Updated MinGW-32 and MinGW-64 for latest MinGW-W64 compiler

and VS2019.  Ran 32- and 64-bit SNFMultiTest program.

Removed from 32bitDLL and 64bitDLL files created by the build procedure.

Added to 32bitDLL the needed DLLs, and removed old DLLs.

32bitDll/IMPORTANT.txt

@@ -1,12 +1,12 @@
 IMPORTANT!!
 
-The libgcc_s_dw2-1.dll, libstdc++-6.dll, and snfmulti.dll from this
-distribution _MUST_ be kept together.  There are multiple versions of
-libgcc_s_dw2-1.dll and libstdc++-6.dll. Other versions may not be
-compatible with this distribution.
+The libgcc_s_sjlj-1.dll, libwinpthread-1.dll, libstdc++-6.dll, and
+snfmulti.dll from this distribution _MUST_ be kept together, and must
+be on the path.  There are multiple versions of these files. Other
+versions may not be compatible with this distribution.
 
 If you experience errors such as segmentation faults or "The
 application failed to initialize" then the most likely reason is that
-an incompatible version of libgcc_s_dw2-1.dll or libstdc++-6.dll is
-being loaded by snfmulti.dll.
+an incompatible version of libgcc_s_sjlj-1.dll, libwinpthread-1.dll,
+or libstdc++-6.dll is being loaded by snfmulti.dll.
 

32bitDll/snfmulti.def

@@ -1,14 +0,0 @@
-EXPORTS
-    closeScan @1
-    getIPReputation @2
-    getScanClassicLog @3
-    getScanResult @4
-    getScanXHeaders @5
-    getScanXMLLog @6
-    scanBuffer @7
-    scanFile @8
-    setThrottle @9
-    shutdownSNF @10
-    startupSNF @11
-    startupSNFAuthenticated @12
-    testIP @13

64bitDll/IMPORTANT.txt

@@ -1,12 +1,4 @@
 IMPORTANT!!
 
-The libgcc_s_sjlj-1.dll and snfmulti.dll from this distribution _MUST_
-be kept together.  There are multiple versions of
-libgcc_s_sjlj-1.dll. Other versions may not be compatible with this
-distribution.
-
-If you experience errors such as segmentation faults or "The
-application failed to initialize" then the most likely reason is that
-an incompatible version of the libgcc_s_sjlj-1.dll is being loaded by
-snfmulti.dll.
-
+The snfmulti.dll from this distribution _MUST_ be on the path when
+running programs that make SNFMulti calls.

64bitDll/snfmulti.def

@@ -1,14 +0,0 @@
-EXPORTS
-    closeScan @1
-    getIPReputation @2
-    getScanClassicLog @3
-    getScanResult @4
-    getScanXHeaders @5
-    getScanXMLLog @6
-    scanBuffer @7
-    scanFile @8
-    setThrottle @9
-    shutdownSNF @10
-    startupSNF @11
-    startupSNFAuthenticated @12
-    testIP @13

MinGW-32/README

@@ -1,6 +1,6 @@
 README file for command files for building SNFServer library and applications
 
-Copyright (c) 2009 ARM Research Laboratories
+Copyright (c) 2009, 2020 ARM Research Laboratories
 
 This is the README file for building the SNFMulti library and
 SNFMultiTest application using the 64-bit MinGW toolchain.
@@ -12,16 +12,14 @@ To build SNFMulti.dll
   directory.  The source files are in the ../SNFMulti and
   ../CodeDweller directories.
 
-
   2) Run "buildSNFMultiDLL.cmd".  This builds snfmulti.dll,
-  libsnfmulti.a, and snfmulti.def.  These are the same files built
-  by Code::Blocks.
+  libsnfmulti.a, and snfmulti.def.
 
-To build the import and export SNFMulti libraries for VS2008:
+To build the import and export SNFMulti libraries for VS2019:
 
-  1) With the VS2008 command prompt, run "buildVS2008SNFMultiImportLib.cmd".
-  This reads snfmulti.def and creates vs2008_snfmulti.lib (the SNFMulti import
-  library) and vs2008_snfmulti.exp (the SNFMulti export library).
+  1) With the VS2019 command prompt, run "buildVS2019SNFMultiImportLib.cmd".
+  This reads snfmulti.def and creates vs2019_snfmulti.lib (the SNFMulti import
+  library) and vs2019_snfmulti.exp (the SNFMulti export library).
 
 To copy to where the sample programs can find the files:
 
@@ -38,9 +36,10 @@ To build SNFMultiTest linked with SNFMulti.dll:
 To run SNFMultiTest:
 
   1) Make sure that all DLLs required by MinGW are available to
-     SNFMultiTest.  For example, MinGW 5.1.4 needs mingwm10.dll, which
-     is in \MinGW\bin.
+     SNFMultiTest.  The required files are in ../32bitDLL.
 
