20200623 Engine 3.2.2 Removed saccades 20200623 latest CodeDweller - all MIT license now 20191104 Updated copyright notice 20160418 Bumped tiny revision for buffer allocation bug fix in CodeDweller configuration.cpp 20151223 Version Number Change. 20151223 * Replaced White-Guard algorithm with Strangers algorightm. * Updated version number of SNFMulti. 20151216 Tightened up evaluator code to eliminate un-necessary attempts to match precise tokens. 20140610 Fixed the Black X-header so that it ignores above-band result codes. Incremented the very minor engine revision number. 20140512 Updated version number to go along with updates to the engine. There are no real changes with the SNFServer code, but this number update will remove confusion about whether the SNFServer engine is up to date with the fairly significant changes in the underlying engine. 20140507 * Fixed warning where a Mutex passed to GBUdbRecordLockingShim() by value should have been passed by reference. (reference to stack allocated object) * Bumped minor revision on the engine -- now 3.1.2. 20140502 * Implemented WhiteGuard * Updated engine revision number 20140212 Implemented AI based "saccades" engine to improve scanning efficiency. The Saccades engine borrows from vision systems research and allows SNF to learn important message structures and adapt it's scanning technique in real-time. Using this engine SNF can often avoid scanning large portions of each message without missing important content resulting in potentially 10 fold improvements in scanner efficiency. 20140124 * Further optimized deep code in the scanning engine using a jump table to replace a collection of if/else logic. * Updated some of the related code using more modern and/or correct coding practices. 20140119 Improved time tracking / reporting. 20131203 Minor revision tick. 20131203 Bug Fix: Corrected Timestamp() formatting. 20131203 Bug Fix: Updated Timestamp() to use C++ stringstream and to handle possible null pointer from gmtime() 20131022 * Remove dependency on config.h. * Hard-code version to 3.0. 20121121 * Fixed a bug in scanMessageFile where the XHDRInjectOn flag was being interpreted before it had been set by the configuration This caused large messages to be rewritten shorter than they needed to be when header injection was turned on because the flag would appear to be off and the MessageFileSize would be recalculated downward. Later, after the flag was set, the headers would be injected into the shortened file. * Added a function to snf_RulebaseHandler that safely peeks at the current configuration to facilitate the above bug fix. * Bumped the minor revision number for the engine. 20121120 * Improved code quality for logic that shrinks the message size when header injection is turned off. * Bumped minor revision number. 20121022 Corrected a bug where match records were not recorded in the ScanData. Updated engine minor version. 20121001 Fixed subtle bug where normal XCI responses did not end with \n. Updated engine version number to 3.0.20. 20120930 Changed boolean to bool at 986 and 987 - bool is the correct type specifier for C++ and this was causing errors on one of the labrat compilers. No idea why it worked perfectly on mingw! 20120928 * snf_EngineHandler::scanMessageFile updated to read only up to the scan horizon of large files if possible (when header injection is turned off) * snfXCImgr now has 8 processing channels. * Engine Version number changed. 20120326 Changed minor revision number to reflect rebuilding the engine with new CodeDweller networking bug fixes. 20120326 Dropped E3.0.17 binary, added E3.0.18 binary. 20110505 Committing candidate SNFServer with refined SNFMulti code covering rule panic handling and pattern match voting. 20110505 Reworked rule voting code to clarify and bring the code closer to current standards. This was part of researching a potential problem involving the voting of panicked rules and this rebuild has verified that there is no problem --- panicked rules are indeed inert as intended. 20110219 * Fixed bug where only one of multiple source header directives with the same source header definition would be recognized. The fix was to improve the comparator function for HeaderFinderPattern so that it included context. Prior to that only one source header definition would be recognized because the ordinal is always 0 for source headers. As a result, only the first context could be registered. * Refactored HeaderFinder::CheckContent() to improve the coding style and make use of a switch(). * Corrected a bug in HeaderFinder::CheckContent that would allow a header forced source IP to be set multiple times. Now it will only be set when the first event where all of the conditions are satisfied. Bug was that the test that the source had already been set was looking at the source IP which is actually never set until the actual message scan begins (after header directives have already been evaluated). * Changed SNFMulti revision to 16. 