madscientist
/
PKG-SNF4CGP-WIN
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

git-svn-id: https://svn.microneil.com/svn/PKG-SNF4CGP-WIN/trunk@2 7d91e7c8-5a61-404e-b06a-95855fde9112

master
madscientist 15 years ago
parent
a210deb862
commit
e7c959fcd0
10 changed files with 692 additions and 127 deletions
Unified View Show Diff Stats
  1. 62
    0
      CGPSNF-Win32-Intel/CGPSNF/Doc/AdminStyle.css
  2. BIN
      CGPSNF-Win32-Intel/CGPSNF/Doc/CGPLogo.gif
  3. BIN
      CGPSNF-Win32-Intel/CGPSNF/Doc/DownLoad.gif
  4. 72
    0
      CGPSNF-Win32-Intel/CGPSNF/Doc/GuideStyle.css
  5. 340
    0
      CGPSNF-Win32-Intel/CGPSNF/Doc/default.html
  6. 11
    0
      CGPSNF-Win32-Intel/GBUdbIgnoreList.txt.sample
  7. 2
    0
      CGPSNF-Win32-Intel/identity.xml.sample
  8. 162
    0
      CGPSNF-Win32-Intel/snf_engine.xml.sample
  9. 0
    127
      ReadMe
  10. 43
    0
      ReadMe.txt

+ 62
- 0
CGPSNF-Win32-Intel/CGPSNF/Doc/AdminStyle.css View File

.WebAdmin {
font-size: smaller; font-family:Helvetica, Geneva, Arial, SunSans-Regular, sans-serif;
color:#448;
}

body.inner {margin: 1pt;}

.WebAdmin.TT {font-size: 100%;}

.WebAdmin.A {color: black }

.warning {color: red;}

.button {color: #069; font-weight:bold;}

.settingsBox {background-color: #F8F8FF; border: 1pt solid #069; border-collapse: collapse; }
.settingsBox caption {color: #069; font-weight:bold; background-color: #CCD; border: 1px solid #069;}
.settingsBox caption TH {font-weight:bold;}
.settingsBox TR TH {background-color: #DDE; font-weight:bold;}
.settingsBox THEAD TR,
.settingsBox TFOOT TR {background-color: #DDF;}

.settingsCaption {color: #069; background-color: #CCD; border: 1pt solid #069; border-collapse: collapse;}
.settingsCaption TH {font-weight:bold;}

.arrow {font-weight:bold;}
.arrow A,
.arrow A:active {color: #06A; text-decoration: underscore;}
.arrow A:hover {color: #F93; text-decoration: underscore blink;}

.logView {font-family:Monaco, Courier, serif; color: black; background-color: white;}
.logViewInline {font-family:Monaco, Courier, serif; color: black; background-color: #F0F8F8; border: 1pt solid #069;}

.histoBar {background-color: #069; }

.tabSet {padding: 0pt; spacing: 0pt;}
.tab {padding: 1pt 2pt 0pt 2pt; border-bottom: solid 1pt #444; font-weight: bold;}
.tab DIV {background-color: #CCC; border: solid 1pt #AAA; border-bottom-width: 0px;}
.tabName {padding: 1pt 2pt 0pt 2pt; border-bottom: solid 1pt #444; font-weight: bold; font-family: monospace; color: #444; text-transform: uppercase;}

.tabActive {background-color: #DDD; border: solid 1pt #444; border-bottom-width: 0px; font-weight: bold; color: #F93;}

.tabDataOuter {border: solid 1pt #444; border-top-width: 0pt; padding: 5pt 2pt 2pt 3pt; background-color: #DDD;}
.tabData {border: solid 2pt #EEE; border-width: 5pt 2pt 2pt 4pt; padding: 0pt; background-color: #EEE;}

.tab A,
.tab A:active {color: #069; text-decoration: none;}
.tab A:hover {color: #F93; text-decoration: blink;}

.tabActive A,
.tabActive A:active {color: #F93; text-decoration: underline;}
.tabActive A:hover {color: #F93; text-decoration: blink;}

.helpLink {font-weight: bolder;}
.helpLink A,
.helpLink A:active {color: #069; text-decoration: none;}
.helpLink A:hover {color: #F93; text-decoration: blink;}

.directoryValue {font-family: monospace; color: black; word-wrap: break-word;}
.serviceName {font-family: monospace; color: black;}

.settingFixed {background-color: white; border: solid 1pt #069; font-family: monospace; color: Black; padding:1pt;}