   2) Make sure that the sniffer configuration file is named
      prescale.xml, and is in the current directory.  A suitable
-     configuration file is ..\SNFMultiSDK_Windows_3.1\snf_engine.xml.
+     configuration file is ..\MinGW-64\prescale.xml.
+
+  3) Enter :SNFMultiTest" at the command line.

MinGW-32/buildSNFMultiDLL.cmd

@@ -1,9 +1,9 @@
 setlocal
 del snfmulti.dll snfmulti.def libsnfmulti.a
 REM set path=c:\MinGW\bin;%path%
-set path=c:\Program Files\MinGW-W64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\bin;%path%
+set path=c:\Program Files (x86)\MinGW-W64\i686-8.1.0-posix-sjlj-rt_v6-rev0\mingw32\bin;%path%
 set CXX=c++
 REM set LIB=c:\MinGW\lib\libws2_32.a -loleaut32
-set LIB="c:\Program Files\MinGW-W64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\x86_64-w64-mingw32\lib\libws2_32.a" -loleaut32
+set LIB="c:\Program Files (x86)\mingw-w64\i686-8.1.0-posix-sjlj-rt_v6-rev0\mingw32\i686-w64-mingw32\lib\libws2_32.a" -loleaut32
 set LDFLAGS=-Wl,--output-def=snfmulti.def -Wl,--out-implib=libsnfmulti.a -Wl,-dll
 %CXX% -shared -o snfmulti.dll %LDFLAGS% snfmultidll.o FilterChain.o GBUdb.o mangler.o scanner.o snfCFGmgr.o snf_engine.o snfGBUdbmgr.o snf_HeaderFinder.o snfLOGmgr.o SNFMulti.o snfNETmgr.o snf_sync.o snf_xci.o snfXCImgr.o base64codec.o configuration.o networking.o threading.o timing.o %LIB%

MinGW-32/buildSNFMultiTestDLL.cmd

@@ -1,8 +1,10 @@
 setlocal
+REM set path=c:\MinGW\bin;%path%
+REM set LIB=c:\MinGW\lib\libws2_32.a
 del SNFMultiTest.exe
-set path=c:\MinGW\bin;%path%
+set path=c:\Program Files (x86)\MinGW-W64\i686-8.1.0-posix-sjlj-rt_v6-rev0\mingw32\bin;%path%
 set CXX=c++
-set CXXFLAGS=-I../include -I../SNFMulti -I../CodeDweller -I.. -mthreads
-set LIB=c:\MinGW\lib\libws2_32.a
+set CXXFLAGS=-I../include -I../SNFMulti -I../CodeDweller -I.. -mthreads -static-libgcc -static-libstdc++
+set LIB="c:\Program Files (x86)\mingw-w64\i686-8.1.0-posix-sjlj-rt_v6-rev0\mingw32\i686-w64-mingw32\lib\libws2_32.a"
 set LDFLAGS=-L. -lSNFMulti
 %CXX% ../SNFMultiTest/main.cpp ../CodeDweller/timing.cpp ../CodeDweller/threading.cpp %CXXFLAGS% -o SNFMultiTest.exe %LDFLAGS%

MinGW-32/buildvs2019SNFMultiImportLib.cmd

@@ -0,0 +1,3 @@
+DEL vs2019_snfmulti.*
+
+LIB /DEF:SNFMulti.def /OUT:vs2019_snfmulti.lib /MACHINE:X86

MinGW-32/compileSNFMultiDLL.cmd

@@ -1,9 +1,8 @@
 setlocal
 REM set path=c:\MinGW\bin;%path%
-set path=c:\Program Files\MinGW-W64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\bin;%path%
-REM set path=c:\Program Files\MinGW-W64\x86_64-8.1.0-win32-seh-rt_v6-rev0\mingw64\bin;%path%
+set path=c:\Program Files (x86)\MinGW-W64\i686-8.1.0-posix-sjlj-rt_v6-rev0\mingw32\bin;%path%
 set CXX=c++
-set CXXFLAGS=-I../CodeDweller -I../SNFMulti -mthreads -O3 -m32 -D_USE_32BIT_TIME_T
+set CXXFLAGS=-I../CodeDweller -I../SNFMulti -mthreads -O3 -m32 -D_USE_32BIT_TIME_T -std=c++11 -DWIN32
 del *.o
 %CXX% %CXXFLAGS% -c ../SNFMulti/FilterChain.cpp -o FilterChain.o
 %CXX% %CXXFLAGS% -c ../SNFMulti/GBUdb.cpp -o GBUdb.o

MinGW-32/installSNFMultiLibrary.cmd

@@ -1,4 +1,4 @@
 set DESTDIR=..\32bitDll
 COPY snfmulti.dll %DESTDIR%
 COPY snfmulti.def %DESTDIR%
-COPY vs2008_snfmulti.* %DESTDIR%
+COPY vs2019_snfmulti.* %DESTDIR%

MinGW-64/README

@@ -1,24 +1,10 @@
 README file for command files for building SNFServer library and applications
 
-Copyright (c) 2009-2012 ARM Research Laboratories
+Copyright (c) 2009, 2020 ARM Research Laboratories
 
 This is the README file for building the SNFMulti library and
 SNFMultiTest application using the 64-bit MinGW toolchain.
 
