ChangeLog 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657
  1. 2009-07-02 Alban Deniz <adeniz@skidmark.localdomain>
  2. * Scripts/snf-server.redhat: Implement debug mode and production
  3. mode (Copied from snf-milter.redhat in snf-redhat distribution).
  4. 2009-06-30 Alban Deniz <adeniz@skidmark.localdomain>
  5. * Docs/DebugMode_readme.txt: Updated to be consistent with
  6. debug/production mode capability.
  7. * Scripts/snf-server.openbsd: Implement debug mode and production
  8. mode (Copied from snf-milter.openbsd in snf-milter distribution).
  9. 2009-06-29 Alban Deniz <adeniz@skidmark.localdomain>
  10. * Scripts/snf-server.freebsd: Implement debug mode and production
  11. mode (Copied from snf-milter.freebsd in snf-milter distribution).
  12. * Scripts/snf-server.suse: Implement debug mode and production
  13. mode (Copied from snf-milter.suse in snf-milter distribution).
  14. 2009-06-28 Alban Deniz <adeniz@skidmark.localdomain>
  15. * config_files/SNFServer.xml.sample.in: Change "path" attribute of
  16. <log> element to be /var/log/PACKAGE_NAME (which is changed to
  17. /var/log/snf-server during building).
  18. * INSTALL: Added instructions to create /var/log/snf-server.
  19. Added section on debugging (snf-server debug-mode, etc).
  20. * Scripts/snf-server.ubuntu: Implement debug mode and production
  21. mode (Copied from snf-milter.ubuntu in snf-milter distribution).
  22. * Scripts/Makefile.am (snf-server): Translate SYSCONFDIR (to, for
  23. example, "/etc") and PACKAGE_NAME when generating snf-milter
  24. startup script. Add g to translation commands so that all
  25. occurances of the strings are translated (needed if there are
  26. multiple occurances on a single line).
  27. 2009-06-18 Alban Deniz <adeniz@skidmark.localdomain>
  28. * INSTALL (Ubuntu): Added specific directions for setting up to
  29. start SNFServer automatically during OS boot.
  30. 2009-05-26 Alban Deniz <adeniz@skidmark.localdomain>
  31. * configure.ac: Updated for passing command-line parameters to the
  32. compiler (e.g. make OTHER_CXXFLAGS='-Wall').
  33. 2009-05-23 Alban Deniz <adeniz@skidmark.localdomain>
  34. * SNFClient/Makefile.am (LIBS): Search SNFMulti library before
  35. CodeDweller.
  36. * SNF2Check/Makefile.am (LIBS): Search SNFMulti library before
  37. CodeDweller.
  38. * CodeDweller/Makefile.am (noinst_HEADERS): Added faults.hpp and
  39. mangler.hpp.
  40. (libCodeDweller_a_SOURCES): Added mangler.cpp.
  41. * SNFMulti/Makefile.am (noinst_HEADERS): Removed tcp_watchdog.hpp
  42. and mangler.hpp.
  43. (libSNFMulti_a_SOURCES): Removed tcp_watchdog.cpp and mangler.cpp.
  44. 2009-05-18 Alban Deniz <adeniz@skidmark.localdomain>
  45. * configure.ac: Incremented version to 3.0.5. This contains
  46. SNF4SA version 0.9.2 (contribution to SA score submitted correctly
  47. by $permsgstatus->{conf}->{scoreset). This addresses the problem
  48. with amavisd-new always having a score of 1.
  49. 2009-02-06 Alban Deniz <adeniz@skidmark.localdomain>
  50. * SNFMulti/SNFMulti.cpp: Replaced with file from Pete, Jan 29,
  51. 2009.
  52. * DEVELOPER_NOTES: Update list of required software (curl replaces
  53. gzip and wget).
  54. * configure.ac: Removed check for wget and gzip, added check for
  55. curl.
  56. * cleanForDist: Added script to clean developer distribution.