BIN
CGPSNF-Win32-Intel/CGPSNF/Doc/CGPLogo.gif View File


BIN
CGPSNF-Win32-Intel/CGPSNF/Doc/DownLoad.gif View File


+ 72
- 0
CGPSNF-Win32-Intel/CGPSNF/Doc/GuideStyle.css View File

body {font-family: serif; color:black;}

tt {font-size: 100%;}

.tabLeftSet {padding: 0pt; font-family: sans-serif;}
.tabLeftSet td {padding: 2pt 0pt 2pt 1pt; border-right: solid 1pt #444; font-weight: bold;}
.tabLeftSet td div {background-color: #CCC; border: solid 1pt #AAA; border-right-width: 0px; padding: 2pt;}
.tabLeftSet th {background-color: #DDD; border: solid 1pt #444; border-right-width: 0px; font-weight: bold; color: #F93; text-align: left;}

.tabLeftSet td a,
.tabLeftSet td a:active {color: #069; text-decoration: none;}
.tabLeftSet td a:hover {color: #F93; text-decoration: blink;}

.tabLeftSet th a,
.tabLeftSet th a:active {color: #F93; text-decoration: underline;}
.tabLeftSet th a:hover {color: #F93; text-decoration: blink;}

.tabTopOuter {border: solid 1pt #444; border-left-width: 0pt; padding: 2pt 2pt 2pt 5pt; background-color: #DDD;}
.tabTopData {border: solid 2pt #EEE; border-width: 2pt 2pt 2pt 4pt; padding: 0pt; background-color: #EEE;}

.tabTopSet {padding: 0pt; font-family: sans-serif;}

.tabTopSet td {padding: 1pt 2pt 0pt 2pt; border-bottom: solid 1pt #444; font-weight: bold;}
.tabTopSet td div {background-color: #CCC; border: solid 1pt #AAA; border-bottom-width: 0px;}

.tabTopSet th {background-color: #DDD; border: solid 1pt #444; border-bottom-width: 0px; font-weight: bold; color: #F93;}

.tabTopSet td a,
.tabTopSet td a:active {color: #069; text-decoration: none;}
.tabTopSet td a:hover {color: #F93; text-decoration: blink;}

.tabTopSet th a,
.tabTopSet th a:active {color: #F93; text-decoration: underline;}
.tabTopSet th a:hover {color: #F93; text-decoration: blink;}

.tabBodyOuter {border: solid 1pt #444; border-top-width: 0pt; padding: 5pt 2pt 3pt 3pt; background-color: #DDD;}
.tabBody {border: solid 2pt #EEE; border-width: 5pt 2pt 2pt 4pt; padding: 0pt; background-color: #FFF;}

h1 {color: white; background-color: #069; font-family: sans-serif; text-indent: 5pt; border: 0pt; margin: 0pt;}

.guideTOC {border: solid 2pt #069; background-color: #EEF; }
.guideTOC ul {list-style: square outside;}
.guideTOC li a,
.guideTOC li a:active {color: #069; text-decoration:none; font-family: sans-serif; font-weight: bold;}
.guideTOC li a:hover {color: #F93;}

h2 {color: #069; font-family: sans-serif;}
h3 {color: #069; font-family: sans-serif;}
hr {color: #069;}

.guideCopyright {color: #069; font-size: smaller;}
.guideVersion {color: #069; font: bold italic smaller sans-serif;}

.guideSection {margin-left: 20;}

.guideTable {background-color: #F8F8FF; border: 1pt solid #069; border-collapse:collapse; }
.guideTable th {background-color: #E0E0FF; border: 1pt solid #069; color:Navy; }
.guideTable td {border: 1pt solid #069; }

.sampleCode {color: Navy; font-family: monospace;}
.sampleData {color: Blue; font-family: monospace;}
.sampleMarkup {color: #250; border: solid 1px #069; padding: 1px; font-family: monospace;}
.sampleProgram {color: Navy; background-color: #F4F4F4; border-style: double; border-color: #888; padding: 2px; font-family: monospace;}
.sampleMIME {background-color: #F4F4F4; border-style: dashed; border-color: #888; padding: 2px; font-family: monospace; font-size:smaller; color: Blue;}
.sampleProto {background-color: #F4F4F4; border-style: double; border-color: #888; padding: 2px; font-family: monospace; font-size:smaller; }
.sampleProtoC {color: Navy;}
.sampleProtoS {color: Blue;}

.syntax {color: Black; background-color: white; padding: 2px; font-family: monospace;}
.syntaxTable td {color: Black; background-color: white; padding: 5px; font-family: monospace;}

.spacedList dd {border-bottom: solid 1em white; }

+ 340
- 0
CGPSNF-Win32-Intel/CGPSNF/Doc/default.html View File

<HTML>
<HEAD>
<TITLE>CommuniGate Pro: ARM Research Labs Sniffer Antispam Plugin</TITLE>
<link rel="stylesheet" href="GuideStyle.css" type="text/css" />
<link rel="stylesheet" href="AdminStyle.css" type="text/css" />

