@@ -0,0 +1,4 @@ | |||
Included with this distribution are the open-source "wget" and "gzip" files. They are | |||
used in getRulebase.bat to download and decompress rulebase files. The "wget" and "gzip" | |||
utilities included here came from http://unxutils.sourceforge.net/ and are included only | |||
for your convenience. |
@@ -0,0 +1,449 @@ | |||
SNF MDaemon Plugin Change Log... | |||
------------------------------------------------------------------------------ | |||
20080626 - Version 3.0, It's official. | |||
Changed build information. | |||
Removed extraneous comments from configuration file. | |||
20080524 - Version V2-9rc6.25.7 | |||
Optimized networking library for additional speed & stability by moving | |||
receive buffer allocation from heap to stack (automatic). | |||
Optimized timing parameters in SNFClient for improved speed. Polling dealys | |||
are now reduced to 10ms from 30ms. | |||
Removed speed-bug in SNFClient, 100ms guard time between retries was always | |||
executed after an attempt (even a successful attempt). The guard time is now | |||
condition and only fires on unsuccessful attempts. | |||
Updated XCI server logic to ensure non-blocking sockets for clients in all | |||
socket implementations. | |||
20080424 - Version V2-9rc6.24.6 | |||
Refactored snfScanData.clear() to reduce heap work and fragments. | |||
Added mutex to scanMessageFile() entry point just in case some app attempts to | |||
put multiple threads through a single engine handler. scanMessage() is already | |||
protected and fully wraped by the new scanMessageFile() mutex. | |||
Added non-specific runtime exception handling to XHDR injection code. | |||
Added 2 retries w/ 300ms delay to remove original message in XHDR inject code. | |||
If remove fails after 3 attempts the injector throws. | |||
Added 2 retries w/ 300ms delay to rename temp file to msg in XHDR inject code. | |||
If rename fails after 3 attempts the injector throws. | |||
Added IPTest logging. | |||
20080416 - Version V2-9rc5.23.6 | |||
Fixed bug where SNCY open() would fail on some Win* platforms with | |||
WSAEINVAL instead of the standard EINPROGRESS or EALREADY which were expected. | |||
Also added WSAEWOULDBLOCK to cover other "ambiguities" in windows sockets | |||
implementations. InProgress() on Win* now test for any of: | |||
WSAEINPROGRESS, WSAEALREADY, WSAEWOULDBLOCK, WSAEINVAL | |||
20080413 - Version V2-9rc5.22.6 | |||
Fixed bug in TCPHost.open() where EALREADY was not counted as a version of | |||
EINPROGRESS. This would cause open() to throw an unnecessary exception when | |||
an open() required extra time. | |||
20080413 - Version V2-9rc5.21.6 | |||
Extended timeout for SYNC session open() to the full session length. This way | |||
if a session takes a long time to open it still has a shot at success. | |||
20080411 - Version V2-9rc5.20.6 | |||
Adjusted snfNETmgr to use non-blocking open in SYNC sessions. Open timeout | |||
is 1/3 of the session timeout. Session timeout is 2 * Session pacing. Open | |||
polling uses golden spiral delay from 10ms to 340ms. | |||
20080410 - Version V2-9rc5.19.6 | |||
Adjusted XCI manager to use new snfCFGPacket paradigm in checkCFG(). | |||
Adjusted snf_RulebaseHandler::addRulePanic() to use MyMutex and eliminated | |||
the AutoPanicMutex and waiting scheme. | |||
Refactored scanMessage() to use a ScopeMutex() rather than lock()/unlock(). | |||
Refactored scanMessage() to use MyCFGPacket.isRulePanic() test. | |||
Redesigned snfCFGPacket handling to automate grab() / drop() functions. | |||
Fixed lock-up bug: Redesigned AutoPanic posting and checking mechanisms to | |||
eliminate potential dead-lock condition. Under some conditions a precisely | |||
timed auto-panic posting could cause the RulebaesHandler mutex and the | |||
AutoPanicMutex to become intertwined leading to a cascading deadlock. When | |||
this occurred all XCI processing threads and eventually the XCI listener | |||
thread would become blocked waiting to get the current configuration. | |||
20080409 - Version V2-9rc5.18.6 | |||
Enhanced XCI exception handling and logging to provide additional detail. | |||
Added code to explicitely check for zero length files in scanMessagFile(). | |||
Previously a zero length file would cause the CBFR module of the filter | |||
chain to throw an invalid buffer exception. Now if the message file is empty | |||
scanMessageFile() will throw a FileError stating FileEmpty!. | |||
20080407 - Version V2-9rc5.17.6 | |||
Enhanced exception reporting in snfXCImrg | |||
20080405 - Version V2-9rc5.16.6 | |||
Reduced safetly limits on status reports to 100K for status reports and 100K | |||
for samples. Previous values were 10M. Most full sessions from the busiest | |||
systems are < 50K total. | |||
Recoded sendDataTimeout() to break uploads into 512 byte chunks and insert | |||
delays only when a chunk is fragmented. This methodology improves reliability | |||
on Win* systems without any significant penalty on systems that don't need | |||
socket sends() to be in smaller chunks. | |||
Fixed TCPClient::transmit() and TCPHost::transmit() bug where returned byte | |||
count might be -1. Now returned byte counts can only be 0 or more. | |||
20080403 - Version SNF2-9vr5.15.5 | |||
Minor modifications to networking module to better support non-blocking open() | |||
Updated SNFClient with new timing and non-blocking open(). Worst case return | |||
time from SNFClient estimated at 200 seconds (theoretically impossible). No- | |||
connection return time from SNFClient estimated at 20 seconds. | |||
20080326 - Version SNF2-9rc4.15.4 | |||
Refactored snfNETmgr::sync() to consolidate non-blocking io routines. | |||
Added detailed thread status data to XCI listener thread. | |||
Refactored snfNETmgr::sync() to check a Timeout, removed TCPWatchdog. | |||
20080325 - Version SNF2-9rc4.12.4 | |||
Added a "Rulebase Getter" feature as part of the snf_Reloader. When enabled | |||
the Rulebase Getter will launch a user defineable system() call whenever a | |||
new rulebase file is available. The call will be repeated until the condition | |||
is cleared by a successful update of the rulebase file. The Rulebase Getter | |||
will wait a configurable "guard time" between attempts. The default system() | |||
call is "getRulebase" with a guard time of 3 minutes. In most cases this will | |||
launch the provided getRulebase script which should be present in the start | |||
location of SNFServer on most systems. Best practice is to configure the full | |||
path to the update script. The system() call is made in a separate thread so | |||
that if the system() call hangs for some reason only the Rulebase Getter is | |||
stuck. | |||
Improved exception handling/reporting in scanMessageFile(). | |||
Updated scanMessagFile() header injection code to accommodate messages with | |||
no body. Previous version would throw an exception when it could not find an | |||
injection point. The new version makes the injection point byte 0 and puts | |||
the injected headers at the top of the message using it's best guess about the | |||
type of line endings (CRLF or LF) to use. | |||
Updated Networking library to use SO_REUSEADDR by default on listeners. | |||
20080319 - Version SNF2-9rc4.11 | |||
Added IPScan on-off to snfmdplugin.xml. This allows users to turn off the | |||
IPScan feature without editing the Plugins.dat file as was previously | |||
required. The feature can now be enabled or disabled at will by editing the | |||
configuration file. | |||
Added Configuration editor options to snfmdplugin.xml. Previously the built- | |||
in configuration function was hard coded to start notepad with the config | |||
file. Now the system() call made by the ConfigFunc() can be edited in the | |||
configuration file. The configuration file name can be appended to the | |||
command optionally. The default is still to start notepad and append the | |||
configuration file path so that it is loaded automatically. It is hoped that | |||
GUI based configuration editors for the SNF plugin will be built by third | |||
parties and in the mean time folks can now configure their favorite XML file | |||
editor to modify their SNF plugin configuration. | |||
Modified API use fixed shutdown bug - The plugin used to initialize the SNF | |||
scanning engine when the DLL was loaded and would shut it down when the DLL | |||
was unloaded. Now the Startup and Shutdown functions in the MDaemon plugin | |||
API. This ensures that the engine components are started and shutdown in the | |||
proper sequence. | |||
Included new SNFEngine core (excerpts from that change log included). | |||
20080318 - SNF2-9rc1.11.exe Consolidated several mods/fixes | |||
Corrected scan error logging bug. Was posting <s/> now posts <e/>. | |||
Updated scan error logging to be more uniform with non-scan errors. | |||
Developed various script prototypes for postfix integration & automated | |||
updates on win* systems using the new UpdateReady.txt file mechanism. | |||
Fixed a bug in scanMessageFile() where an \n\n style insertion point | |||
would never be detected. | |||
Modified scanMessageFile() header injection to strip <CR> from line ends | |||
when the message file provided does not use them. The line-end style of | |||
the message file is detected while locating the insertion point. If the | |||
insertion point (first blank line) does not use <CR><LF> then the SNF | |||
generated X-Headers are stripped of <CR> in a tight loop before injection. | |||
Enhanced error and exception reporting in SNFMulti.cpp scanMessageFile(). | |||
Enhanced exception handling in networking module. All exceptions now | |||
throw descriptive runtime_error exceptions. | |||
20080306 - SNF2-9rc1.8.exe (FIRST RELEASE CANDIDATE for VERSION 3!) | |||
Added Drilldown Header Directive Functions - When the candidate source IP | |||
comes from a header matching a drilldown directive the IP is marked "Ignore" | |||
in GBUdb and the candidate is no longer eligible to be the source for that | |||
message. This allows SNF to follow the trusted chain of devices (by IP) down | |||