  57. * Scripts/getRulebase.in: Modified to use curl instead of wget and
  58. gzip.
  59. 2009-01-27 Alban Deniz <adeniz@skidmark.localdomain>
  60. * DEVELOPER_NOTES: Renamed user tarball name from SNFServer to
  61. snf-server.
  62. * configure.ac: Changed docs to Docs.
  63. * Makefile.am (SUBDIRS): Changed docs to Docs.
  64. * DEVELOPER_NOTES: Updated to include prerequisites for building,
  65. and other new features (OTL #19).
  66. 2008-12-18 Alban Deniz <adeniz@skidmark.localdomain>
  67. * Scripts/Makefile.am: Install snfServer in final destination.
  68. 2008-12-17 Alban Deniz <adeniz@skidmark.localdomain>
  69. * Scripts/Makefile.am (snfServerControl.sample): Replace
  70. configuration file path and name
  71. @sysconfdir@/@PACKAGE_NAME@/@PACKAGE_NAME@.xml.
  72. 2008-12-16 Alban Deniz <adeniz@skidmark.localdomain>
  73. * INSTALL: Added instructions for integration with sendmail.
  74. * Scripts/Makefile.am: Added snfSnifferFilter script.
  75. 2008-12-09 Alban Deniz <adeniz@skidmark.localdomain>
  76. * Scripts/snfSniffer.in: Generate additional temporary filenames
  77. by adding a suffix to MSGFILE rather than a prefix.
  78. * SNFServer/main.cpp: Made VERSION_INFO const char *.
  79. * SNFClient/main.cpp: Made VERSION_INFO const char *.
  80. * SNFMulti/SNFMulti.cpp (enum PatternResultTypes): Remove
  81. 'typedef'.
  82. (snf_EngineHandler::scanMessageFile): Make XHDRInjState const char *.
  83. (snf_EngineHandler::scanMessage): Make DebugInfo const char *.
  84. * SNFMulti/GBUdb.cpp (GBUdbAlert::toXML): Make FlagName a pointer
  85. to const char *.
  86. * SNFMulti/FilterChain.hpp (class FilterChainHeaderAnalysis): Pass
  87. const char * to SetFollowPattern. Make MatchPattern a pointer to
  88. const char *.
  89. * Scripts/snfSniffer.in: Copied from
  90. snfv2-3.5-PostfixExample/sniffer.
  91. * SNFServer/Makefile.am: Moved configuration files to
  92. config_files.
  93. * Makefile.am (SUBDIRS): Added config_files.
  94. 2008-12-08 Alban Deniz <adeniz@skidmark.localdomain>
  95. * SNFServer/main.cpp: Use PACKAGE_VERSION for version string.
  96. * SNF2Check/main.cpp: Removed reference to SNF_Service in #include
  97. directives.
  98. * SNFClient/main.cpp: Removed reference to SNF_Service in #include
  99. directives. Use PACKAGE_VERSION for version string.
  100. * configure.ac: Split SNF_Service into CodeDweller and SNFMulti
  101. directories.
  102. 2008-10-01 Alban Deniz <adeniz@skidmark.localdomain>
  103. * snf.openbsd: Start with /bin/sh rather than /bin/bash. Rename
  104. function stop to stopFunction. Removed $ from beginning of string
  105. constants.
  106. 2008-09-30 Alban Deniz <adeniz@skidmark.localdomain>
  107. * compile: Added -O3 switch, and change first line back to
  108. /bin/sh.
  109. 2008-09-30 Alban Deniz <adeniz@skidmark.localdomain>
  110. * compile: Changed first line back to /bin/sh.
  111. 2008-09-30 Alban Deniz <adeniz@skidmark.localdomain>
  112. * compile: Changed first line back to /bin/sh.
  113. 2008-09-30 Alban Deniz <adeniz@skidmark.localdomain>
  114. * install: Changed the first line to /bin/sh.
  115. * clean: Changed the first line to /bin/sh.
  116. * build: Changed first line to /bin/sh.