-Prerequisites
-
-  1) Install the 64-bit MinGW compiler in C:\MinGW-64.
-
-  2) Modify the MinGW distribution as follows:
-
-     a) Modify c:\mingw-64\x86_64-w64-mingw32\include\winioctl.h:
-
-     	Change "Unknown" enumeration name to "_Unknown" (at approximately line 490).
-
-     b) Modify c:\mingw-64\x86_64-w64-mingw32\include\math.h:
-
-     	Command out "struct exception;" (at approximately line 15).
-
 To build SNFMulti.dll
 
   1) Run "compileSNFMultiDLL.cmd".  This compiles the SNFMulti files
@@ -27,14 +13,13 @@ To build SNFMulti.dll
   ../CodeDweller directories.
 
   2) Run "buildSNFMultiDLL.cmd".  This builds snfmulti.dll,
-  libsnfmulti.a, and snfmulti.def.  These are the same files built
-  by Code::Blocks.
+  libsnfmulti.a, and snfmulti.def.
 
 To build the import and export SNFMulti libraries for VS2008:
 
-  1) With the VS2008 command prompt, run "buildVS2008SNFMultiImportLib.cmd".
-  This reads snfmulti.def and creates vs2008_snfmulti.lib (the SNFMulti import
-  library) and vs2008_snfmulti.exp (the SNFMulti export library).
+  1) With the VS2019 command prompt, run "buildVS2019SNFMultiImportLib.cmd".
+  This reads snfmulti.def and creates vs2019_snfmulti.lib (the SNFMulti import
+  library) and vs2019_snfmulti.exp (the SNFMulti export library).
 
 To copy to where the sample programs can find the files:
 
@@ -50,10 +35,4 @@ To build SNFMultiTest linked with SNFMulti.dll:
 
 To run SNFMultiTest:
 
-  1) Make sure that all DLLs required by MinGW are available to
-     SNFMultiTest.  For example, MinGW-64 with gcc 4.4.0 needs
-     libgcc_s_sjlj-1.dll, which is in \MinGW-64\bin.
-
-  2) Make sure that the sniffer configuration file is named
-     prescale.xml, and is in the current directory.  A suitable
-     configuration file is ..\SNFMultiSDK_Windows_3.1\snf_engine.xml.
+  1) Enter :SNFMultiTest" at the command line.

MinGW-64/buildSNFMultiTestDLL.cmd

@@ -1,7 +1,12 @@
 del SNFMultiTest.exe
-set path=c:\MinGW-64\bin;%path%
-set CXX=x86_64-pc-mingw32-c++
+REM set path=c:\MinGW-64\bin;%path%
+REM set CXX=x86_64-pc-mingw32-c++
+REM set LIB=c:\MinGW-64\x86_64-pc-mingw32\lib64\libws2_32.a
+
+set path=c:\Program Files\MinGW-W64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\bin;%path%
+set CXX=c++
+set LIB="c:\Program Files\MinGW-W64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\x86_64-w64-mingw32\lib\libws2_32.a"
+
 set CXXFLAGS=-I../include -I../SNFMulti -I../CodeDweller -I.. -mthreads
-set LIB=c:\MinGW-64\x86_64-pc-mingw32\lib64\libws2_32.a
 set LDFLAGS=-L. -lSNFMulti
 %CXX% ../SNFMultiTest/main.cpp ../CodeDweller/timing.cpp ../CodeDweller/threading.cpp %CXXFLAGS% -o SNFMultiTest.exe %LDFLAGS%

MinGW-64/buildvs2019SNFMultiImportLib.cmd

@@ -0,0 +1,3 @@
+DEL vs2019_snfmulti.*
+
+LIB /DEF:SNFMulti.def /OUT:vs2019_snfmulti.lib /MACHINE:X64

MinGW-64/installSNFMultiLibrary.cmd

@@ -1,4 +1,4 @@
 set DESTDIR=..\64bitDll
 COPY snfmulti.dll %DESTDIR%
 COPY snfmulti.def %DESTDIR%
-COPY vs2008_snfmulti.* %DESTDIR%
+COPY vs2019_snfmulti.* %DESTDIR%