to the actual source of the message. It is handy for ignoring net blocks | |||
because it can match partial IPs but it is designed to allow SNF to learn | |||
it's way through the servers at large ISPs so that the original source for | |||
each message can be evaluated directly. | |||
Added Source Header Directive Functions - This feature allows SNF to acquire | |||
the source IP for a message from a specific header rather than searching | |||
through the Received headers in the message. This is useful when the original | |||
source for a message is not represented in Received headers. For example: | |||
Hotmail places the originating source IP in a special header and does not | |||
provide a Received header for that IP. This feature is protected from abuse | |||
by a "Context" feature which only activates the source header directive when | |||
specific content is found in a specific received header. Using the above | |||
example, this feature can be configured so that a Hotmail source header would | |||
only be read if the top Recieved header contained "hotmail.com [" indicating | |||
that the ptr lookup for the header matched the hotmail domain. Note: When a | |||
source is pulled from a header directive that source is put into a synthetic | |||
Received header and injected into the scanning stream (not the message) as | |||
the first Received header. | |||
Added forced source IP to XCI - It is now possible to "inject" or "force" | |||
the source IP for any message by providing that IP in the XCI request or | |||
directly in a scan...() function call. This allows the calling application | |||
to provide the source IP for a message ahead of any Received headers that | |||
might be in the message. This is useful when the calling application knows | |||
the original source IP for the message but that IP is not represented in | |||
the Received headers and it is not desireable to use the Source Header | |||
Directive mechanism. | |||
Added forced source IP mode to SNFClient - It is now possible to call the | |||
SNFClient utility with an IP4Address using the syntax: | |||
SNFClient -source=12.34.56.78 | |||
The -source mode of SNFClient exercises the forced source IP feature in | |||
the XCI (see above) | |||
Added Status Report features to SNFClient and XCI - It is now possible to | |||
request the latest status.second, status.minute, or status.hour data via | |||
the XCI and SNFClient. The syntax for requesting a status report using the | |||
SNFClient is: | |||
SNFClient -status.second | |||
SNFClient -status.minute | |||
SNFClient -status.hour | |||
In addition to providing status reports the SNFClient in this mode will | |||
return a nonzero value (usually 99) if it is unable to get a status report | |||
from SNFServer. This feature can be used to verify that SNFServer is up | |||
and responding. If SNFServer is OK then the result code returned is 0. | |||
Added result codes to SNFClient -test and XCI IP test functions - The XCI | |||
engine has been upgraded to provide the range value for the IP under test | |||
as well as the symbolic result code associated with that range. This allows | |||
the -test function to provide results that are consistent with the GBUdb | |||
configuration without additional processing: For example, if the IP falls | |||
in the Caution range then the Caution result code will be returned just | |||
as if a message had been scanned with the same IP and no pattern match | |||
occurred. The same is true for Truncate and Black range hits. | |||
Added Timestamp and Command Line Parameter data to SNFClient.exe.err - When | |||
an error occurs with SNFClient that may not appear in the SNFServer logs an | |||
entry is appended to the SNFClient.exe.err file. That in itself is not new. | |||
The new feature is that the entries added to the SNFClient.exe.err file now | |||
include timestamp and command line data to aid in debugging. | |||
Updated the Configuration Log to include all of the current configuration | |||
features and to improve it's readability. | |||
20080207 - SNF2-9b1.7.exe | |||
SYNC Timeout now 2x SYNC Schedule | |||
SNFServer now produces an UpdateReady.txt file when the UTC timestamp on | |||
the SYNC server is newer than the UTC timestamp of the active rulebase. It | |||
is presumed that a suitable update script or program will run periodically | |||
and download a fresh rulebase file if the UpdateReady.txt file is present. | |||
The update script should remove the UpdateReady.txt file when it completes | |||
a successful download of the new rulebase file. | |||
Added available rulebase UTC in status reports <udate utc.../> | |||
Added Automatic path fixup for ending / or \ | |||
Added option to use local time in log rotation <rotation localtime='no'/> | |||
The default is still utc. | |||
20071102 - SNF2-9b1.6.exe | |||
Increased MAX_EVALS from 1024 to 2048. | |||
Adjusted defult range envelopes in snf_engine.xml to be more conservative. | |||
20071017 - Version SNF2-9b1.5 | |||
Added a missing #include directive to the networking.hpp file. The | |||
missing #include was not a factor on Linux and Windows systems but | |||
caused compiler errors on BSD systems. | |||
Corrected a bug in the GBUdb White Range code where any message with a | |||
white range source IP was being forced to the white result code. The | |||
engine now (correctly) only forces the result and records the event when | |||
a black pattern rule was matched and the White Range IP causes that | |||
scan result to be overturned. If the scan result was not a black pattern | |||
match then the original scan result is allowed to pass through. | |||
Corrected a bug in the Header Analysis filter chain module that would | |||
cause the first header in the message to be ignored in some cases. | |||
Corrected an XML log format problem so that <s/> elements are correctly | |||
open ended <s ....> or closed (empty) <s..../> according to whether they | |||
have subordinate elements. | |||
Adjusted the GBUdb header info format. The order of the Confidence | |||
figure and Probabilty figure is now the same as in the XML log files | |||
(C then P). The confidence and probability figures are now preceeded | |||
with c= and p= respectively so that it's easy to tell which is which. | |||
20071009 Version 2-9b1.4 | |||
Tightened up the XCI handler code and removed the watchdog. The watchdog | |||
would restart the listener if there were no connections in 5 minutes. It | |||
was originally added to provide additional stability, however in practice | |||
there have been no "stalled listeners". Also, a stalled listener would | |||
likely be a sign of a different problem that the watchdog would tend to | |||
hide. | |||
Modified and refactored the XCI configuration management code. All XCI config | |||
changes and up-down operations are now handled in a single function except | |||
upon exit from the main XCI thread where XCI_shutdown() is always called. | |||
Added some more detailed exception handling code to the XCI component so that | |||
more data will be logged in the event of an error. | |||
Reviewed and modified the InstallInstructions.txt file. Removed this log | |||
to this separate file. | |||
Modified the snfmdplugin.xml file to properly configure the new features in | |||
the engine. | |||
* Header training directives and new <training/> section. | |||
* XCI interface configuration. | |||
* Tweaks to GBUdb ranges. | |||
* msg-file type configuration (not used in MDaemon, but configured anyway) | |||
---- | |||
Version 2-9a11 (engine a53) | |||
* Enhanced IP extraction from Received headers so that any unexpected bytes | |||
between the [ and ] will force the attempt to be aborted. | |||
* Fix the IP test code so that the IP 0.0.0.0 cannot be the source IP and | |||
cannot be tested. | |||
Version 2-9a11 (engine a52) | |||
* Corrected plug-in log entry logic. Allowed/Rejected tag now comes directly | |||
from the message rejection logic and is accurate in all cases. | |||
Version 2-9a10 (engine a52) | |||
* Corrected a bug in the MessageIPFunc where Ignore flagged IPs would still | |||
cause rejected messages if the statistics were in the Truncate range. Now | |||
messages are rejected in only two cases: | |||
The Flag is _Ugly_ and the rating is _Truncate_ or, the Flag is _Bad_. | |||
Version 2-9a9 (engine a52) | |||
* Adjusted IPtest module in HeaderAnalysis to handle TooManyIPs exception | |||
locally and silently. | |||
* Increased HeaderAnalysis IP limit from 20 to 50. | |||
Version 2-9a9 (engine a51) | |||
* Corrected possible heap corruption bug in EvaulationMatrix Destructors. | |||
* Added trace strings to scanMessage() for tighter panic reporting. | |||
* Added caching to snf_engine Evaluator allocation scheme. | |||
* Added optimizations to snf_engine Evaluator safety checks. | |||
Version 2-9a8 | |||
* Added deep exception handling to Token Matrix objects. | |||
Version 2-9a7 | |||
* Exception handling throughout the engine has been refactored to use std:exception | |||
and to provide additional detail via e.what() | |||
* The plug-in log will now show e.what() data as SNF Debug: whenever an exception | |||
is thrown during a message scan. | |||
Version 2-9a6 | |||
* Adjusted .ctl file path converter to accept either .msg or .tmp paths. | |||
Version 2-9a5 | |||
A lot of new things were learned, updated, and corrected. | |||
* Fixed the "lockup" when the plugin failed to start successfully. The cause of this | |||
appears to be a threading issue associated with DLLs that are being initialized. | |||
If threads are created during the initialization of a DLL, the DLL must succeed! | |||
The threads that are created do not get any cycles until after the DLL is loaded | |||
successfully. As a result, if the initialization process attempts to join() these | |||
threads a deadlock is created. The fix was to allow the SNF plugin initialization | |||
process to succeed in all cases while setting a flag that forces the engine to | |||
be inert if the initialization was not successful. When the DLL is later unloaded | |||
the threads are already running so the join() calls that are part of the engine | |||