  117. 2008-09-24 Alban Deniz <adeniz@snuffy.localdomain>
  118. * snf.freebsd (stop_cmd): Added message when stopping.
  119. 2008-09-24 Charlie Root <adeniz@snuffy.localdomain>
  120. * DEVELOPER_NOTES: Corrected installation for FreeBSD.
  121. 2008-09-21 Alban Deniz <adeniz@skidmark.localdomain>
  122. * DEVELOPER_NOTES: Updated.
  123. 2008-09-20 <adeniz@puffy.localdomain>
  124. * snf.openbsd: Initial revision.
  125. * snf.freebsd: Renamed from snf.bsd.
  126. 2008-09-20 <adeniz@puffy.localdomain>
  127. * install (destdir): Added -m to su command on last line.
  128. * DEVELOPER_NOTES: Updated for OpenBSD.
  129. 2008-09-15 Alban Deniz <adeniz@skidmark.localdomain>
  130. * snf.redhat (snfStartCmd): Use su to start daemon, and specify
  131. shell.
  132. * snf.suse (SNFServer_BIN): Specify shell when issuing su command.
  133. 2008-09-13 Alban Deniz <adeniz@wormy.home>
  134. * snf.bsd: Tested.
  135. 2008-09-13 Alban Deniz <adeniz@wormy.home>
  136. * DEVELOPER_NOTES: Initial revision.
  137. 2008-09-10 Alban Deniz <adeniz@sleepy.localdomain>
  138. * snf.ubuntu: Tested start, stop, reload, status commands.
  139. 2008-09-09 Alban Deniz <adeniz@>
  140. * FilterChain.hpp: Included string.h.
  141. * GBUdb.hpp: included stdlib.h.
  142. 2008-09-09 Alban Deniz <adeniz@sleepy.localdomain>
  143. * snf.suse: Added description to structured comment after
  144. chkconfig.
  145. 2008-09-09 Alban Deniz <adeniz@>
  146. * snf.suse: Initial revision.
  147. 2008-09-09 Alban Deniz <adeniz@sleepy.localdomain>
  148. * install (destdir): Create the user and group first.
  149. 2008-09-09 Alban Deniz <adeniz@>
  150. * install (destdir): Corrected useradd command.
  151. 2008-09-08 Alban Deniz <adeniz@skidmark.localdomain>
  152. * compile: Removed .exe extension.
  153. 2008-09-08 Alban Deniz <adeniz@skidmark.localdomain>
  154. * compile: Removed the .exe extension.
  155. 2008-09-08 Alban Deniz <adeniz@skidmark.localdomain>
  156. * compile: Removed the .exe extension.
  157. 2008-09-08 root <adeniz@skidmark.localdomain>
  158. * getRulebase: Removed .exe from program names.
  159. * snf.redhat: Initial revision.
  160. 2008-09-08 Alban Deniz <adeniz@skidmark.localdomain>
  161. * clean: Create script to remove executables generated by build.
  162. * install: Created script to install applications, files, and
  163. download rulebase.
  164. * build: Created script to build applications.
  165. SNF Command Line & SNFMulti Engine / Client Change Log
  166. ------------------------------------------------------------------------------
  167. 20080710 - Version 3.0.1
  168. Minor change to SNFServer main.cpp:59 - removed cast to (int) which caused
  169. a precision loss error when compiling on 64 bit systems. This changes the
  170. thread pointer info in debug mode slightly (better).
  171. 20080626 - Version 3.0, It's official.
  172. Changed build information.
  173. Removed extraneous comments from configuration file.
  174. 20080524 - Version V2-9rc2.25.7
  175. Optimized networking library for additional speed & stability by moving
  176. receive buffer allocation from heap to stack (automatic).
  177. Optimized timing parameters in SNFClient for improved speed. Polling dealys
  178. are now reduced to 10ms from 30ms.
