Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

snf_engine.xml 6.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. <!-- SNFMulti V3.0 Configuration File, Setup: Typical of Win* Client / Server -->
  2. <!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
  3. <snf>
  4. <node identity='c:/SNF/identity.xml'>
  5. <paths>
  6. <log path='c:/SNF/'/>
  7. <rulebase path='c:/SNF/'/>
  8. <workspace path='c:/SNF/'/>
  9. </paths>
  10. <logs>
  11. <rotation localtime='no'/>
  12. <status>
  13. <second log='yes' append='no'/>
  14. <minute log='yes' append='no'/>
  15. <hour log='no' append='no'/>
  16. </status>
  17. <scan>
  18. <identifier force-message-id='no'/>
  19. <classic mode='none' rotate='yes' matches='unique'/>
  20. <xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>
  21. <xheaders>
  22. <output mode='none'/>
  23. <version on-off='off'>X-MessageSniffer-Version</version>
  24. <license on-off='off'>X-MessageSniffer-License</license>
  25. <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
  26. <identifier on-off='off'>X-MessageSniffer-Identifier</identifier>
  27. <gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
  28. <result on-off='off'>X-MessageSniffer-Scan-Result</result>
  29. <matches on-off='on'>X-MessageSniffer-Rules</matches>
  30. <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
  31. <white on-off='off'>X-MessageSniffer-White: Yes</white>
  32. <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
  33. <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
  34. <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
  35. <symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
  36. <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
  37. <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
  38. <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
  39. <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
  40. <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
  41. <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
  42. <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
  43. <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
  44. <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
  45. <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
  46. <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
  47. <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
  48. <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
  49. <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
  50. <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
  51. <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
  52. <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
  53. </xheaders>
  54. </scan>
  55. </logs>
  56. <network>
  57. <sync secs='30' host='sync.messagesniffer.net' port='25'/>
  58. <update-script on-off='on' call='c:/SNF/getRulebase.cmd' guard-time='180'/>
  59. </network>
  60. <xci on-off='on' port='9001'/>
  61. <gbudb>
  62. <database>
  63. <condense minimum-seconds-between='600'>
  64. <time-trigger on-off='on' seconds='86400'/>
  65. <posts-trigger on-off='off' posts='1200000'/>
  66. <records-trigger on-off='off' records='600000'/>
  67. <size-trigger on-off='on' megabytes='150'/>
  68. </condense>
  69. <checkpoint on-off='on' secs='3600'/>
  70. </database>
  71. <regions>
  72. <white on-off='on' symbol='0'>
  73. <edge probability='-1.0' confidence='0.4'/>
  74. <edge probability='-0.8' confidence='1.0'/>
  75. <panic on-off='on' rule-range='1000'/>
  76. </white>
  77. <caution on-off='on' symbol='40'>
  78. <edge probability='0.4' confidence='0.0'/>
  79. <edge probability='0.8' confidence='0.5'/>
  80. </caution>
  81. <black on-off='on' symbol='63'>
  82. <edge probability='0.8' confidence='0.2'/>
  83. <edge probability='0.8' confidence='1.0'/>
  84. <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
  85. <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
  86. </black>
  87. </regions>
  88. <training on-off='on'>
  89. <bypass>
  90. <!-- <header name='To:' find='spam@example.com'/> -->
  91. <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
  92. </bypass>
  93. <drilldown>
  94. <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
  95. <!-- <received ordinal='0' find='mixed-source.com'/> -->
  96. <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
  97. </drilldown>
  98. <source>
  99. <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
  100. <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
  101. </source>
  102. <white>
  103. <result code='1'/>
  104. <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
  105. </white>
  106. </training>
  107. </gbudb>
  108. <rule-panics>
  109. <!--
  110. <rule id='123456'/>
  111. <rule id='123457'/>
  112. -->
  113. </rule-panics>
  114. <platform/>
  115. <msg-file type='rfc822'/>
  116. </node>
  117. </snf>