cleanup code are able to complete without incident. | |||
* Installed detailed exception handling for the start-up sequence. The plugin can | |||
now report on very specific reasons for failing to initialize properly. | |||
* Fixed a bug in the GBUdbIgnoreList processor where long lines would cause the | |||
remainder of the file not to be read. The line length limit still exists, but | |||
it is now 255 characters which is unlikely to occur and would be considered | |||
incorrect formatting. | |||
* The threading library now includes top-level exception handling to trap any | |||
exception that was not handled by myTask(). Along with this two flags were | |||
added to thread objects: isRunning() and isBad(). isRunning() is true when a | |||
thread object is still active. isBad() is true if the thread failed to start or | |||
an exception escaped myTask(). | |||
* At least one GBUdbIgnoreList entry is now REQUIRED. If the count of IPs from the | |||
GBUdbIgnoreList.txt file is less than 1 (or the file is missing) then the plug-in | |||
will complain and fail to start. | |||
* snf2check.exe has been removed from the distribution for the time being since it | |||
causes some systems to strip the attachment or block the email. This is the same | |||
program that is already on existing SNF systems. |
@@ -0,0 +1,10 @@ | |||
# List of IPs to Ignore on startup | |||
# Each IP in this list is set to Ignore in GBUdb when | |||
# The configuration is loaded. | |||
# Hash mark on the beginning of a line indicates a comment. | |||
# Comments after an IP are also ignored. | |||
# One line per IP. Sorry, no CIDR yet. | |||
# Be sure to list ALL of your gateways :-) | |||
127.0.0.1 # ignore localhost, of course. | |||
@@ -0,0 +1,146 @@ | |||
MDaemon Plugin V2.9rc* (V3) installation instructions | |||
------------------------------------------------------------------------------ | |||
1. Locate your \MDaemon directory (Usually c:\MDaemon) | |||
2. Create the directory \MDaemon\SNF | |||
3. Copy the distribution files to \MDaemon\SNF | |||
4. Edit identity.xml in notepad. | |||
4.1. Replace licensid with your SNF license ID. | |||
4.2. Replace authenticationxx with your SNF authentication code. | |||
5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat) | |||
5.1. If you already have a Plugins.dat file | |||
5.1.1. Copy the contents of the Plugins.dat file in the distribution | |||
to the Plugins.dat file you have. | |||
5.1.2. If you have a [Message Sniffer] section in your Plugins.dat | |||
file then make a copy of it (for backup) then remove that | |||
section. (This will disable your previous Message Sniffer | |||
installation) | |||
5.2. If you do not already have a Plugins.dat file | |||
5.2.1. Copy the Plugins.dat file from the distribution to your | |||
\MDaemon\App directory. | |||
6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules | |||
7. Download your SNF rulebase file and place it in your SNF directory. | |||
7.1. Once you've signed up for a 30 Day free Trial or purchased a license for | |||
SNF you will receive update notifications via email. These notifications | |||
contain instructions on how to download your rulebase file. You can get | |||
your 30 Day Free Trial started by visiting www.armresearch.com. | |||
7.2. We have included an update script and utilities that you can use to | |||
automate updates to your rulebase file. The SNFServer engine that runs | |||
inside the plugin will produce an UpdateReady.txt file any time the local | |||
rulbase file is older than the latest available update. The included | |||
getRulebase.cmd script checks for this file and uses the open source | |||
wget and gzip utilities to download, validate, and replace your rulebase | |||
file automatically. | |||
7.2.1. Edit the top of the getRulebase.cmd file to establish the correct | |||
working directory, authentication string, and license ID for your | |||
rulebase files. | |||
7.2.2. Verify that the <update-script/> section of your snfmdplugin.xml file | |||
points to the correct location of the getRulebase.cmd script. This new | |||
feature will automatically run the getRulebase.cmd script whenever a | |||
newer rulebase file is available on our servers. | |||
8. Edit the GBUdbIgnoreList.txt file in notepad. | |||
8.1 Add the IP of any gateways you have as well as any systems you | |||
have that send mail through your mail server. | |||
8.2 It is very important to populate your GBUdbIgnoreList if you have | |||
gateways ahead of your mail server or else GBUdb will learn that | |||
those systems are responsible for sending spam! The GBUdb engine | |||
uses the ignore list to determine the actual source IP of the message. | |||
The first IP it sees in the headers that is not on the ignore list | |||
is determined to be the source IP for the message. Since most email | |||
"in the wild" these days are spam, any gateways that are not listed | |||
will be seen to be sending mostly spam - in error, of course. | |||
8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If | |||
you wish to ignore (mark as infrastructure) blocks of IPs then you should | |||
use the <drilldown/> section of the snfmdplugin.xml file to enter | |||
patterns that match the network blocks you want to ignore. For example, | |||
if you want to ignore servers in the 12.34.56.0/24 network block then | |||
you would enter a drilldown rule like: | |||
<drilldown> | |||
... | |||
<received ordinal='0' find='[12.34.56.'/> | |||
The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0) | |||
received header if that header contains the string '[12.34.56.'. Of | |||
course that string will match every IP in the 12.34.56.0/24 class C | |||
block so any servers in that block which deliver mail to the SNF equiped | |||
server will be learned as infrastructure (ignore flag set). | |||
9. Review and adjust your snfmdplugin.xml file | |||
9.1. Check the paths at the top of the file and make sure they are complete and | |||
correct. In most cases the defaults will work, but if you've installed | |||
MDaemon & SNF on a different drive or in a different directory it would | |||
be best to update these paths: | |||
9.1.1. Find/Check <snf><node identity.../> | |||
9.1.2. Find/Check <snf><node><paths><log path.../> | |||
9.1.3. Find/Check <snf><node><paths><rulebase path.../> | |||
9.1.4. Find/Check <snf><node><paths><workspace path.../> | |||
9.2. If you have any addresses where people legitimately send spam such as an | |||
abuse reporting address or support address then you should enter that | |||
address into the <snf><node><gbudb><training><bypass/> section of the | |||
snfmdplugin.xml file. For example an abuse reporting address might look | |||
like this: | |||
<bypass> | |||
... | |||
<header name='To:' find='spam@example.com'/> | |||
The rule tells GBUdb to bypass it's training mechanism if it finds a | |||
'To:' header in a message that contains 'spam@example.com'. This should | |||
prevent customer's IPs from being learned as spam sources when they send | |||
messages to spam@example.com. | |||
9.3. Your system practices and policies may require additional rules in order | |||
to get the best performance from the GBUdb system. For more information | |||
please check out www.armresearch.com, support@armresearch.com, and our | |||
community list sniffer@sortmonster.com. | |||
10. Restart MDaemon. | |||
11. Verify the SNF plugin is installed | |||
11.1. In the plug-ins log tab you should see: | |||
Attempting to load 'SNF' plugin | |||
* ConfigFunc: ConfigFunc@4 (Ok, ready to use) | |||
* StartupFunc: Startup@4 (Ok, ready to use) | |||
* ShutdownFunc: Shutdown@4 (Ok, ready to use) | |||
* PreMessageFunc: (NULL) | |||
* PostMessageFunc: MessageFunc@8 (Ok, ready to use) | |||
* SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use) | |||
* SMTPMessageFunc2: (NULL) | |||
* SMTPMessageFunc3: (NULL) | |||
* DomainPOPMessageFunc: (NULL) | |||
* MultiPOPMessageFunc: (NULL) | |||
* Result: success (plugin DLL loaded in slot 0) | |||
---------- | |||
SNF plugin is starting up | |||
SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30 | |||
SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20 | |||
SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml | |||
---------- | |||
Note that the slot may be different if you have other plugins. | |||
11.2. When your system processes a message you should see something like: | |||
SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0 | |||
If you have a valid AntiVirus for MDaemon license you should also see | |||
a line similar to this: | |||
SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425, Normal} Allowed. | |||
11.3. In your messages you should see some new headers similar to: | |||
X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal | |||
X-MessageSniffer-Scan-Result: 0 | |||
X-MessageSniffer-Patterns: | |||
0-0-0-998-c |
@@ -0,0 +1,12 @@ | |||
[SNF] | |||
MenuText=Configure SNF Plug-in | |||
Enable=Yes | |||
DllPath=C:\MDaemon\SNF\snfmdplugin.dll | |||
StartupFuncName=StartupFunc | |||
ConfigFuncName=ConfigFunc | |||
PostMessageFuncName=PostMessageFunc | |||
SMTPMessageFuncName3=SMTPMessageFunc | |||
ShutdownFuncName=ShutdownFunc | |||
PluginDoesAllLogging=No | |||
NonAuthOnly=Yes |
@@ -0,0 +1,182 @@ | |||
SNFClient Readme | |||
Command line client for SNF. This utility formats and processes SNF_XCI | |||
requests through the SNF Engine working on the local machine. In general | |||
this utility can be used as a replacement for the earlier SNF command | |||
line scanner. It is also useful for other uses such as debugging and | |||
communicating with GBUdb. | |||
Note: Unlike prior versions of SNF, this command line utility does not | |||
need to be "branded" (renamed for the SNF license id). | |||
_________ | |||
Help Mode | |||
SNFClient.exe | |||
When called with no command line parameters the utility produces | |||
help and version information. | |||
__________ | |||
Debug Mode | |||
SNFDebugClient.exe | |||
When "debug" or "Debug" appears in the path to the program name | |||
or if the program's name is altered to include the word "debug" or | |||