  179. Removed speed-bug in SNFClient, 100ms guard time between retries was always
  180. executed after an attempt (even a successful attempt). The guard time is now
  181. condition and only fires on unsuccessful attempts.
  182. Updated XCI server logic to ensure non-blocking sockets for clients in all
  183. socket implementations.
  184. 20080424 - Version V2-9rc2.24.6
  185. Refactored snfScanData.clear() to reduce heap work and fragments.
  186. Added mutex to scanMessageFile() entry point just in case some app attempts to
  187. put multiple threads through a single engine handler. scanMessage() is already
  188. protected and fully wraped by the new scanMessageFile() mutex.
  189. Added non-specific runtime exception handling to XHDR injection code.
  190. Added 2 retries w/ 300ms delay to remove original message in XHDR inject code.
  191. If remove fails after 3 attempts the injector throws.
  192. Added 2 retries w/ 300ms delay to rename temp file to msg in XHDR inject code.
  193. If rename fails after 3 attempts the injector throws.
  194. 20080416 - Version V2-9rc2.23.6
  195. Fixed bug where SNCY open() would fail on some Win* platforms with
  196. WSAEINVAL instead of the standard EINPROGRESS or EALREADY which were expected.
  197. Also added WSAEWOULDBLOCK to cover other "ambiguities" in windows sockets
  198. implementations. InProgress() on Win* now test for any of:
  199. WSAEINPROGRESS, WSAEALREADY, WSAEWOULDBLOCK, WSAEINVAL
  200. 20080413 - Version V2-9rc2.22.6
  201. Fixed bug in TCPHost.open() where EALREADY was not counted as a version of
  202. EINPROGRESS. This would cause open() to throw an unnecessary exception when
  203. an open() required extra time.
  204. 20080413 - Version V2-9rc2.21.6
  205. Extended timeout for SYNC session open() to the full session length. This way
  206. if a session takes a long time to open it still has a shot at success.
  207. 20080411 - Version V2-9rc2.20.6
  208. Adjusted snfNETmgr to use non-blocking open in SYNC sessions. Open timeout
  209. is 1/3 of the session timeout. Session timeout is 2 * Session pacing. Open
  210. polling uses golden spiral delay from 10ms to 340ms.
  211. 20080410 - Version V2-9rc2.19.6
  212. Adjusted XCI manager to use new snfCFGPacket paradigm in checkCFG().
  213. Adjusted snf_RulebaseHandler::addRulePanic() to use MyMutex and eliminated
  214. the AutoPanicMutex and waiting scheme.
  215. Refactored scanMessage() to use a ScopeMutex() rather than lock()/unlock().
  216. Refactored scanMessage() to use MyCFGPacket.isRulePanic() test.
  217. Redesigned snfCFGPacket handling to automate grab() / drop() functions.
  218. Fixed lock-up bug: Redesigned AutoPanic posting and checking mechanisms to
  219. eliminate potential dead-lock condition. Under some conditions a precisely
  220. timed auto-panic posting could cause the RulebaseHandler mutex and the
  221. AutoPanicMutex to become intertwined leading to a cascading deadlock. When
  222. this occurred all XCI processing threads and eventually the XCI listener
  223. thread would become blocked waiting to get the current configuration.
  224. 20080409 - Version V2-9rc2.18.6
  225. Enhanced XCI exception handling and logging to provide additional detail.
  226. Added code to explicitely check for zero length files in scanMessagFile().
  227. Previously a zero length file would cause the CBFR module of the filter
  228. chain to throw an invalid buffer exception. Now if the message file is empty
  229. scanMessageFile() will throw a FileError stating FileEmpty!.
  230. 20080407 - Version V2-9rc2.17.6
  231. Enhanced exception reporting in snfXCImrg
  232. 20080405 - SNFServer V2-9rc2.16.6
  233. Reduced safetly limits on status reports to 100K for status reports and 100K
  234. for samples. Previous values were 10M. Most full sessions from the busiest
  235. systems are < 50K total.