</HEAD>
<BODY BGCOLOR=white>

<TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
<td><img src="CGPLogo.gif" alt="CommuniGate Pro" /></td>
<tr><td class="tabBodyOuter">
<table width="100%" cellspacing="0" cellpadding="0" class="tabBody"><tr><td>
<h1>ARM Research Labs Sniffer Plugin for CommuniGate Pro</h1>
<div class="guideTOC"><ul>

<TABLE width="100%" cellspacing="0" cellpadding="0" class="tabBody" >


<LI><A href="#Download">Download the Sniffer Plugin</A>
<LI><A href="#Install">Installation</A>
<UL>
<LI><A href="#WIN32">Installing on a MS Windows 200x/NT/XP/9x System</A>
<LI><A href="#Linux">Installing on a Linux System</A>
<LI><A href="#FreeBSD">Installing on a FreeBSD or OpenBSD System</A>
</UL>
<LI><A href="#Upgrading">Upgrading to a newer version</A>
<LI><A href="#Config">Configuring the Sniffer Plugin</A>
<LI><A href="#Test">Testing the Sniffer Plugin</A>
<LI><A href="#Options">Command line options</A>
<LI><A href="#Integrate">Integrating the Sniffer Plugin with CommuniGate Pro</A>
<LI><A href="#Update">Updating the spam definitions database</A>

</ul></div>
</TD></TR></TABLE>

</table>
</TABLE>



<P><B>Note:</B> The ARM Research Labs Sniffer Plugin is available only
for <I>some</I> platforms supported with the CommuniGate Pro server
software. Before you order the Sniffer Plugin License, make sure that
the available versions of the Sniffer Plugin software run on your
CommuniGate Pro Server platform.

<P><B>Note:</B> The ARM Research Labs Sniffer Plugin requires
CommuniGatePro version 5.2.3 or later.


<H2><HR><A NAME="Download"></A>Download the ARM Research Labs Sniffer Plugins</H2>
<DL><DD>
<P>ARM Research Labs Sniffer antispam plugins are available for certain platforms only.

<TABLE class="guideTable" BORDER=1 CELLSPACING=0 CELLPADDING=1>
<TR BGCOLOR="#cccccc">
<TH NOWRAP rowspan=2 width=50%>Operating System</TH>
<TH NOWRAP rowspan=2>CPU</TH>
<TH NOWRAP colspan=2>Download</TH>
</TR>

<TR BGCOLOR="#cccccc">
<TH NOWRAP>via<BR>http</TH>
<TH NOWRAP>via<BR>ftp</TH>
</TR>

<TR>
<TD ALIGN=CENTER>Microsoft Windows NT/2000/XP<BR>Microsoft Windows 95/98</TD>
<TD ALIGN=CENTER>x86</TD>
<TD ALIGN=CENTER><A HREF="http://www.armresearch.com/pub/plugins/SNF4CGP-Win32-Intel.zip">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
<TD ALIGN=CENTER><A HREF="ftp://ftp.armresearch.com/pub/plugins/SNF4CGP-Win32-Intel.zip">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
</TR>

<TR>
<TD ALIGN=CENTER>Linux<BR>Kernel 2.6 (stdc++ library version = 6.0)</TD>
<TD ALIGN=CENTER>x86</TD>
<TD ALIGN=CENTER><A HREF="http://www.armresearch.com/pub/plugins/SNF4CGP-Linux-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
<TD ALIGN=CENTER><A HREF="ftp://ftp.armresearch.com/pub/plugins/SNF4CGP-Linux-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
</TR>

<TR>
<TD ALIGN=CENTER>FreeBSD 7.x</TD>
<TD ALIGN=CENTER>x86</TD>
<TD ALIGN=CENTER><A HREF="http://www.armresearch.com/pub/plugins/SNF4CGP-FreeBSD7-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
<TD ALIGN=CENTER><A HREF="ftp://ftp.armresearch.com/pub/plugins/SNF4CGP-FreeBSD7-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
</TR>

<TR>
<TD ALIGN=CENTER>OpenBSD 4.3</TD>
<TD ALIGN=CENTER>x86</TD>
<TD ALIGN=CENTER><A HREF="http://www.armresearch.com/pub/plugins/SNF4CGP-OpenBSD4.3-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
<TD ALIGN=CENTER><A HREF="ftp://ftp.armresearch.com/pub/plugins/SNF4CGP-OpenBSD4.3-Intel.tar.gz">
<IMG SRC="DownLoad.gif" BORDER=0 WIDTH=16 HEIGHT=16></A></TD>
</TR>

</TABLE>

</DL>

<P>The current version of the Plugin is 0.1.0.
<P>The current version of the ARM Research Labs Sniffer Engine is 3.0.11.