"Debug" then the program will produce additional information about | |||
it's operation to aid in debugging problems. This includes the | |||
entire raw SNF_XCI request and response. | |||
__________________ | |||
Message Scan Modes | |||
These modes are used to scan email message files (the data part of | |||
smtp). This utility can be used as a drop-in replacement for previous | |||
verions of SNF (Message Sniffer) for scanning messages. However, this | |||
new version does not need to be "branded" (renamed for the license id) | |||
and will ignore the authentication string if it is provided. Also, | |||
since the newer version of SNF uses a client-server model and not a | |||
peer-server model, there is no need for a "persistent" mode. | |||
If "persistent" is passed to this utility on the command line as it | |||
would be used in prior versions of SNF then it will be treated like | |||
a file name and the scan will normally fail since a file named | |||
"persistent" is not likely to exist. | |||
SNFClient.exe <FileNameToScan> | |||
Scan Mode: Scans <FileNameToScan> and returns a result code. | |||
SNFClient.exe <authenticationxx> <FileNameToScan> | |||
Compatibility Mode: Ignores <authenticationxx> then scans the | |||
<FileNameToScan> and returns a result code. This mode provides | |||
drop-in compatibility with previous versions of SNF. | |||
SNFClient.exe -xhdr <FileNameToScan> | |||
XHeader Mode: Scans <FileNameToScan> and returns the result. Also | |||
outputs the contents of the X-Headers created by the SNF engine. If | |||
the SNF engine is configured to inject these headers then they will | |||
also have been injected into the <FileNameToScan>. | |||
The SNF Engine can be configured to provide the X-Headers only to | |||
the API without injecting them. In this case the XHeader Mode will | |||
display the X-Headers that would be injected, but they will not | |||
have been injected into the <FileNameToScan>. | |||
If the SNF Engine is configured not to produce X-Headers (none) then | |||
the XHeader Mode will not produce X-Headers because they will not | |||
have been generated by the engine. | |||
(note: -xhdr and -source options can be combined) | |||
SNFClient.exe -source=<IP4Address> <FileNameToScan> | |||
Source-IP Mode: Scans <FileNameToScan> and returns the result. The | |||
provided source IP is injected into the scan as the first Received | |||
header so that the scanning engine will presume the IP is the source | |||
of the message. This allows you to pre-define the source IP for the | |||
message when there is no other received header or when the received | |||
headers may be incorrect or may not present the actual source of | |||
the message. | |||
(note: -xhdr and -source options can be combined) | |||
_____________________________ | |||
SNFServer Status Report Modes | |||
SNFClient.exe -status.second | |||
SNFClient.exe -status.minute | |||
SNFClient.exe -status.hour | |||
This mode returns the latest posted status report as indicated. | |||
Normally these status reports are also posted to files in the | |||
SNFServer workspace. | |||
In this mode the SNFClient will return a result code (error level) | |||
of 0 when the request is successful and 99 (or some nonzero value) | |||
when the request is not successful. This allows the SNFClient to | |||
be used to verify that the SNFServer is running. | |||
Note: In most other modes the SNFClient returns a fail-safe 0 | |||
result code to avoid tagging messages as spam when there are errors. | |||
________________________ | |||
XCI Server Command Modes | |||
These features will expand as needed in later versions. | |||
SNFClient.exe -shutdown | |||
If the SNF Engine is running in an application that accepts SNF_XCI | |||
server commands then this mode will send that command. The shutdown | |||
command may have no effect if the application does not use the SNF_XCI | |||
server commnand interface or does not recognize the command. | |||
___________ | |||
GBUdb Modes | |||
These modes are used to communicate with the GBUdb system on the | |||
local node. It is possible to test (read out) an IP record or make | |||
any of a number of changes to IP data in the GBUdb. | |||
SNFClient.exe -test <IP4Address> | |||
Returns the current GBUdb statistics for the <IP4Address> | |||
SNFClient also returns a result code that matches the GBUdb range | |||
for the tested IP. These ranges are defined in the SNFServer | |||
configuration file. By default they are: | |||
20 - Truncate | |||
63 - Black | |||
40 - Caution | |||
0 - Normal | |||
SNFClient.exe -set <IP4Address> <flag> <bad> <good> | |||
Creates or updates the data for <IP4Address> as provided. The | |||
<IP4Address> must be provided as well as at least one of | |||
<flag>, <bad>, and <good>. If <flag>, <bad>, or <good> are | |||
to be left unchanged then they should be entered as a dash "-". | |||
Examples: | |||
Set all data for an IP. The flag will be "ugly", the bad count | |||
will be 0 and the good count will be 1000. | |||
SNFClient.exe -set 12.34.56.78 Ugly 0 1000 | |||
Set the flag to "ignore" and do not change the counts. | |||
SNFClient.exe -set 12.34.56.78 ignore - - | |||
Set the good count to 400 and do not change anything else. | |||
SNFClient.exe -set 12.34.56.78 - - 400 | |||
SNFClient.exe -good <IP4Address> | |||
Creates or updates statistics for the <IP4Address>. Increases the | |||
good count by one. (Record a good event) | |||
SNFClient.exe -bad <IP4Address> | |||
Creates or updates statistics for the <IP4Address>. Increases the | |||
bad count by one. (Record a bad event) | |||
SNFClient.exe -drop <IP4Address> | |||
Removes all local data for the <IP4Address>. Anything the local | |||
system "knows" about the IP is forgotten. Next time the IP is | |||
encountered it will be treated as new. | |||
____________________ | |||
For More Information | |||
See www.armresearch.com | |||
Copyright (C) 2007-2008 Arm Research Labs, LLC. | |||
@@ -0,0 +1,47 @@ | |||
@ECHO OFF | |||
SETLOCAL | |||
REM ----- Edit This Section -------- | |||
SET SNIFFER_PATH=\mdaemon\snf | |||
SET AUTHENTICATION=authenticationxx | |||
SET LICENSE_ID=licensid | |||
REM -------------------------------- | |||
CD /d %SNIFFER_PATH% | |||
if not exist UpdateReady.txt GOTO DONE | |||
if exist UpdateReady.lck GOTO DONE | |||
:DOWNLOAD | |||
COPY UpdateReady.txt UpdateReady.lck | |||
wget http://www.sortmonster.net/Sniffer/Updates/%LICENSE_ID%.snf -O %LICENSE_ID%.new.gz --header=Accept-Encoding:gzip --http-user=sniffer --http-passwd=ki11sp8m | |||
if exist %LICENSE_ID%.new.gz gzip -d -f %LICENSE_ID%.new.gz | |||
snf2check.exe %LICENSE_ID%.new %AUTHENTICATION% | |||
if errorlevel 1 goto CLEANUP | |||
if exist %LICENSE_ID%.old del %LICENSE_ID%.old | |||
rename %LICENSE_ID%.snf %LICENSE_ID%.old | |||
rename %LICENSE_ID%.new %LICENSE_ID%.snf | |||
if exist UpdateReady.txt del UpdateReady.txt | |||
if exist UpdateReady.lck del UpdateReady.lck | |||
:CLEANUP | |||
if exist %LICENSE_ID%.new del %LICENSE_ID%.new | |||
if exist UpdateReady.lck del UpdateReady.lck | |||
:DONE | |||
ENDLOCAL | |||
@@ -0,0 +1 @@ | |||
<snf><identity licenseid='licensid' authentication='authenticationxx'/></snf> |
@@ -0,0 +1,80 @@ | |||
## Basic rules for detecting Message Sniffer header emissions | |||
## so that they can be given scores in subsequent SpamAssassin | |||
## scanning. Modify the scores and headers as needed for your | |||
## system. | |||
score SNF_IPTRUNCATE 10 | |||
describe SNF_IPTRUNCATE IP Source consistently sends spam | |||
header SNF_IPTRUNCATE X-MessageSniffer-Scan-Result =~ /20/ | |||
score SNF_IPCAUTION 3 | |||
describe SNF_IPCAUTION New IP source mixed scan results | |||
header SNF_IPCAUTION X-MessageSniffer-Scan-Result =~ /40/ | |||
score SNF_IPBLACK 4 | |||
describe SNF_IPBLACK Static IP rules and GBUdb Black | |||
header SNF_IPBLACK X-MessageSniffer-Scan-Result =~ /63/ | |||
score SNF_OBFUSCATION 5 | |||
describe SNF_OBFUSCATION Obfuscation detection | |||
header SNF_OBFUSCATION X-MessageSniffer-Scan-Result =~ /62/ | |||
score SNF_ABSTRACT 5 | |||
describe SNF_ABSTRACT Abstracted spam patterns | |||
header SNF_ABSTRACT X-MessageSniffer-Scan-Result =~ /61/ | |||
score SNF_GENERAL 5 | |||
describe SNF_GENERAL General spam content - unclassified | |||
header SNF_GENERAL X-MessageSniffer-Scan-Result =~ /60/ | |||
score SNF_GAMBLE 5 | |||
describe SNF_GAMBLE Gambling and Casino spam patterns | |||
header SNF_GAMBLE X-MessageSniffer-Scan-Result =~ /59/ | |||
score SNF_DEBT 5 | |||
describe SNF_DEBT Debt and Credit offer spam patterns | |||
header SNF_DEBT X-MessageSniffer-Scan-Result =~ /58/ | |||
score SNF_GETRICH 5 | |||
describe SNF_GETRICH Home Biz, Stock Push, get rich quick | |||
header SNF_GETRICH X-MessageSniffer-Scan-Result =~ /57/ | |||
score SNF_TONER 5 | |||
describe SNF_TONER Ink and Toner offer spam patterns | |||
header SNF_TONER X-MessageSniffer-Scan-Result =~ /56/ | |||
score SNF_MALWARE 5 | |||
describe SNF_MALWARE Virus, worm, and exploit patterns | |||
header SNF_MALWARE X-MessageSniffer-Scan-Result =~ /55/ | |||
score SNF_ADULT 5 | |||
describe SNF_ADULT Porn and Adult spam patterns | |||
header SNF_ADULT X-MessageSniffer-Scan-Result =~ /54/ | |||
score SNF_SCAM 5 | |||
describe SNF_SCAM Phishing, 419, and other scam patterns | |||
header SNF_SCAM X-MessageSniffer-Scan-Result =~ /53/ | |||
score SNF_SNAKEOIL 5 | |||
describe SNF_SNAKEOIL Drugs, diet aids, health scams | |||
header SNF_SNAKEOIL X-MessageSniffer-Scan-Result =~ /52/ | |||
score SNF_SPAMWARE 5 | |||
describe SNF_SPAMWARE Spamming tools and spam hosting offers | |||
header SNF_SPAMWARE X-MessageSniffer-Scan-Result =~ /51/ | |||
score SNF_DATATHEFT 5 | |||
describe SNF_DATATHEFT Movies, software, unlimited downloads | |||
header SNF_DATATHEFT X-MessageSniffer-Scan-Result =~ /50/ | |||
score SNF_AVPUSH 5 | |||
describe SNF_AVPUSH Antivirus software push | |||
header SNF_AVPUSH X-MessageSniffer-Scan-Result =~ /49/ | |||
score SNF_INSURANCE 5 | |||
describe SNF_INSURANCE Insurance offer patterns | |||
header SNF_INSURANCE X-MessageSniffer-Scan-Result =~ /48/ | |||
score SNF_TRAVEL 5 | |||
describe SNF_TRAVEL Travel offer patterns | |||