  236. Recoded sendDataTimeout() to break uploads into 512 byte chunks and insert
  237. delays only when a chunk is fragmented. This methodology improves reliability
  238. on Win* systems without any significant penalty on systems that don't need
  239. socket sends() to be in smaller chunks.
  240. Fixed TCPClient::transmit() and TCPHost::transmit() bug where returned byte
  241. count might be -1. Now returned byte counts can only be 0 or more.
  242. 20080403 - SNFServer V2-9rc2.15.5
  243. Minor modifications to networking module to better support non-blocking open()
  244. Updated SNFClient with new timing and non-blocking open(). Worst case return
  245. time from SNFClient estimated at 200 seconds (theoretically impossible). No-
  246. connection return time from SNFClient estimated at 20 seconds.
  247. 20080326 - SNFServer V2-9rc2.15.4
  248. Refactored snfNETmgr::sync() to consolidate non-blocking io routines.
  249. Added detailed thread status data to XCI listener thread.
  250. Fixed minor bug in main (not changing revision), Debug flag for internal use
  251. was left on in the last build cycle. It is commented out now.
  252. 20080325 - SNFServer V2-9rc2.14.4
  253. Updated snfNETmgr with comprehensive thread status data.
  254. Refactored snfNETmgr::sync() to check a Timeout, removed TCPWatchdog.
  255. 20080325 - SNFServer V2-9rc2.13.4
  256. Upgraded TCPWatcher code to use new threading features (type, status).
  257. 20080324 - SNFServer v2-9rc2.12.4
  258. Added a "Rulebase Getter" feature as part of the snf_Reloader. When enabled
  259. the Rulebase Getter will launch a user defineable system() call whenever a
  260. new rulebase file is available. The call will be repeated until the condition
  261. is cleared by a successful update of the rulebase file. The Rulebase Getter
  262. will wait a configurable "guard time" between attempts. The default system()
  263. call is "getRulebase" with a guard time of 3 minutes. In most cases this will
  264. launch the provided getRulebase script which should be present in the start
  265. location of SNFServer on most systems. Best practice is to configure the full
  266. path to the update script. The system() call is made in a separate thread so
  267. that if the system() call hangs for some reason only the Rulebase Getter is
  268. stuck.
  269. Built thread monitoring function for SNFServer.exe (Full status report / sec).
  270. The thread monitoring report is turned on when the program is renamed to
  271. SNFDebugServer.exe or if "debug" appears in the file path to the program.
  272. Refactored XCI channels to leverage new thread monitoring.
  273. Refactored Threading to eliminate inline code.
  274. Improved exception handling/reporting in scanMessageFile().
  275. Updated scanMessagFile() header injection code to accommodate messages with
  276. no body. Previous version would throw an exception when it could not find an
  277. injection point. The new version makes the injection point byte 0 and puts
  278. the injected headers at the top of the message using it's best guess about the
  279. type of line endings (CRLF or LF) to use.
  280. Updated Threading library to include high level thread state tracking and
  281. naming. Also creates a global Threads object that can produce a real-time
  282. status report on all threads.
  283. Updated Networking library to use SO_REUSEADDR by default on listeners.
  284. 20080318 - SNF2-9rc1.11.exe Consolidated several mods/fixes
  285. Corrected scan error logging bug. Was posting <s/> now posts <e/>.
  286. Updated scan error logging to be more uniform with non-scan errors.
  287. Developed various script prototypes for postfix integration & automated
  288. updates on win* systems using the new UpdateReady.txt file mechanism.
  289. Fixed a bug in scanMessageFile() where an \n\n style insertion point
  290. would never be detected.
  291. Modified scanMessageFile() header injection to strip <CR> from line ends
  292. when the message file provided does not use them. The line-end style of
  293. the message file is detected while locating the insertion point. If the
  294. insertion point (first blank line) does not use <CR><LF> then the SNF
  295. generated X-Headers are stripped of <CR> in a tight loop before injection.