<H3><HR><A name=Upgrading></A>Upgrading to a newer version.</H3>
<P>When upgrading the Plugin to a newer version, do the following steps:
<UL>
<LI>Stop the current copy of the plugin application via CommuniGate Pro WebAdmin interface.
<LI>Install and configure the new version of the Plugin as described above in this document.
</UL>

<H3><HR><A name="WIN32"></A>Installing on a MS Windows 200x/NT/XP/9x System.</H3>
<UL>
<LI>Open the command-line interface window and
change the current directory to the CommuniGate Pro <I>base directory</I>.
<LI>Use any &quot;unzip&quot;-type tool to unpack the
<TT>SNF4CGP-Win32-Intel.zip</TT> file. The <TT>SNF4CGP</TT> directory will be created inside the <I>base directory</I>.
<LI>Proceed with <A HREF="#Config">Configuring the Sniffer Plugin</A>.
</UL>

<H3><HR><A name=Linux></A>Installing on a Linux System.</H3>
<UL>
<LI>Log in as a super-user (root).
<LI>Change the current directory to the CommuniGate Pro <I>base directory</I>.
<LI>Unpack the Plugin archive with the <TT>gtar</TT> command (or
with the <TT>gunzip</TT> and <TT>tar</TT> commands):<TT><BR>
&nbsp;&nbsp;gunzip SNF4CGP-Linux-Intel.tar.gz<BR>
&nbsp;&nbsp;tar -xf SNF4CGP-Linux-Intel.tar</TT><BR>
The <TT>SNF4CGP</TT> directory will be created inside the <I>base directory</I>.
<LI>Proceed with <A HREF="#Config">Configuring the Sniffer Plugin</A>.
</UL>

<H3><HR><A name=FreeBSD></A>Installing on a FreeBSD or OpenBSD System.</H3>
<UL>
<LI>Log in as a super-user (root).
<LI>Change the current directory to the CommuniGate Pro <I>base directory</I>.
<LI>Unpack the Plugin archive with the <TT>gtar</TT> command (or
with the <TT>gunzip</TT> and <TT>tar</TT> commands):<TT><BR>
&nbsp;&nbsp;gunzip SNF4CGP-FreeBSD-Intel.tar.gz<BR>
&nbsp;&nbsp;tar -xf SNF4CGP-FreeBSD-Intel.tar</TT><BR>
The <TT>SNF4CGP</TT> directory will be created inside the <I>base directory</I>.
<LI>Proceed with <A HREF="#Config">Configuring the Sniffer Plugin</A>.
</UL>

<H3><HR><A name=Config></A>Configuring the Sniffer Plugin.</H3>

<P>In the module directory (<TT>/var/CommuniGate/SNF4CGP</TT> on a
Linux or Linux-like system):
<UL>
<LI>Copy the configuration file <TT><BR>
&nbsp;&nbsp;snf_engine.xml.sample</TT><BR> to <TT><BR>
&nbsp;&nbsp;snf_engine.xml</TT><BR> and customize as
needed. Please see the <A href="http://www.armresearch.com">ARM
Research Labs web site</A> for documentation on
the <TT>snf_engine.xml</TT> configuration file.<BR>

<LI>Copy <TT><BR>
&nbsp;&nbsp;identity.xml.sample</TT><BR> to <TT><BR>
&nbsp;&nbsp;identity.xml</TT><BR> and edit to include the
license ID and authentication attributes of
the <TT>&lt;identity&gt; element</TT>.<BR>

<LI>Copy <TT><BR>
&nbsp;&nbsp;getRulebase.sample</TT><BR> to <TT><BR>
&nbsp;&nbsp;getRulebase.xml</TT><BR> and edit to include the
license ID and authentication:

<UL>
<LI>Change the line <TT><BR>
&nbsp;&nbsp;AUTHENTICATION=authenticationxx</TT><BR>
to <TT><BR>
&nbsp;&nbsp;AUTHENTICATION=YOUR_AUTHENTICATION</TT><BR>
where <TT>YOUR_AUTHENTICATION</TT> is authentication code
obtained from ARM Research Labs.</LI>

<LI>Change the line <TT><BR>
&nbsp;&nbsp;LICENSE_ID=licenseid</TT><BR> to <TT><BR>
&nbsp;&nbsp;LICENSE_ID=YOUR_LICENSE_ID</TT><BR>
where <TT>YOUR_LICENSE_ID</TT> is license ID obtained from
ARM Research Labs.</LI>

