<!-- SNFMulti V3.0 Configuration File, Setup: Typical of MDaemon Plugin -->
<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->

<snf>
    <node identity='/MDaemon/SNF/identity.xml'>

        <paths>
            <log path='/MDaemon/SNF/'/>
            <rulebase path='/MDaemon/SNF/'/>
            <workspace path='/MDaemon/SNF/'/>
        </paths>

        <logs>

            <rotation localtime='no'/>

            <status>
                <second log='yes' append='no'/>
                <minute log='yes' append='no'/>
                <hour log='no' append='no'/>
            </status>

            <scan>
                <identifier force-message-id='no'/>
                <classic mode='none' rotate='no' matches='none'/>
                <xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>

                <xheaders>
                    <output mode='inject'/>

                    <version on-off='off'>X-MessageSniffer-Version</version>
                    <license on-off='off'>X-MessageSniffer-License</license>
                    <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
                    <identifier  on-off='off'>X-MessageSniffer-Identifier</identifier>
                    <gbudb on-off='on'>X-MessageSniffer-GBUdb-Result</gbudb>
                    <result on-off='on'>X-MessageSniffer-Scan-Result</result>
                    <matches on-off='on'>X-MessageSniffer-Patterns</matches>

                    <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
                    <white on-off='off'>X-MessageSniffer-White: Yes</white>
                    <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
                    <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
                    <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
                    <symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
                    <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
                    <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
                    <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
                    <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
                    <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
                    <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
                    <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
                    <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
                    <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
                    <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
                    <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
                    <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
                    <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
                    <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
                    <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
                    <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
                    <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>

                </xheaders>
            </scan>
        </logs>

        <network>
            <sync secs='30' host='sync.messagesniffer.net' port='25'/>
            <update-script on-off='on' call='/MDaemon/SNF/getRulebase.cmd' guard-time='180'/>
        </network>

        <xci on-off='on' port='9001'/>

        <gbudb>
            <database>

                <condense minimum-seconds-between='600'>
                    <time-trigger on-off='on' seconds='86400'/>
                    <posts-trigger on-off='off' posts='1200000'/>
                    <records-trigger on-off='off' records='600000'/>
                    <size-trigger on-off='on' megabytes='150'/>
                </condense>

                <checkpoint on-off='on' secs='3600'/>

            </database>

            <regions>

                <white on-off='on' symbol='0'>
                    <edge probability='-1.0' confidence='0.4'/>
                    <edge probability='-0.8' confidence='1.0'/>
                    <panic on-off='on' rule-range='1000'/>
                </white>

                <caution on-off='on' symbol='40'>
                    <edge probability='0.4' confidence='0.0'/>
                    <edge probability='0.8' confidence='0.5'/>
                </caution>

                <black on-off='on' symbol='63'>
                    <edge probability='0.8' confidence='0.2'/>
                    <edge probability='0.8' confidence='1.0'/>
                    <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
                    <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
                </black>

            </regions>

            <training on-off='on'>

                <bypass>
                    <!-- <header name='To:' find='spam@example.com'/> -->
                    <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
                </bypass>

                <drilldown>
                    <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
                    <!-- <received ordinal='0' find='mixed-source.com'/> -->
                    <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
                </drilldown>

                <source>
                    <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
                    <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
                </source>

                <white>
                    <result code='1'/>
                    <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
                </white>

            </training>

        </gbudb>

        <rule-panics>
            <!--
            <rule id='123456'/>
            <rule id='123457'/>
            -->
        </rule-panics>

        <!-- Platform Specific Configuration -->
        <platform>
            <mdaemon>
                <ip-test on-off='on'/>
                <configurator command='start notepad' append-path='yes'/>
            </mdaemon>
        </platform>

        <msg-file type='rfc822'/>

    </node>
</snf>