  296. Enhanced error and exception reporting in SNFMulti.cpp scanMessageFile().
  297. Enhanced exception handling in networking module. All exceptions now
  298. throw descriptive runtime_error exceptions.
  299. 20080306 - SNF2-9rc1.8.exe (FIRST RELEASE CANDIDATE for VERSION 3!)
  300. Added Drilldown Header Directive Functions - When the candidate source IP
  301. comes from a header matching a drilldown directive the IP is marked "Ignore"
  302. in GBUdb and the candidate is no longer eligible to be the source for that
  303. message. This allows SNF to follow the trusted chain of devices (by IP) down
  304. to the actual source of the message. It is handy for ignoring net blocks
  305. because it can match partial IPs but it is designed to allow SNF to learn
  306. it's way through the servers at large ISPs so that the original source for
  307. each message can be evaluated directly.
  308. Added Source Header Directive Functions - This feature allows SNF to acquire
  309. the source IP for a message from a specific header rather than searching
  310. through the Received headers in the message. This is useful when the original
  311. source for a message is not represented in Received headers. For example:
  312. Hotmail places the originating source IP in a special header and does not
  313. provide a Received header for that IP. This feature is protected from abuse
  314. by a "Context" feature which only activates the source header directive when
  315. specific content is found in a specific received header. Using the above
  316. example, this feature can be configured so that a Hotmail source header would
  317. only be read if the top Recieved header contained "hotmail.com [" indicating
  318. that the ptr lookup for the header matched the hotmail domain. Note: When a
  319. source is pulled from a header directive that source is put into a synthetic
  320. Received header and injected into the scanning stream (not the message) as
  321. the first Received header.
  322. Added forced source IP to XCI - It is now possible to "inject" or "force"
  323. the source IP for any message by providing that IP in the XCI request or
  324. directly in a scan...() function call. This allows the calling application
  325. to provide the source IP for a message ahead of any Received headers that
  326. might be in the message. This is useful when the calling application knows
  327. the original source IP for the message but that IP is not represented in
  328. the Received headers and it is not desireable to use the Source Header
  329. Directive mechanism.
  330. Added forced source IP mode to SNFClient - It is now possible to call the
  331. SNFClient utility with an IP4Address using the syntax:
  332. SNFClient -source=12.34.56.78
  333. The -source mode of SNFClient exercises the forced source IP feature in
  334. the XCI (see above)
  335. Added Status Report features to SNFClient and XCI - It is now possible to
  336. request the latest status.second, status.minute, or status.hour data via
  337. the XCI and SNFClient. The syntax for requesting a status report using the
  338. SNFClient is:
  339. SNFClient -status.second
  340. SNFClient -status.minute
  341. SNFClient -status.hour
  342. In addition to providing status reports the SNFClient in this mode will
  343. return a nonzero value (usually 99) if it is unable to get a status report
  344. from SNFServer. This feature can be used to verify that SNFServer is up
  345. and responding. If SNFServer is OK then the result code returned is 0.
  346. Added result codes to SNFClient -test and XCI IP test functions - The XCI
  347. engine has been upgraded to provide the range value for the IP under test
  348. as well as the symbolic result code associated with that range. This allows
  349. the -test function to provide results that are consistent with the GBUdb
  350. configuration without additional processing: For example, if the IP falls
  351. in the Caution range then the Caution result code will be returned just
  352. as if a message had been scanned with the same IP and no pattern match
  353. occurred. The same is true for Truncate and Black range hits.
  354. Added Timestamp and Command Line Parameter data to SNFClient.exe.err - When
  355. an error occurs with SNFClient that may not appear in the SNFServer logs an
  356. entry is appended to the SNFClient.exe.err file. That in itself is not new.
  357. The new feature is that the entries added to the SNFClient.exe.err file now
  358. include timestamp and command line data to aid in debugging.