</UL>
<BR>

<LI>Copy <TT><BR>
&nbsp;&nbsp;GBUdbIgnoreList.txt.sample</TT><BR> to <TT><BR>
&nbsp;&nbsp;GBUdbIgnoreList.txt</TT><BR> and customize as
needed. Please see the
<A href="http://www.armresearch.com">ARM Research Labs web
site</A> for documentation on the <TT>GBUdbIgnoreList.txt</TT>
file.<BR>

<LI>Download the Sniffer database:
<UL>
<LI>Create the file <TT>UpdateReady.txt</TT> in the plugin directory:<TT><BR>
&nbsp;&nbsp;touch UpdateReady.txt</TT><BR>
</LI>
<LI>Run the <TT>getRulebase</TT> script in the plugin
directory:<TT><BR>
&nbsp;&nbsp;./getRulebase</TT><BR>
This downloads the Sniffer database to the plugin directory.
</UL>

The <B><TT>SNF4CGP</TT></B> program automatically updates the
Sniffer database as needed.

<LI>Proceed with <A HREF="#Test">Testing the Sniffer Plugin</A>.
</UL>



<H3><HR><A name=Test></A>Testing the Sniffer Plugin.</H3>
<P>On Windows System:
<!--
<UL>
<LI>Launch the <TT>SNF4CGP.exe</TT> application by typing:<TT><BR>
&nbsp;&nbsp;SNF4CGP\SNF4CGP.exe SNF4CGP\snf_engine.xml</TT><BR>
It will report the Plugin version number and build date.<BR>

<LI>Type:<TT><BR>
&nbsp;&nbsp;1 FILE SNF4CGP\junkmsg.msg</TT><BR>
The plugin should report that the file is spam.
<LI>Quit <TT>SNF4CGP.exe</TT> by typing Ctrl-Z.
</UL>
-->

<P>On a Unix System:
<UL>
<LI> Change to the module directory:<TT><BR>
&nbsp;&nbsp;cd /var/CommuniGate/SNF4CGP</TT><BR>

<LI>Launch the <TT>SNF4CGP</TT> application by typing:<TT><BR>
&nbsp;&nbsp;./SNF4CGP snf_engine.xml</TT><BR>
It will report the Plugin version number and build date.<BR>

<LI>Type:<TT><BR>
&nbsp;&nbsp;1 FILE junkmsg.txt</TT><BR>
the plugin should report that the file is spam.

<LI>Quit <TT>SNF4CGP</TT> by typing Ctrl-D.
</UL>

<H3><HR><A NAME="Options"></A>Command Line Options</H3>
<DL><DD>
The Sniffer Plugin supports the following command-line option (parameters):<DL>
<P><DT><TT>snf_engine.xml</TT>
<DD>This option tells the Plugin to read the <TT>snf_engine.xml</TT>
configuration file.

</DL>
</DL>


<H3><HR><A name=Integrate></A>Integrating the Sniffer Plugin with CommuniGate Pro.</H3>

Please check the <A
HREF="http://www.communigate.com/CommuniGatePro/VirusScan.html#Launch">External
Filters</A> section of the CommuniGate Pro manual.

<P>Open the General page in the Settings section of the WebAdmin Interface and click the Helpers link.
Create the Helper as follows:


<center class="WebAdmin"><form action="Null.html">
<TABLE class="settingsBox" cellpadding="3" width="90%">
<caption>Content Filtering</caption>

<TR><TD BGCOLOR="#EEEEEE">
<TABLE class="settingsBox" WIDTH="100%" BORDER="0" CELLSPACING=1 CELLPADDING=0>
<TR>
<td align="right"><select name="U3"><option value="0">Disabled</option><option value="1" selected="selected">Enabled</option></select></td>
<td><input name="N3" value="ARM Sniffer" size="15" maxlength="200" type="text" /></td>
<TD colspan=2 ALIGN=center></TD>
</TR><TR>
<td align="right" width="25%">Log Level:</td><td><select name="L3"><option value="0">Crashes Only</option><option value="1">Failures</option><option value="2">Major &amp; Failures</option><option value="3">Problems</option><option value="4" selected="selected">Low Level</option><option value="5">All Info</option></select></td>
<td align="right" width="25%">Program Path:</td><td><input name="P3"
value="SNF4CGP/SNF4CGP /var/CommuniGate/SNF4CGP/snf_engine.xml" size="30" maxlength="255" type="text" /></td>