header SNF_TRAVEL X-MessageSniffer-Scan-Result =~ /47/ |
@@ -0,0 +1,156 @@ | |||
<!-- SNFMulti V3.0 Configuration File, Setup: Typical of MDaemon Plugin --> | |||
<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp --> | |||
<snf> | |||
<node identity='/MDaemon/SNF/identity.xml'> | |||
<paths> | |||
<log path='/MDaemon/SNF/'/> | |||
<rulebase path='/MDaemon/SNF/'/> | |||
<workspace path='/MDaemon/SNF/'/> | |||
</paths> | |||
<logs> | |||
<rotation localtime='no'/> | |||
<status> | |||
<second log='yes' append='no'/> | |||
<minute log='yes' append='no'/> | |||
<hour log='no' append='no'/> | |||
</status> | |||
<scan> | |||
<identifier force-message-id='no'/> | |||
<classic mode='none' rotate='no' matches='none'/> | |||
<xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/> | |||
<xheaders> | |||
<output mode='inject'/> | |||
<version on-off='off'>X-MessageSniffer-Version</version> | |||
<license on-off='off'>X-MessageSniffer-License</license> | |||
<rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase> | |||
<identifier on-off='off'>X-MessageSniffer-Identifier</identifier> | |||
<gbudb on-off='on'>X-MessageSniffer-GBUdb-Result</gbudb> | |||
<result on-off='on'>X-MessageSniffer-Scan-Result</result> | |||
<matches on-off='on'>X-MessageSniffer-Patterns</matches> | |||
<black on-off='off'>X-MessageSniffer-Spam: Yes</black> | |||
<white on-off='off'>X-MessageSniffer-White: Yes</white> | |||
<clean on-off='off'>X-MessageSniffer-Clean: Yes</clean> | |||
<symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol> | |||
<symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol> | |||
<symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol> | |||
<symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol> | |||
<symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol> | |||
<symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol> | |||
<symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol> | |||
<symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol> | |||
<symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol> | |||
<symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol> | |||
<symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol> | |||
<symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol> | |||
<symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol> | |||
<symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol> | |||
<symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol> | |||
<symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol> | |||
<symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol> | |||
<symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol> | |||
<symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol> | |||
<symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol> | |||
</xheaders> | |||
</scan> | |||
</logs> | |||
<network> | |||
<sync secs='30' host='sync.messagesniffer.net' port='25'/> | |||
<update-script on-off='on' call='/MDaemon/SNF/getRulebase.cmd' guard-time='180'/> | |||
</network> | |||
<xci on-off='on' port='9001'/> | |||
<gbudb> | |||
<database> | |||
<condense minimum-seconds-between='600'> | |||
<time-trigger on-off='on' seconds='86400'/> | |||
<posts-trigger on-off='off' posts='1200000'/> | |||
<records-trigger on-off='off' records='600000'/> | |||
<size-trigger on-off='on' megabytes='150'/> | |||
</condense> | |||
<checkpoint on-off='on' secs='3600'/> | |||
</database> | |||
<regions> | |||
<white on-off='on' symbol='0'> | |||
<edge probability='-1.0' confidence='0.4'/> | |||
<edge probability='-0.8' confidence='1.0'/> | |||
<panic on-off='on' rule-range='1000'/> | |||
</white> | |||
<caution on-off='on' symbol='40'> | |||
<edge probability='0.4' confidence='0.0'/> | |||
<edge probability='0.8' confidence='0.5'/> | |||
</caution> | |||
<black on-off='on' symbol='63'> | |||
<edge probability='0.8' confidence='0.2'/> | |||
<edge probability='0.8' confidence='1.0'/> | |||
<truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/> | |||
<sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/> | |||
</black> | |||
</regions> | |||
<training on-off='on'> | |||
<bypass> | |||
<!-- <header name='To:' find='spam@example.com'/> --> | |||
<!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> --> | |||
</bypass> | |||
<drilldown> | |||
<!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 --> | |||
<!-- <received ordinal='0' find='mixed-source.com'/> --> | |||
<!-- <received ordinal='1' find='mixed-source-internal.com'/> --> | |||
</drilldown> | |||
<source> | |||
<!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> --> | |||
<!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> --> | |||
</source> | |||
<white> | |||
<result code='1'/> | |||
<!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> --> | |||
</white> | |||
</training> | |||
</gbudb> | |||
<rule-panics> | |||
<!-- | |||
<rule id='123456'/> | |||
<rule id='123457'/> | |||
--> | |||
</rule-panics> | |||
<!-- Platform Specific Configuration --> | |||
<platform> | |||
<mdaemon> | |||
<ip-test on-off='on'/> | |||
<configurator command='start notepad' append-path='yes'/> | |||
</mdaemon> | |||
</platform> | |||
<msg-file type='rfc822'/> | |||
</node> | |||
</snf> | |||
@@ -47,7 +47,7 @@ extern "C" { | |||
void _stdcall StartupFunc(HWND Parent); // Startup Function. | |||
void _stdcall ConfigFunc(HWND Parent); // Configuration function. | |||
void _stdcall PreMessageFunc(HWND Parent, const char* File); // Message Scan Function. | |||
void _stdcall PostMessageFun(HWND Parent, const char* File); // Message Scan Function. | |||
void _stdcall SMTPMessageFunc(HWND Parent, const char* File); // IP Scan Function. | |||
void _stdcall ShutdownFunc(HWND Parent); // Shutdown Function. | |||
@@ -302,7 +302,7 @@ extern "C" void _stdcall ConfigFunc(HWND Parent) { | |||
// MessageFunc() scans a message file and injects headers. | |||
extern "C" void _stdcall PreMessageFunc(HWND Parent, const char* File){ // Message Scan Function. | |||
extern "C" void _stdcall PostMessageFun(HWND Parent, const char* File){ // Message Scan Function. | |||
LatestParent = Parent; // Capture the parent for logging. | |||
string LogMessage = "SNF MessageScan: "; // Start a plugin log entry. | |||
LogMessage.append(File); // add the file name. |
@@ -1,15 +1,18 @@ | |||
MICRONEILLIBS = -LC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLL\SNFMulti -lSNFMulti -LC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLL\CodeDweller -lCodedweller | |||
MICROINC = -IC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLL\SNFMulti -IC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLL\CodeDweller | |||
WXLIBS = -LC:\wxWidgets-3.0.4\lib\gcc_dll64 | |||
WXINC = -IC:\wxWidgets-3.0.4\include -IC:\wxWidgets-3.0.4\lib\gcc_dll64\mswu | |||
WXFLAGS = -D__GNUWIN32__ -D__WXMSW__ -DWXUSINGDLL -DwxUSE_UNICODE | |||
WXLIBS = -LC:\wxWidgets-3.0.4\lib\gcc_lib -lwxmsw30u_richtext -lwxmsw30u_xrc -lwxmsw30u_aui -lwxmsw30u_media -lwxbase30u_net -lwxmsw30u_gl -lwxbase30u_xml -lwxmsw30u_adv -lwxmsw30u_html -lwxmsw30u_core -lwxbase30u -lwxpng -lwxjpeg -lwxtiff -lwxzlib -lwxregexu -lwxexpat -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 -lshell32 -lole32 -loleaut32 -luuid -lcomctl32 -lwsock32 -lodbc32 | |||
WXINC = -IC:\wxWidgets-3.0.4\include -IC:\wxWidgets-3.0.4\lib\gcc_lib\mswu | |||
resource: | |||
windres.exe ${WXINC} -J rc -O coff -i C:\Users\Dylan\DOCUME~1\MICRON~1\SPWXDI~2\resource.rc -o resource.res | |||
wx: | |||
g++.exe -pipe -std=c++11 -mthreads ${WXFLAGS} -Wall -O2 ${WXINC} -c configdialog.cpp -o configdialog.o | |||
g++.exe -pipe -std=c++11 -mthreads ${WXFLAGS} -Wall -O2 ${WXINC} -c dialogapp.cpp -o dialogapp.o | |||
g++.exe -pipe -std=c++11 -mthreads -g -DDEBUG -O2 ${MICRONEILLIBS} ${MICROINC} -c mdconfiguration.cpp -o mdconfiguration.o | |||
g++.exe -pipe -std=c++11 -mthreads -g -DDEBUG -Wall -O2 ${MICRONEILLIBS} ${MICROINC} ${WXINC} -c main.cpp -o main.o | |||
g++.exe -std=c++11 -shared -o bin\snfmdplugin.dll main.o mdconfiguration.o configdialog.o dialogapp.o ${MICROINC} ${MICRONEILLIBS} ${WXINC} ${WXLIBS} -lws2_32 -lwxmsw30u -s -mthreads -mwindows | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DUNICODE -D_UNICODE ${WXFLAGS} -Wall -O2 ${WXINC} -c configdialog.cpp -o configdialog.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DUNICODE -D_UNICODE ${WXFLAGS} -Wall -O2 ${WXINC} -c dialogapp.cpp -o dialogapp.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DUNICODE -D_UNICODE -g -DDEBUG -Wall -O2 ${MICRONEILLIBS} ${MICROINC} -c mdconfiguration.cpp -o mdconfiguration.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DUNICODE -D_UNICODE -g -DDEBUG -Wall -O2 ${MICRONEILLIBS} ${MICROINC} ${WXINC} -c main.cpp -o main.o | |||
g++.exe -std=gnu++11 -Wall -DDEBUG -DUNICODE -D_UNICODE -g -shared -static-libgcc -static-libstdc++ -o bin\snfmdplugin.dll main.o mdconfiguration.o configdialog.o dialogapp.o ${MICROINC} ${MICRONEILLIBS} ${WXINC} -lws2_32 -s -mthreads -mwindows ${WXLIBS} |
@@ -0,0 +1,4 @@ | |||
Included with this distribution are the open-source "wget" and "gzip" files. They are | |||
used in getRulebase.bat to download and decompress rulebase files. The "wget" and "gzip" | |||
utilities included here came from http://unxutils.sourceforge.net/ and are included only | |||
for your convenience. |
@@ -0,0 +1,449 @@ | |||
SNF MDaemon Plugin Change Log... | |||
------------------------------------------------------------------------------ | |||
20080626 - Version 3.0, It's official. | |||
Changed build information. | |||
Removed extraneous comments from configuration file. | |||
20080524 - Version V2-9rc6.25.7 | |||
Optimized networking library for additional speed & stability by moving | |||
receive buffer allocation from heap to stack (automatic). | |||
Optimized timing parameters in SNFClient for improved speed. Polling dealys | |||
are now reduced to 10ms from 30ms. | |||
Removed speed-bug in SNFClient, 100ms guard time between retries was always | |||
executed after an attempt (even a successful attempt). The guard time is now | |||
condition and only fires on unsuccessful attempts. | |||