MinGW-64/prescale.xml

@@ -0,0 +1,150 @@
+<!-- SNFMulti V3.0 Configuration File, Setup: Typical of Win* Client / Server -->
+<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
+
+<snf>
+    <node identity='c:/SNF/identity.xml'>
+
+        <paths>
+            <log path='c:/SNF/'/>
+            <rulebase path='c:/SNF/'/>
+            <workspace path='c:/SNF/'/>
+        </paths>
+
+        <logs>
+
+            <rotation localtime='no'/>
+
+            <status>
+                <second log='yes' append='no'/>
+                <minute log='yes' append='no'/>
+                <hour log='no' append='no'/>
+            </status>
+
+            <scan>
+                <identifier force-message-id='no'/>
+                <classic mode='none' rotate='yes' matches='unique'/>
+                <xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>
+
+                <xheaders>
+                    <output mode='none'/>
+
+                    <version on-off='off'>X-MessageSniffer-Version</version>
+                    <license on-off='off'>X-MessageSniffer-License</license>
+                    <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
+                    <identifier  on-off='off'>X-MessageSniffer-Identifier</identifier>
+                    <gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
+                    <result on-off='off'>X-MessageSniffer-Scan-Result</result>
+                    <matches on-off='on'>X-MessageSniffer-Rules</matches>
+
+                    <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
+                    <white on-off='off'>X-MessageSniffer-White: Yes</white>
+                    <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
+                    <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
+                    <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
+                    <symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
+                    <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
+                    <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
+                    <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
+                    <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
+                    <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
+                    <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
+                    <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
+                    <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
+                    <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
+                    <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
+                    <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
+                    <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
+                    <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
+                    <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
+                    <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
+                    <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
+                    <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
+
+                </xheaders>
+            </scan>
+        </logs>
+
+        <network>
+            <sync secs='30' host='sync.messagesniffer.net' port='25'/>
+            <update-script on-off='on' call='c:/SNF/getRulebase.cmd' guard-time='180'/>
+        </network>
+
+        <xci on-off='on' port='9001'/>
+
+        <gbudb>
+            <database>
+
+                <condense minimum-seconds-between='600'>
+                    <time-trigger on-off='on' seconds='86400'/>
+                    <posts-trigger on-off='off' posts='1200000'/>
+                    <records-trigger on-off='off' records='600000'/>
+                    <size-trigger on-off='on' megabytes='150'/>
+                </condense>
+
+                <checkpoint on-off='on' secs='3600'/>
+
+            </database>
+
+            <regions>
+
+                <white on-off='on' symbol='0'>
+                    <edge probability='-1.0' confidence='0.4'/>
+                    <edge probability='-0.8' confidence='1.0'/>
+                    <panic on-off='on' rule-range='1000'/>
+                </white>
+
+                <caution on-off='on' symbol='40'>
+                    <edge probability='0.4' confidence='0.0'/>
+                    <edge probability='0.8' confidence='0.5'/>
+                </caution>
+
+                <black on-off='on' symbol='63'>
+                    <edge probability='0.8' confidence='0.2'/>
+                    <edge probability='0.8' confidence='1.0'/>
+                    <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
+                    <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
+                </black>
+
+            </regions>
+
+            <training on-off='on'>
+
+                <bypass>
+                    <!-- <header name='To:' find='spam@example.com'/> -->
+                    <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
+                </bypass>
+
+                <drilldown>
+                    <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
+                    <!-- <received ordinal='0' find='mixed-source.com'/> -->
+                    <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
+                </drilldown>
+
+                <source>
+                    <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
+                    <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
+                </source>
+
+                <white>
+                    <result code='1'/>
+                    <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
+                </white>
+
+            </training>
+
+         </gbudb>
+
+         <rule-panics>
+             <!--
+             <rule id='123456'/>
+             <rule id='123457'/>
+             -->
+         </rule-panics>
+
+         <platform/>
+
+         <msg-file type='rfc822'/>
+
+    </node>
+</snf>
+

SNFMulti

@@ -1 +1 @@
-Subproject commit c5aed611cba49fe73bd998ab426b07d70c4d9565
+Subproject commit baec2fef7d355ca2a72d90876c55ca833710b008

readme

@@ -1,6 +1,6 @@
 This is where the SNF SDK for Windows Package is kept.
 
-Copyright (c) 2009 - 2011 ARM Research Laboratories
+Copyright (c) 2009 - 2020 ARM Research Laboratories
 
 The 64-bit SNFMulti.dll file is built using MinGW-64, the 64-bit MinGW
 toolchain.  The 32-bit SNFMulti.dll file is built using MinGW, the