</TR><TR>
<TD ALIGN=RIGHT>Time-out:</TD><TD><SELECT NAME="T0"><OPTION VALUE=0>disabled<OPTION VALUE="15">15 seconds<OPTION VALUE="30">30 seconds<OPTION VALUE="60">minute<OPTION VALUE="120">2 minutes<OPTION VALUE="180">3 minutes<OPTION VALUE="300" SELECTED>5 minutes<OPTION VALUE="600">10 minutes<OPTION VALUE="900">15 minutes<OPTION VALUE="1800">30 minutes<OPTION VALUE="3600">hour</SELECT></TD>
<TD ALIGN=RIGHT>Auto-Restart:</TD><TD><SELECT NAME="A0"><OPTION VALUE=0>disabled<OPTION VALUE="5">5 seconds<OPTION VALUE="7">7 seconds<OPTION VALUE="10">10 seconds<OPTION VALUE="15">15 seconds<OPTION VALUE="30">30 seconds<OPTION VALUE="60" SELECTED>minute<OPTION VALUE="120">2 minutes<OPTION VALUE="180">3 minutes<OPTION VALUE="300">5 minutes<OPTION VALUE="600">10 minutes<OPTION VALUE="900">15 minutes<OPTION VALUE="1800">30 minutes<OPTION VALUE="3600">hour<OPTION VALUE="7200">2 hours<OPTION VALUE="10800">3 hours<OPTION VALUE="21600">6 hours</SELECT></TD>
</TR>
</TABLE></TD></TR>
</TABLE></FORM></center>



<B>Note:</B> For Windows system the Program Path shold be
<TT>SNF4CGP\SNF4CGP.exe SNF4CGP\snf_engine.xml</TT><BR>
<B>Note:</B> On some versions of FreeBSD system you may need to
specify the full path to the program,
i.e. <tt>/var/CommuniGate/SNF4CGP/SNF4CGP /var/CommuniGate/SNF4CGP/snf_engine.xml</tt>

<P>The recommended Scanning Rule is as follows:</P>

<center class="WebAdmin"><form action="Null.html">
<TABLE class="settingsBox" cellpadding="3" width="90%">
<tr align="left">
<th>Data</th>
<th>Operation</th>
<th>Parameter</th>
</tr>
<TR>
<TD>
<SELECT NAME="c2"><OPTION VALUE="0" SELECTED>---<OPTION VALUE="12">Message Size</SELECT>
</TD><TD>
<SELECT NAME="o2"><OPTION VALUE="0" SELECTED>is<OPTION VALUE="4">greater than</SELECT>
</TD><TD>
<INPUT TYPE="text" NAME="p2" VALUE="" SIZE="20" MAXLENGTH="1024">
</TD>
</TR>

<tr align="left">
<th>Action</th>
<th colspan="2">Parameter</th>
</tr>
<TR VALIGN=TOP>
<TD><SELECT NAME="a0"><OPTION VALUE="0">---<OPTION VALUE="6">Stop Processing<OPTION VALUE="17" SELECTED>ExternalFilter</SELECT>
</TD><TD><TEXTAREA NAME="r0" ROWS="4" COLS="40">ARM Sniffer</TEXTAREA>
</TD>
</TR>
<TR VALIGN=TOP>
<TD><SELECT NAME="a1"><OPTION VALUE="0" SELECTED>---<OPTION VALUE="7">Stop Processing</SELECT></TD>
<TD colspan="2"><TEXTAREA NAME="r1" ROWS="4" COLS="40"></TEXTAREA></TD>
</TR>

</TABLE></FORM></center>

<hr/><div align="right" class="guideCopyright">CommuniGate&reg; Pro Guide. Copyright &copy; 1998-2009, Stalker Software, Inc.</div>

</BODY>
</HTML>

+ 11
- 0
CGPSNF-Win32-Intel/GBUdbIgnoreList.txt.sample View File

# List of IPs to Ignore on startup
# THIS FILE MUST BE PRESENT FOR SNF TO START!
# Each IP in this list is set to Ignore in GBUdb when
# The configuration is loaded.
# Hash mark on the beginning of a line indicates a comment.
# Comments after an IP are also ignored.
# One line per IP. Sorry, no CIDR yet.
# Note that you can also use Drilldown directives to achieve CIDR like results automatically.
# Be sure to list ALL of your gateways :-)
127.0.0.1 # ignore localhost, of course.