Updated XCI server logic to ensure non-blocking sockets for clients in all | |||
socket implementations. | |||
20080424 - Version V2-9rc6.24.6 | |||
Refactored snfScanData.clear() to reduce heap work and fragments. | |||
Added mutex to scanMessageFile() entry point just in case some app attempts to | |||
put multiple threads through a single engine handler. scanMessage() is already | |||
protected and fully wraped by the new scanMessageFile() mutex. | |||
Added non-specific runtime exception handling to XHDR injection code. | |||
Added 2 retries w/ 300ms delay to remove original message in XHDR inject code. | |||
If remove fails after 3 attempts the injector throws. | |||
Added 2 retries w/ 300ms delay to rename temp file to msg in XHDR inject code. | |||
If rename fails after 3 attempts the injector throws. | |||
Added IPTest logging. | |||
20080416 - Version V2-9rc5.23.6 | |||
Fixed bug where SNCY open() would fail on some Win* platforms with | |||
WSAEINVAL instead of the standard EINPROGRESS or EALREADY which were expected. | |||
Also added WSAEWOULDBLOCK to cover other "ambiguities" in windows sockets | |||
implementations. InProgress() on Win* now test for any of: | |||
WSAEINPROGRESS, WSAEALREADY, WSAEWOULDBLOCK, WSAEINVAL | |||
20080413 - Version V2-9rc5.22.6 | |||
Fixed bug in TCPHost.open() where EALREADY was not counted as a version of | |||
EINPROGRESS. This would cause open() to throw an unnecessary exception when | |||
an open() required extra time. | |||
20080413 - Version V2-9rc5.21.6 | |||
Extended timeout for SYNC session open() to the full session length. This way | |||
if a session takes a long time to open it still has a shot at success. | |||
20080411 - Version V2-9rc5.20.6 | |||
Adjusted snfNETmgr to use non-blocking open in SYNC sessions. Open timeout | |||
is 1/3 of the session timeout. Session timeout is 2 * Session pacing. Open | |||
polling uses golden spiral delay from 10ms to 340ms. | |||
20080410 - Version V2-9rc5.19.6 | |||
Adjusted XCI manager to use new snfCFGPacket paradigm in checkCFG(). | |||
Adjusted snf_RulebaseHandler::addRulePanic() to use MyMutex and eliminated | |||
the AutoPanicMutex and waiting scheme. | |||
Refactored scanMessage() to use a ScopeMutex() rather than lock()/unlock(). | |||
Refactored scanMessage() to use MyCFGPacket.isRulePanic() test. | |||
Redesigned snfCFGPacket handling to automate grab() / drop() functions. | |||
Fixed lock-up bug: Redesigned AutoPanic posting and checking mechanisms to | |||
eliminate potential dead-lock condition. Under some conditions a precisely | |||
timed auto-panic posting could cause the RulebaesHandler mutex and the | |||
AutoPanicMutex to become intertwined leading to a cascading deadlock. When | |||
this occurred all XCI processing threads and eventually the XCI listener | |||
thread would become blocked waiting to get the current configuration. | |||
20080409 - Version V2-9rc5.18.6 | |||
Enhanced XCI exception handling and logging to provide additional detail. | |||
Added code to explicitely check for zero length files in scanMessagFile(). | |||
Previously a zero length file would cause the CBFR module of the filter | |||
chain to throw an invalid buffer exception. Now if the message file is empty | |||
scanMessageFile() will throw a FileError stating FileEmpty!. | |||
20080407 - Version V2-9rc5.17.6 | |||
Enhanced exception reporting in snfXCImrg | |||
20080405 - Version V2-9rc5.16.6 | |||
Reduced safetly limits on status reports to 100K for status reports and 100K | |||
for samples. Previous values were 10M. Most full sessions from the busiest | |||
systems are < 50K total. | |||
Recoded sendDataTimeout() to break uploads into 512 byte chunks and insert | |||
delays only when a chunk is fragmented. This methodology improves reliability | |||
on Win* systems without any significant penalty on systems that don't need | |||
socket sends() to be in smaller chunks. | |||
Fixed TCPClient::transmit() and TCPHost::transmit() bug where returned byte | |||
count might be -1. Now returned byte counts can only be 0 or more. | |||
20080403 - Version SNF2-9vr5.15.5 | |||
Minor modifications to networking module to better support non-blocking open() | |||
Updated SNFClient with new timing and non-blocking open(). Worst case return | |||
time from SNFClient estimated at 200 seconds (theoretically impossible). No- | |||
connection return time from SNFClient estimated at 20 seconds. | |||
20080326 - Version SNF2-9rc4.15.4 | |||
Refactored snfNETmgr::sync() to consolidate non-blocking io routines. | |||
Added detailed thread status data to XCI listener thread. | |||
Refactored snfNETmgr::sync() to check a Timeout, removed TCPWatchdog. | |||
20080325 - Version SNF2-9rc4.12.4 | |||
Added a "Rulebase Getter" feature as part of the snf_Reloader. When enabled | |||
the Rulebase Getter will launch a user defineable system() call whenever a | |||
new rulebase file is available. The call will be repeated until the condition | |||
is cleared by a successful update of the rulebase file. The Rulebase Getter | |||
will wait a configurable "guard time" between attempts. The default system() | |||
call is "getRulebase" with a guard time of 3 minutes. In most cases this will | |||
launch the provided getRulebase script which should be present in the start | |||
location of SNFServer on most systems. Best practice is to configure the full | |||
path to the update script. The system() call is made in a separate thread so | |||
that if the system() call hangs for some reason only the Rulebase Getter is | |||
stuck. | |||
Improved exception handling/reporting in scanMessageFile(). | |||
Updated scanMessagFile() header injection code to accommodate messages with | |||
no body. Previous version would throw an exception when it could not find an | |||
injection point. The new version makes the injection point byte 0 and puts | |||
the injected headers at the top of the message using it's best guess about the | |||
type of line endings (CRLF or LF) to use. | |||
Updated Networking library to use SO_REUSEADDR by default on listeners. | |||
20080319 - Version SNF2-9rc4.11 | |||
Added IPScan on-off to snfmdplugin.xml. This allows users to turn off the | |||
IPScan feature without editing the Plugins.dat file as was previously | |||
required. The feature can now be enabled or disabled at will by editing the | |||
configuration file. | |||
Added Configuration editor options to snfmdplugin.xml. Previously the built- | |||
in configuration function was hard coded to start notepad with the config | |||
file. Now the system() call made by the ConfigFunc() can be edited in the | |||
configuration file. The configuration file name can be appended to the | |||
command optionally. The default is still to start notepad and append the | |||
configuration file path so that it is loaded automatically. It is hoped that | |||
GUI based configuration editors for the SNF plugin will be built by third | |||
parties and in the mean time folks can now configure their favorite XML file | |||
editor to modify their SNF plugin configuration. | |||
Modified API use fixed shutdown bug - The plugin used to initialize the SNF | |||
scanning engine when the DLL was loaded and would shut it down when the DLL | |||
was unloaded. Now the Startup and Shutdown functions in the MDaemon plugin | |||
API. This ensures that the engine components are started and shutdown in the | |||
proper sequence. | |||
Included new SNFEngine core (excerpts from that change log included). | |||
20080318 - SNF2-9rc1.11.exe Consolidated several mods/fixes | |||
Corrected scan error logging bug. Was posting <s/> now posts <e/>. | |||
Updated scan error logging to be more uniform with non-scan errors. | |||
Developed various script prototypes for postfix integration & automated | |||
updates on win* systems using the new UpdateReady.txt file mechanism. | |||
Fixed a bug in scanMessageFile() where an \n\n style insertion point | |||
would never be detected. | |||
Modified scanMessageFile() header injection to strip <CR> from line ends | |||
when the message file provided does not use them. The line-end style of | |||
the message file is detected while locating the insertion point. If the | |||
insertion point (first blank line) does not use <CR><LF> then the SNF | |||
generated X-Headers are stripped of <CR> in a tight loop before injection. | |||
Enhanced error and exception reporting in SNFMulti.cpp scanMessageFile(). | |||
Enhanced exception handling in networking module. All exceptions now | |||
throw descriptive runtime_error exceptions. | |||
20080306 - SNF2-9rc1.8.exe (FIRST RELEASE CANDIDATE for VERSION 3!) | |||
Added Drilldown Header Directive Functions - When the candidate source IP | |||
comes from a header matching a drilldown directive the IP is marked "Ignore" | |||
in GBUdb and the candidate is no longer eligible to be the source for that | |||
message. This allows SNF to follow the trusted chain of devices (by IP) down | |||
to the actual source of the message. It is handy for ignoring net blocks | |||
because it can match partial IPs but it is designed to allow SNF to learn | |||
it's way through the servers at large ISPs so that the original source for | |||
each message can be evaluated directly. | |||
Added Source Header Directive Functions - This feature allows SNF to acquire | |||
the source IP for a message from a specific header rather than searching | |||
through the Received headers in the message. This is useful when the original | |||
source for a message is not represented in Received headers. For example: | |||
Hotmail places the originating source IP in a special header and does not | |||
provide a Received header for that IP. This feature is protected from abuse | |||
by a "Context" feature which only activates the source header directive when | |||
specific content is found in a specific received header. Using the above | |||
example, this feature can be configured so that a Hotmail source header would | |||
only be read if the top Recieved header contained "hotmail.com [" indicating | |||
that the ptr lookup for the header matched the hotmail domain. Note: When a | |||