20100614 * Fixed bug in FilterChainBase64 where an extra character would be returned if the module ran out of data in SCANNING mode. Now if this occurs a flag is set and "No More Data" is thrown instead of returning the extra byte. * Adjusted DEFUNKER preamble in code to indicate spaces in front and back since newlines would be converted to spaces by the outer shell of FilterChainDefunker. * Adjusted engine update number to .15 - now at Version 3.0.15 20100531 * Changed engine update number to .14 (now Version 3.0.14). * Modified FilterChainDefunker to avoid recursion when eating (X)HTML tags. Now there is a new mechanism that allows deeper states to return nothing (no conversion) by setting a boolean flag. The result is that the root state will skip that result and try again with the next available byte in a simple loop (no recursion). This eliminates a vulnerability where a message constructed with deeply embeded / chained (X)HTML tags could cause the system to run out of stack space under some conditions. 20100405 * Fixed bug in scanMessageFile where a very short message file could cause the exception: ERROR_MSG_XHDRi: Begin vector::_M_range_check * Changed version to 3.0.13 20100318 Fixed bug in GBUdbIgnoreList reader to prevent reading outside of the line buffer. 20091103 Fixed bug in snfCFGmgr where OEM provided license ID was not always captured in the configuration data causing SYNC authentication problems. Updated version to 3.0.12. 20090821 Fixed memory leak when failing to authenticate a rulebase file. 20090730 * Moved persistent state aux store() operations to RecordSyncEvent * Changed DiscLogger wait time to 1 second * New engine version number 3.0.10 20090724 Updated mingwm10.dll. New SNFServer build requires newest mingwm10.dll (see notes on version problems discovered when building snfmulti.dll project) 20090724 Changed engine revision to 3.0.9 after networking SIGPIPE bug fix. 20090707 SNFMulti engine now at 3.0.8 after several small bug fixes. 20090707 Fixed valgrind complaint about using uninitialized data when generating a OneTimePad. The algorithm uses unsigned char x as a register. Each next random byte in the pad is based on encrypting the last-- so a first byte is needed. Original code used an uninitialized x on purpose in order to get a supposedly unpredictable byte out of RAM. To make valgrind happy (and truly to make the algorithm better) x is now initialized by encrypting a 0 with the pad generator. This value is not directly exposed in the generated pad. The first byte in the one time pad is not the result of encrypting 0 but instead the result of encrypting the result of that operation. So, the first byte is based on the state of the pad generator just prior to making the OneTimePad. This is probably harder to predict than the state of the stack (where x would have come from) anyway. 20090707 * Fixed persistent state data bug. Persistent state data is now saved once per second after updating status logs. * Improved snfLOGmgr d'tor so that final persistent state data is only saved (attempted) if snfLOGmgr has been Configured. 20090707 * Fixed initialization of time trigger (typo) was 846... now 864... Supposed to be "once per day". * Fixed missing initialization of Configured(false). 20090707 Upgraded Engine to SNFMulti V3.0.8 (contains minor bug fixes). 20090704 Getting closer - new DLL, new features, a little polish. NOTE: Beginning with this update this ChangeLog will only list hilights. For more details check the logs at https://svn.microneil.com/websvn/ * snfmulti.dll is now at version 3.0, engine 3.0.7 * Used newer MinGW with improved optimizations * Using newest SNF engine with several minor bug fixes * Added startupSNFAuthenticated() so OEMs can protect SNF license info * Added getIPReputation() to aid in converting GBUdb stats to weights * Added C++ sample code * Reorganized SNFMulti code base. 20090317 Work in progess toward SDK release. * Included latest getRulebase.cmd and curl.exe * Included SNFClient_readme.txt and SNFServer_readme.txt * Included / updated SNFClient, and snf_engine.xml * Added ReadMe.html - includes API documentation * Added missing snf_ERROR_EXCEPTION to snfmultidll.h file * Removed redundant #define EXP __declspec(dllexport) from snfmultidll.cpp 20080723 Version 2.9r3 - Engine 3.0 * Compiled DLL using new SNF engine V3.0. * Added snf_ERROR_EXCEPTION result (-3) to show when an exception occurred during a call that could not be expressed with one of the normal SNF result codes. * Wraped DLLMain() functions in a try/catch to eat any exceptions. If an exception occurs the function will return false; * Added pre-allocation to result cache buffers to minimize heap allocation during operations. The pre-allocated amount should be sufficient for all cases. If it is not then the string objects will allocate more as needed. * Changed snf_ERROR_UNKNOWN to snf_ERROR_EXCEPTION for startupSNF() and shutdownSNF(). * Wrapped testIP() in try/catch - now returns snf_ERROR_EXCEPTION if an exception occurs. * Wrapped getScanXHeaders() in try/catch - now returns snf_ERROR_EXCEPTION if an exception occurs. * Wrapped getScanXMLLog() in try/catch - now returns snf_ERROR_EXCEPTION if an exception occurs. * Wrapped getScanClassicLog() in try/catch - now returns snf_ERROR_EXCEPTION if an exception occurs. * Wrapped closeScan() in try/catch - now returns snf_ERROR_EXCEPTION if an exception occurs.