+ 2
- 0
CGPSNF-Win32-Intel/identity.xml.sample View File

<snf><identity licenseid='licensid' authentication='authenticationxx'/></snf>

+ 162
- 0
CGPSNF-Win32-Intel/snf_engine.xml.sample View File

<!-- SNFMulti V3.0 Configuration File, Setup: Typical of SNF4CGP -->
<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
<snf>
<node identity='C:\CommuniGate Files\CGPSNF\identity.xml'>
<paths>
<log path='C:\CommuniGate Files\CGPSNF\'/>
<rulebase path='C:\CommuniGate Files\CGPSNF\'/>
<workspace path='C:\CommuniGate Files\CGPSNF\'/>
</paths>
<logs>
<rotation localtime='no'/>
<status>
<second log='yes' append='no'/>
<minute log='yes' append='no'/>
<hour log='no' append='no'/>
</status>
<scan>
<identifier force-message-id='no'/>
<classic mode='api' rotate='yes' matches='unique'/>
<xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>
<xheaders>
<output mode='api'/>
<version on-off='off'>X-MessageSniffer-Version</version>
<license on-off='off'>X-MessageSniffer-License</license>
<rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
<identifier on-off='off'>X-MessageSniffer-Identifier</identifier>
<gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
<result on-off='on'>X-MessageSniffer-Scan-Result</result>
<matches on-off='on'>X-MessageSniffer-Rules</matches>
<black on-off='on'>X-MessageSniffer-Spam: Yes</black>
<white on-off='off'>X-MessageSniffer-White: Yes</white>
<clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
<symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
<symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
<symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
<symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
<symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
<symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
<symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
<symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
<symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
<symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
<symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
<symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
<symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
<symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
<symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
<symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
<symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
<symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
<symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
<symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
</xheaders>
</scan>
</logs>
<network>
<sync secs='30' host='sync.messagesniffer.net' port='25'/>
<update-script on-off='on' call='C:\CommuniGate Files\CGPSNF\getRulebase.cmd' guard-time='180'/>
</network>
<xci on-off='on' port='9001'/>
<gbudb>
<database>
<condense minimum-seconds-between='600'>
<time-trigger on-off='on' seconds='86400'/>
<posts-trigger on-off='off' posts='1200000'/>
<records-trigger on-off='off' records='600000'/>
<size-trigger on-off='on' megabytes='150'/>
</condense>
<checkpoint on-off='on' secs='3600'/>
</database>
<regions>
<white on-off='on' symbol='0'>
<edge probability='-1.0' confidence='0.4'/>
<edge probability='-0.8' confidence='1.0'/>
<panic on-off='on' rule-range='1000'/>
</white>
<caution on-off='on' symbol='40'>
<edge probability='0.4' confidence='0.0'/>
<edge probability='0.8' confidence='0.5'/>
</caution>
<black on-off='on' symbol='63'>
<edge probability='0.8' confidence='0.2'/>
<edge probability='0.8' confidence='1.0'/>
<truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
<sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
</black>
</regions>
<training on-off='on'>
<bypass>
<!-- <header name='To:' find='spam@example.com'/> -->
<!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
</bypass>
<drilldown>
<!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
<!-- <received ordinal='0' find='mixed-source.com'/> -->
<!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
</drilldown>
<source>
<!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
<!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
</source>
<white>
<result code='1'/>
<!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
</white>
</training>
</gbudb>
<rule-panics>
<!--
<rule id='123456'/>
<rule id='123457'/>
-->
</rule-panics>
<platform>
<snf4cgp>
<ham action='Allow' reason='Message OK' comment='Message OK' headers='yes' xml='yes'>
<result code='0' comment='(0) Not Spam/Malware' />
<result code='1' comment='(1) White Rule/IP-Range' />
</ham>
<spam action='Allow' reason='Spam/Malware' comment='Spam/Malware' headers='yes' classic='no' xml='no' hold-path='quarantine'>
<result code='40' comment='(40) Caution' />
<result code='63' action='Reject' reason='Source IP black listed (GBUdb/black)' comment='(63) Black' />
<result code='20' action='Reject' reason='Source IP black listed (GBUdb/truncate)' comment='(20) Truncate' />
</spam>
</snf4cgp>
</platform>
<msg-file type='cgp'/>
</node>
</snf>

+ 0
- 127
ReadMe View File

20090324_M First stab at describing the structures and dev rules
we will employ on our SVN server. I'm sure this will evolve ;-)

This is the repository startup readme. When we create a new SVN
repository on the svn.microneil.com server we populate it with
this ReadMe file so there is something useful to check out the
first time.

This ReadMe should be replaced when the repository is populated.

There probably should be a ReadMe file in the root of /trunk/
so that folks using the repository understand what is there and
what rules apply to the project.

Projects (repositories) should be structured according to the
following rules:

** In general the root of /trunk/ for any project should be as
empty as possible containing at most the ReadMe file and possibly
the most current "golden version" of the project's goal.

All rules have exceptions and the exception to this rule is the
first project type (below) - source libraries.
__________________________________________
For Source Code Modules / Source Libraries:
The /trunk/ should contain just the source code, data, ReadMe,
and other parts that are considered part of the module. Modules
are meant to be re-used and so they will be imported as external
SVN references in other projects where they are consumed.