source is pulled from a header directive that source is put into a synthetic | |||
Received header and injected into the scanning stream (not the message) as | |||
the first Received header. | |||
Added forced source IP to XCI - It is now possible to "inject" or "force" | |||
the source IP for any message by providing that IP in the XCI request or | |||
directly in a scan...() function call. This allows the calling application | |||
to provide the source IP for a message ahead of any Received headers that | |||
might be in the message. This is useful when the calling application knows | |||
the original source IP for the message but that IP is not represented in | |||
the Received headers and it is not desireable to use the Source Header | |||
Directive mechanism. | |||
Added forced source IP mode to SNFClient - It is now possible to call the | |||
SNFClient utility with an IP4Address using the syntax: | |||
SNFClient -source=12.34.56.78 | |||
The -source mode of SNFClient exercises the forced source IP feature in | |||
the XCI (see above) | |||
Added Status Report features to SNFClient and XCI - It is now possible to | |||
request the latest status.second, status.minute, or status.hour data via | |||
the XCI and SNFClient. The syntax for requesting a status report using the | |||
SNFClient is: | |||
SNFClient -status.second | |||
SNFClient -status.minute | |||
SNFClient -status.hour | |||
In addition to providing status reports the SNFClient in this mode will | |||
return a nonzero value (usually 99) if it is unable to get a status report | |||
from SNFServer. This feature can be used to verify that SNFServer is up | |||
and responding. If SNFServer is OK then the result code returned is 0. | |||
Added result codes to SNFClient -test and XCI IP test functions - The XCI | |||
engine has been upgraded to provide the range value for the IP under test | |||
as well as the symbolic result code associated with that range. This allows | |||
the -test function to provide results that are consistent with the GBUdb | |||
configuration without additional processing: For example, if the IP falls | |||
in the Caution range then the Caution result code will be returned just | |||
as if a message had been scanned with the same IP and no pattern match | |||
occurred. The same is true for Truncate and Black range hits. | |||
Added Timestamp and Command Line Parameter data to SNFClient.exe.err - When | |||
an error occurs with SNFClient that may not appear in the SNFServer logs an | |||
entry is appended to the SNFClient.exe.err file. That in itself is not new. | |||
The new feature is that the entries added to the SNFClient.exe.err file now | |||
include timestamp and command line data to aid in debugging. | |||
Updated the Configuration Log to include all of the current configuration | |||
features and to improve it's readability. | |||
20080207 - SNF2-9b1.7.exe | |||
SYNC Timeout now 2x SYNC Schedule | |||
SNFServer now produces an UpdateReady.txt file when the UTC timestamp on | |||
the SYNC server is newer than the UTC timestamp of the active rulebase. It | |||
is presumed that a suitable update script or program will run periodically | |||
and download a fresh rulebase file if the UpdateReady.txt file is present. | |||
The update script should remove the UpdateReady.txt file when it completes | |||
a successful download of the new rulebase file. | |||
Added available rulebase UTC in status reports <udate utc.../> | |||
Added Automatic path fixup for ending / or \ | |||
Added option to use local time in log rotation <rotation localtime='no'/> | |||
The default is still utc. | |||
20071102 - SNF2-9b1.6.exe | |||
Increased MAX_EVALS from 1024 to 2048. | |||
Adjusted defult range envelopes in snf_engine.xml to be more conservative. | |||
20071017 - Version SNF2-9b1.5 | |||
Added a missing #include directive to the networking.hpp file. The | |||
missing #include was not a factor on Linux and Windows systems but | |||
caused compiler errors on BSD systems. | |||
Corrected a bug in the GBUdb White Range code where any message with a | |||
white range source IP was being forced to the white result code. The | |||
engine now (correctly) only forces the result and records the event when | |||
a black pattern rule was matched and the White Range IP causes that | |||
scan result to be overturned. If the scan result was not a black pattern | |||
match then the original scan result is allowed to pass through. | |||
Corrected a bug in the Header Analysis filter chain module that would | |||
cause the first header in the message to be ignored in some cases. | |||
Corrected an XML log format problem so that <s/> elements are correctly | |||
open ended <s ....> or closed (empty) <s..../> according to whether they | |||
have subordinate elements. | |||
Adjusted the GBUdb header info format. The order of the Confidence | |||
figure and Probabilty figure is now the same as in the XML log files | |||
(C then P). The confidence and probability figures are now preceeded | |||
with c= and p= respectively so that it's easy to tell which is which. | |||
20071009 Version 2-9b1.4 | |||
Tightened up the XCI handler code and removed the watchdog. The watchdog | |||
would restart the listener if there were no connections in 5 minutes. It | |||
was originally added to provide additional stability, however in practice | |||
there have been no "stalled listeners". Also, a stalled listener would | |||
likely be a sign of a different problem that the watchdog would tend to | |||
hide. | |||
Modified and refactored the XCI configuration management code. All XCI config | |||
changes and up-down operations are now handled in a single function except | |||
upon exit from the main XCI thread where XCI_shutdown() is always called. | |||
Added some more detailed exception handling code to the XCI component so that | |||
more data will be logged in the event of an error. | |||
Reviewed and modified the InstallInstructions.txt file. Removed this log | |||
to this separate file. | |||
Modified the snfmdplugin.xml file to properly configure the new features in | |||
the engine. | |||
* Header training directives and new <training/> section. | |||
* XCI interface configuration. | |||
* Tweaks to GBUdb ranges. | |||
* msg-file type configuration (not used in MDaemon, but configured anyway) | |||
---- | |||
Version 2-9a11 (engine a53) | |||
* Enhanced IP extraction from Received headers so that any unexpected bytes | |||
between the [ and ] will force the attempt to be aborted. | |||
* Fix the IP test code so that the IP 0.0.0.0 cannot be the source IP and | |||
cannot be tested. | |||
Version 2-9a11 (engine a52) | |||
* Corrected plug-in log entry logic. Allowed/Rejected tag now comes directly | |||
from the message rejection logic and is accurate in all cases. | |||
Version 2-9a10 (engine a52) | |||
* Corrected a bug in the MessageIPFunc where Ignore flagged IPs would still | |||
cause rejected messages if the statistics were in the Truncate range. Now | |||
messages are rejected in only two cases: | |||
The Flag is _Ugly_ and the rating is _Truncate_ or, the Flag is _Bad_. | |||
Version 2-9a9 (engine a52) | |||
* Adjusted IPtest module in HeaderAnalysis to handle TooManyIPs exception | |||
locally and silently. | |||
* Increased HeaderAnalysis IP limit from 20 to 50. | |||
Version 2-9a9 (engine a51) | |||
* Corrected possible heap corruption bug in EvaulationMatrix Destructors. | |||
* Added trace strings to scanMessage() for tighter panic reporting. | |||
* Added caching to snf_engine Evaluator allocation scheme. | |||
* Added optimizations to snf_engine Evaluator safety checks. | |||
Version 2-9a8 | |||
* Added deep exception handling to Token Matrix objects. | |||
Version 2-9a7 | |||
* Exception handling throughout the engine has been refactored to use std:exception | |||
and to provide additional detail via e.what() | |||
* The plug-in log will now show e.what() data as SNF Debug: whenever an exception | |||
is thrown during a message scan. | |||
Version 2-9a6 | |||
* Adjusted .ctl file path converter to accept either .msg or .tmp paths. | |||
Version 2-9a5 | |||
A lot of new things were learned, updated, and corrected. | |||
* Fixed the "lockup" when the plugin failed to start successfully. The cause of this | |||
appears to be a threading issue associated with DLLs that are being initialized. | |||
If threads are created during the initialization of a DLL, the DLL must succeed! | |||
The threads that are created do not get any cycles until after the DLL is loaded | |||
successfully. As a result, if the initialization process attempts to join() these | |||
threads a deadlock is created. The fix was to allow the SNF plugin initialization | |||
process to succeed in all cases while setting a flag that forces the engine to | |||
be inert if the initialization was not successful. When the DLL is later unloaded | |||
the threads are already running so the join() calls that are part of the engine | |||
cleanup code are able to complete without incident. | |||
* Installed detailed exception handling for the start-up sequence. The plugin can | |||
now report on very specific reasons for failing to initialize properly. | |||
* Fixed a bug in the GBUdbIgnoreList processor where long lines would cause the | |||
remainder of the file not to be read. The line length limit still exists, but | |||
it is now 255 characters which is unlikely to occur and would be considered | |||
incorrect formatting. | |||
* The threading library now includes top-level exception handling to trap any | |||
exception that was not handled by myTask(). Along with this two flags were | |||
added to thread objects: isRunning() and isBad(). isRunning() is true when a | |||
thread object is still active. isBad() is true if the thread failed to start or | |||
an exception escaped myTask(). | |||
* At least one GBUdbIgnoreList entry is now REQUIRED. If the count of IPs from the | |||
GBUdbIgnoreList.txt file is less than 1 (or the file is missing) then the plug-in | |||
will complain and fail to start. | |||
* snf2check.exe has been removed from the distribution for the time being since it | |||
