SNFClient_readme.txt 6.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. SNFClient Readme
  2. Copyright (c) 2010 ARM Research Laboratories
  3. Command line client for SNF. This utility formats and processes SNF_XCI
  4. requests through the SNF Engine working on the local machine. In general
  5. this utility can be used as a replacement for the earlier SNF command
  6. line scanner. It is also useful for other uses such as debugging and
  7. communicating with GBUdb.
  8. Note: Unlike prior versions of SNF, this command line utility does not
  9. need to be "branded" (renamed for the SNF license id).
  10. _________
  11. Help Mode
  12. SNFClient.exe
  13. When called with no command line parameters the utility produces
  14. help and version information.
  15. __________
  16. Debug Mode
  17. SNFDebugClient.exe
  18. When "debug" or "Debug" appears in the path to the program name
  19. or if the program's name is altered to include the word "debug" or
  20. "Debug" then the program will produce additional information about
  21. it's operation to aid in debugging problems. This includes the
  22. entire raw SNF_XCI request and response.
  23. __________________
  24. Message Scan Modes
  25. These modes are used to scan email message files (the data part of
  26. smtp). This utility can be used as a drop-in replacement for previous
  27. verions of SNF (Message Sniffer) for scanning messages. However, this
  28. new version does not need to be "branded" (renamed for the license id)
  29. and will ignore the authentication string if it is provided. Also,
  30. since the newer version of SNF uses a client-server model and not a
  31. peer-server model, there is no need for a "persistent" mode.
  32. If "persistent" is passed to this utility on the command line as it
  33. would be used in prior versions of SNF then it will be treated like
  34. a file name and the scan will normally fail since a file named
  35. "persistent" is not likely to exist.
  36. SNFClient.exe <FileNameToScan>
  37. Scan Mode: Scans <FileNameToScan> and returns a result code.
  38. SNFClient.exe <authenticationxx> <FileNameToScan>
  39. Compatibility Mode: Ignores <authenticationxx> then scans the
  40. <FileNameToScan> and returns a result code. This mode provides
  41. drop-in compatibility with previous versions of SNF.
  42. SNFClient.exe -xhdr <FileNameToScan>
  43. XHeader Mode: Scans <FileNameToScan> and returns the result. Also
  44. outputs the contents of the X-Headers created by the SNF engine. If
  45. the SNF engine is configured to inject these headers then they will
  46. also have been injected into the <FileNameToScan>.
  47. The SNF Engine can be configured to provide the X-Headers only to
  48. the API without injecting them. In this case the XHeader Mode will
  49. display the X-Headers that would be injected, but they will not
  50. have been injected into the <FileNameToScan>.
  51. If the SNF Engine is configured not to produce X-Headers (none) then
  52. the XHeader Mode will not produce X-Headers because they will not
  53. have been generated by the engine.
  54. (note: -xhdr and -source options can be combined)
  55. SNFClient.exe -source=<IP4Address> <FileNameToScan>
  56. Source-IP Mode: Scans <FileNameToScan> and returns the result. The
  57. provided source IP is injected into the scan as the first Received
  58. header so that the scanning engine will presume the IP is the source
  59. of the message. This allows you to pre-define the source IP for the
  60. message when there is no other received header or when the received
  61. headers may be incorrect or may not present the actual source of
  62. the message.
  63. (note: -xhdr and -source options can be combined)
  64. _____________________________
  65. SNFServer Status Report Modes
  66. SNFClient.exe -status.second
  67. SNFClient.exe -status.minute
  68. SNFClient.exe -status.hour
  69. This mode returns the latest posted status report as indicated.
  70. Normally these status reports are also posted to files in the
  71. SNFServer workspace.
  72. In this mode the SNFClient will return a result code (error level)
  73. of 0 when the request is successful and 99 (or some nonzero value)
  74. when the request is not successful. This allows the SNFClient to
  75. be used to verify that the SNFServer is running.
  76. Note: In most other modes the SNFClient returns a fail-safe 0
  77. result code to avoid tagging messages as spam when there are errors.
  78. ________________________
  79. XCI Server Command Modes
  80. These features will expand as needed in later versions.
  81. SNFClient.exe -shutdown
  82. If the SNF Engine is running in an application that accepts SNF_XCI
  83. server commands then this mode will send that command. The shutdown
  84. command may have no effect if the application does not use the SNF_XCI
  85. server commnand interface or does not recognize the command.
  86. ___________
  87. GBUdb Modes
  88. These modes are used to communicate with the GBUdb system on the
  89. local node. It is possible to test (read out) an IP record or make
  90. any of a number of changes to IP data in the GBUdb.
  91. SNFClient.exe -test <IP4Address>
  92. Returns the current GBUdb statistics for the <IP4Address>
  93. SNFClient also returns a result code that matches the GBUdb range
  94. for the tested IP. These ranges are defined in the SNFServer
  95. configuration file. By default they are:
  96. 20 - Truncate
  97. 63 - Black
  98. 40 - Caution
  99. 0 - Normal
  100. SNFClient.exe -set <IP4Address> <flag> <bad> <good>
  101. Creates or updates the data for <IP4Address> as provided. The
  102. <IP4Address> must be provided as well as at least one of
  103. <flag>, <bad>, and <good>. If <flag>, <bad>, or <good> are
  104. to be left unchanged then they should be entered as a dash "-".
  105. Examples:
  106. Set all data for an IP. The flag will be "ugly", the bad count
  107. will be 0 and the good count will be 1000.
  108. SNFClient.exe -set 12.34.56.78 Ugly 0 1000
  109. Set the flag to "ignore" and do not change the counts.
  110. SNFClient.exe -set 12.34.56.78 ignore - -
  111. Set the good count to 400 and do not change anything else.
  112. SNFClient.exe -set 12.34.56.78 - - 400
  113. SNFClient.exe -good <IP4Address>
  114. Creates or updates statistics for the <IP4Address>. Increases the
  115. good count by one. (Record a good event)
  116. SNFClient.exe -bad <IP4Address>
  117. Creates or updates statistics for the <IP4Address>. Increases the
  118. bad count by one. (Record a bad event)
  119. SNFClient.exe -drop <IP4Address>
  120. Removes all local data for the <IP4Address>. Anything the local
  121. system "knows" about the IP is forgotten. Next time the IP is
  122. encountered it will be treated as new.
  123. ____________________
  124. For More Information
  125. See www.armresearch.com
  126. Copyright (C) 2007-2008 Arm Research Labs, LLC.