We would expect to see something like:

/trunk/source.h
/trunk/source.cpp
/trunk/ReadMe

In general, source modules are imported by external reference and
are never manipulated directly for themselves. For example, while
developing a source library the repository for that source would be
externally referenced by a Test module (below). The developer would
build the test application while exercising the source library and
making changes to that library (presumably in a branch). When they
are satisfied that their updates are working correctly according
to the test application they would commit the Test module project
and the imported source module project.

_______________________
For Test (DEV-) Modules:
Test modules are special applications that exercise other modules.
They are also, essentially, applications so they share the application
model. The /trunk/ should contain a sub directory that holds the
source code specific to the test application. Other modules that are
under testing and development are referenced as svn:external so that
they reside under /trunk/ as additional source directories.

We should expect to see something like:

svn:external /Module/trunk Module
/trunk/Tester/source.h
/trunk/Tester/source.cpp
/trunk/Tester/docs/stuff-to-read
/trunk/Tester/data/stuff-to-input
/trunk/tester/data/stuff-to-output
/trunk/ReadMe

In the above example interpret Module to be the appropriate name for
a source library. There can be as many of these re-usable components
as needed. Note that they don't actually appear in the SVN server but
since they are a property of the repository they will be checked out
when this repository is checked out so they will appear in the local
file system at the same level as Tester.

______________________________________
For Applications or Compiled Libraries:

Similarly to Test Modules (above) the root of /trunk/ should contain
ReadMe describing what is there and how it works. ALSO, however the
final product of the build will be at the root of /trunk/. This will
represent the current state-of-the-art for the application. It may be
a .DLL file, a .o, a .a etc.

Subdirectories under /trunk/ contain the source directories, test
application sources (in the case of a binary or library type project
such as a DLL, .o, .a, .exe or other binary).

Presumably the developer would create a workspace on their local
file system where they would then import the repository's /trunk/ and
along with it the associated external references. Then in a different
directory in their workspace they would build various debug and
production versions of the final product for testing. When they were
happy with the results then they would place the new "golden" version
in their local copy of the repository and commit (repository, and
externals with any changes, and new golden version).

Develpers of applications or binary libraries should avoid the urge
to make direct updates to source libraries. That work should be done
separately where it can be well focused.

________________________________
For Distribution (PKG-) Pakages:

Distribution packages are used to build distributions that are released
to customers. The package includes everything that is needed to build
the final distribution (tarball, zip) and/or installer (.msi, .exe)
file that will be delivered to customers.

Distribution pakages follow a similar methodology to Applications
except that they most likely reference specific revisions of libraries,
projects, and documentation, and then combine that with subdirectories
that contain package specific content such as documentation, build
scripts, and other "glue".

In the top directory we expect to find the usual ReadMe for the project
as well as the latest golden version of the distribution.

The build process and structure here is much the same as for other
applications except that what is tested is the ability to deliver and /
or install the application on the various target platforms with the
desired results. The applications themselves are always built elsewehere
in their own projects even though the repositories for those projects
might be imported in their entirety via external references.

Developers of distribution packages should avoid the urge to make
updates to the applications or other imported content directly. That
work should be handled seperately where it can be focused.



+ 43
- 0
ReadMe.txt View File

PKG-SNF4CGP-WIN
20091113_M
This repository contains the root folder and various .zip'd distributions
of the Message Sniffer for CommuniGate plugin.
CGPSNF-Win32-Intel
becomes
CGPSNF-Win32-Intel.zip
CGPSNF-Win32-Intel/CGPSNF is modeled after the structure observed in other
CommuniGate plugins.
CGPSNF-Win32-Intel/CGPSNF/Doc is copied from PKG-SNF4CGP-NIX from time to
time as that version is updated. That version should always be considered
the "master" -- it is to be revised in that project and copied here when
revisions are made so that those revisions are then "officially" included
in this distribution.
Specifically:
PKG-SNF4CGP-NIX/trunk/SNF4CGP_Developer_Package/Doc
Presumably the -NIX and -WIN distributions will always be updated together
when there is any change to the software.
---
The CGPSNF.exe is copied from the most current official release version of
SNF4CGP built from the SNF4CGP project.
The remaining configuration files are maintained in this repository as they
are specific to CGPSNF.
Borrowing a page from the -NIX distributions the -WIN distibution will
include configuration files with the .sample extension and instructions
for modifying them during the installation process. This allows folks to
upgrade simply by expanding the .zip file in the correct location -- which
is the paradigm for CommuniGate plugins.

Write Preview
Loading…
Cancel
Save