I sign up for a trial?
  • I am ready to purchase Message Sniffer. What do I need to do to convert from a trial license to a full subscription?
  • I currently have a trial license. When I order the full subsciption, will I be able to keep my same license and authentication code that you gave me in the trial?
  • What do I get in my 30 day free trial?
  • What happens once I sign up for a 30 day free trial?
  • What if I have trouble getting my trial set up?
  • Where do I sign up for the 30 day free trial?
• Version 3 Architecture
  • SNFClient
  • GBUdb
    • General Questions
      • Can GBUdb accept external IP reputation database connection?
      • How do I find out why a specific IP triggered SNF?
      • How do I implement GBUdb?
      • How do I remove an IP from GBUdb?
      • How do the GBUdb and the Pattern Matching Engine work together?
      • How does GBUdb accomodate more entries when it is just about out of space?
      • How often does the engine (re)reads the GBUdbIgnoreList.txt?
      • How soon should we expect to see a new gbx file after a GBUdb dump?
      • I think my GBUdb data is corrupt. How do I reset it?
      • I understand that the GBUdb has collaborative features. How does the work exactly?
      • Is it possible to have sniffer NOT automatically input data into GBUdb with each sniffer scan?
      • Is it possible to tell Sniffer to NOT allow the possibility of "truncating" on a message-by-message basis?
      • It appears that all of the IPs that I test turn up as ugly in GBUdb. Am I doing something wrong?
      • Other than using the SNFClient to send command to GBUdb (i.e snfclient -test <IPaddress), can this be done over XML?
      • What is the <licenseid>.gbx file?
      • Which mode do I need to be in to use the IP reputation system?
      • Where is GBUdb stored?
  • SNFServer
    • Does SNFServer automatically load the new updated rulebase if I copy it to the snf directory while SNFServer.exe is running?
    • How do I verify that SNFServer has loaded the latest rulebase?
    • How long does it usually take before SNFServer realizes that there is a new rulebase?
    • What do the #'s mean on the status screen when SNFServer is running?
    • What is the <licenseid>.gbx file?
  • Are there advantages to calling SNFServer directly from my application or should I use SNFClient from my application?
  • How do I see the real-time stats?
  • How do I set up my mail server and Message Sniffer on different servers?
  • There seems to be a problem with connecting with the SYNC server. What could be interfering?
  • When SNF connects to your SYNC servers, what information/data is it exchanging?