  359. Added BIG-ENDIAN Conversion - When the SNFServer program is compiled on a
  360. system that uses a BIG-ENDIAN processor (such as a power-mac) the rulebase
  361. load process now includes a routine to convert the token matrix from it's
  362. native LITTLE-ENDIAN format to a BIG-ENDIAN format. This solves a bug where
  363. Power-Mac (and presumably other BIG-ENDIAN systems) could compile and run
  364. the SNF* software but were unable to capture spam because the token matrix
  365. in the rulebase file was misinterpreted.
  366. Note: The BIG-ENDIAN Conversion feature is still considered experimental
  367. because it has not yet been thoroughly tested.
  368. Updated the Configuration Log to include all of the current configuration
  369. features and to improve it's readability.
  370. 20080207 - SNF2-9b1.7.exe
  371. SYNC Timeout now 2x SYNC Schedule
  372. SNFServer now produces an UpdateReady.txt file when the UTC timestamp on
  373. the SYNC server is newer than the UTC timestamp of the active rulebase. It
  374. is presumed that a suitable update script or program will run periodically
  375. and download a fresh rulebase file if the UpdateReady.txt file is present.
  376. The update script should remove the UpdateReady.txt file when it completes
  377. a successful download of the new rulebase file.
  378. Added available rulebase UTC in status reports <udate utc.../>
  379. Added Automatic path fixup for ending / or \
  380. Added option to use local time in log rotation <rotation localtime='no'/>
  381. The default is still utc.
  382. 20071102 - SNF2-9b1.6.exe
  383. Increased MAX_EVALS from 1024 to 2048.
  384. Adjusted defult range envelopes in snf_engine.xml to be more conservative.
  385. 20071017 - SNF2-9b1.5.exe
  386. Added a missing #include directive to the networking.hpp file. The
  387. missing #include was not a factor on Linux and Windows systems but
  388. caused compiler errors on BSD systems.
  389. Corrected a bug in the GBUdb White Range code where any message with a
  390. white range source IP was being forced to the white result code. The
  391. engine now (correctly) only forces the result and records the event when
  392. a black pattern rule was matched and the White Range IP causes that
  393. scan result to be overturned. If the scan result was not a black pattern
  394. match then the original scan result is allowed to pass through.
  395. Corrected a bug in the Header Analysis filter chain module that would
  396. cause the first header in the message to be ignored in some cases.
  397. Corrected an XML log format problem so that <s/> elements are correctly
  398. open ended <s ....> or closed (empty) <s..../> according to whether they
  399. have subordinate elements.
  400. Adjusted the GBUdb header info format. The order of the Confidence
  401. figure and Probabilty figure is now the same as in the XML log files
  402. (C then P). The confidence and probability figures are now preceeded
  403. with c= and p= respectively so that it's easy to tell which is which.
  404. 20071009 - SNF2-9b1.4.exe
  405. Tightened up the XCI handler code and removed the watchdog. The watchdog
  406. would restart the listener if there were no connections in 5 minutes. It
  407. was originally added to provide additional stability, however in practice
  408. there have been no "stalled listeners". Also, a stalled listener would
  409. likely be a sign of a different problem that the watchdog would tend to
  410. hide.
  411. Modified and refactored the XCI configuration management code. All XCI config
  412. changes and up-down operations are now handled in a single function except
  413. upon exit from the main XCI thread where XCI_shutdown() is always called.
  414. Added some more detailed exception handling code to the XCI component so that
  415. more data will be logged in the event of an error.
  416. 20071008 - SNF2-9b1.2.exe
  417. Added support for passing Communigate Message Files directly. Communigate adds
  418. data to the top of the message file. That data stops at the first blank line and
  419. the rfc822 message begins. The SNFServer engine can now be told to ignore this
  420. extra data using the following option:
  421. <msg-file type='cgp'/> <!-- type='cgp' for communigate message files -->
  422. If the msg-file type is anything other than 'cgp' then it will treat the message
  423. file as a standard rfc822 message in the usual way. The default setting is
  424. <msg-file type='rfc822'/>