causes some systems to strip the attachment or block the email. This is the same | |||
program that is already on existing SNF systems. |
@@ -0,0 +1,10 @@ | |||
# List of IPs to Ignore on startup | |||
# Each IP in this list is set to Ignore in GBUdb when | |||
# The configuration is loaded. | |||
# Hash mark on the beginning of a line indicates a comment. | |||
# Comments after an IP are also ignored. | |||
# One line per IP. Sorry, no CIDR yet. | |||
# Be sure to list ALL of your gateways :-) | |||
127.0.0.1 # ignore localhost, of course. | |||
@@ -0,0 +1,146 @@ | |||
MDaemon Plugin V2.9rc* (V3) installation instructions | |||
------------------------------------------------------------------------------ | |||
1. Locate your \MDaemon directory (Usually c:\MDaemon) | |||
2. Create the directory \MDaemon\SNF | |||
3. Copy the distribution files to \MDaemon\SNF | |||
4. Edit identity.xml in notepad. | |||
4.1. Replace licensid with your SNF license ID. | |||
4.2. Replace authenticationxx with your SNF authentication code. | |||
5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat) | |||
5.1. If you already have a Plugins.dat file | |||
5.1.1. Copy the contents of the Plugins.dat file in the distribution | |||
to the Plugins.dat file you have. | |||
5.1.2. If you have a [Message Sniffer] section in your Plugins.dat | |||
file then make a copy of it (for backup) then remove that | |||
section. (This will disable your previous Message Sniffer | |||
installation) | |||
5.2. If you do not already have a Plugins.dat file | |||
5.2.1. Copy the Plugins.dat file from the distribution to your | |||
\MDaemon\App directory. | |||
6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules | |||
7. Download your SNF rulebase file and place it in your SNF directory. | |||
7.1. Once you've signed up for a 30 Day free Trial or purchased a license for | |||
SNF you will receive update notifications via email. These notifications | |||
contain instructions on how to download your rulebase file. You can get | |||
your 30 Day Free Trial started by visiting www.armresearch.com. | |||
7.2. We have included an update script and utilities that you can use to | |||
automate updates to your rulebase file. The SNFServer engine that runs | |||
inside the plugin will produce an UpdateReady.txt file any time the local | |||
rulbase file is older than the latest available update. The included | |||
getRulebase.cmd script checks for this file and uses the open source | |||
wget and gzip utilities to download, validate, and replace your rulebase | |||
file automatically. | |||
7.2.1. Edit the top of the getRulebase.cmd file to establish the correct | |||
working directory, authentication string, and license ID for your | |||
rulebase files. | |||
7.2.2. Verify that the <update-script/> section of your snfmdplugin.xml file | |||
points to the correct location of the getRulebase.cmd script. This new | |||
feature will automatically run the getRulebase.cmd script whenever a | |||
newer rulebase file is available on our servers. | |||
8. Edit the GBUdbIgnoreList.txt file in notepad. | |||
8.1 Add the IP of any gateways you have as well as any systems you | |||
have that send mail through your mail server. | |||
8.2 It is very important to populate your GBUdbIgnoreList if you have | |||
gateways ahead of your mail server or else GBUdb will learn that | |||
those systems are responsible for sending spam! The GBUdb engine | |||
uses the ignore list to determine the actual source IP of the message. | |||
The first IP it sees in the headers that is not on the ignore list | |||
is determined to be the source IP for the message. Since most email | |||
"in the wild" these days are spam, any gateways that are not listed | |||
will be seen to be sending mostly spam - in error, of course. | |||
8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If | |||
you wish to ignore (mark as infrastructure) blocks of IPs then you should | |||
use the <drilldown/> section of the snfmdplugin.xml file to enter | |||
patterns that match the network blocks you want to ignore. For example, | |||
if you want to ignore servers in the 12.34.56.0/24 network block then | |||
you would enter a drilldown rule like: | |||
<drilldown> | |||
... | |||
<received ordinal='0' find='[12.34.56.'/> | |||
The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0) | |||
received header if that header contains the string '[12.34.56.'. Of | |||
course that string will match every IP in the 12.34.56.0/24 class C | |||
block so any servers in that block which deliver mail to the SNF equiped | |||
server will be learned as infrastructure (ignore flag set). | |||
9. Review and adjust your snfmdplugin.xml file | |||
9.1. Check the paths at the top of the file and make sure they are complete and | |||
correct. In most cases the defaults will work, but if you've installed | |||
MDaemon & SNF on a different drive or in a different directory it would | |||
be best to update these paths: | |||
9.1.1. Find/Check <snf><node identity.../> | |||
9.1.2. Find/Check <snf><node><paths><log path.../> | |||
9.1.3. Find/Check <snf><node><paths><rulebase path.../> | |||
9.1.4. Find/Check <snf><node><paths><workspace path.../> | |||
9.2. If you have any addresses where people legitimately send spam such as an | |||
abuse reporting address or support address then you should enter that | |||
address into the <snf><node><gbudb><training><bypass/> section of the | |||
snfmdplugin.xml file. For example an abuse reporting address might look | |||
like this: | |||
<bypass> | |||
... | |||
<header name='To:' find='spam@example.com'/> | |||
The rule tells GBUdb to bypass it's training mechanism if it finds a | |||
'To:' header in a message that contains 'spam@example.com'. This should | |||
prevent customer's IPs from being learned as spam sources when they send | |||
messages to spam@example.com. | |||
9.3. Your system practices and policies may require additional rules in order | |||
to get the best performance from the GBUdb system. For more information | |||
please check out www.armresearch.com, support@armresearch.com, and our | |||
community list sniffer@sortmonster.com. | |||
10. Restart MDaemon. | |||
11. Verify the SNF plugin is installed | |||
11.1. In the plug-ins log tab you should see: | |||
Attempting to load 'SNF' plugin | |||
* ConfigFunc: ConfigFunc@4 (Ok, ready to use) | |||
* StartupFunc: Startup@4 (Ok, ready to use) | |||
* ShutdownFunc: Shutdown@4 (Ok, ready to use) | |||
* PreMessageFunc: (NULL) | |||
* PostMessageFunc: MessageFunc@8 (Ok, ready to use) | |||
* SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use) | |||
* SMTPMessageFunc2: (NULL) | |||
* SMTPMessageFunc3: (NULL) | |||
* DomainPOPMessageFunc: (NULL) | |||
* MultiPOPMessageFunc: (NULL) | |||
* Result: success (plugin DLL loaded in slot 0) | |||
---------- | |||
SNF plugin is starting up | |||
SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30 | |||
SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20 | |||
SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml | |||
---------- | |||
Note that the slot may be different if you have other plugins. | |||
11.2. When your system processes a message you should see something like: | |||
SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0 | |||
If you have a valid AntiVirus for MDaemon license you should also see | |||
a line similar to this: | |||
SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425, Normal} Allowed. | |||
11.3. In your messages you should see some new headers similar to: | |||
X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal | |||
X-MessageSniffer-Scan-Result: 0 | |||
X-MessageSniffer-Patterns: | |||
0-0-0-998-c |
@@ -0,0 +1,12 @@ | |||
[SNF] | |||
MenuText=Configure SNF Plug-in | |||
Enable=Yes | |||
DllPath=C:\MDaemon\SNF\snfmdplugin32.dll | |||
StartupFuncName=StartupFunc@4 | |||
ConfigFuncName=ConfigFunc@4 | |||
PostMessageFuncName=PostMessageFunc@8 | |||
SMTPMessageFuncName3=SMTPMessageFunc@8 | |||
ShutdownFuncName=ShutdownFunc@4 | |||
PluginDoesAllLogging=No | |||
NonAuthOnly=Yes |
@@ -0,0 +1,182 @@ | |||
SNFClient Readme | |||
Command line client for SNF. This utility formats and processes SNF_XCI | |||
requests through the SNF Engine working on the local machine. In general | |||
this utility can be used as a replacement for the earlier SNF command | |||
line scanner. It is also useful for other uses such as debugging and | |||
communicating with GBUdb. | |||
Note: Unlike prior versions of SNF, this command line utility does not | |||
need to be "branded" (renamed for the SNF license id). | |||
_________ | |||
Help Mode | |||
SNFClient.exe | |||
When called with no command line parameters the utility produces | |||
help and version information. | |||
__________ | |||
Debug Mode | |||
SNFDebugClient.exe | |||
When "debug" or "Debug" appears in the path to the program name | |||
or if the program's name is altered to include the word "debug" or | |||
"Debug" then the program will produce additional information about | |||
it's operation to aid in debugging problems. This includes the | |||
entire raw SNF_XCI request and response. | |||
__________________ | |||
Message Scan Modes | |||
These modes are used to scan email message files (the data part of | |||
smtp). This utility can be used as a drop-in replacement for previous | |||
verions of SNF (Message Sniffer) for scanning messages. However, this | |||
new version does not need to be "branded" (renamed for the license id) | |||
and will ignore the authentication string if it is provided. Also, | |||
since the newer version of SNF uses a client-server model and not a | |||
peer-server model, there is no need for a "persistent" mode. | |||
If "persistent" is passed to this utility on the command line as it | |||
would be used in prior versions of SNF then it will be treated like | |||
a file name and the scan will normally fail since a file named | |||
"persistent" is not likely to exist. | |||
SNFClient.exe <FileNameToScan> | |||
Scan Mode: Scans <FileNameToScan> and returns a result code. | |||
SNFClient.exe <authenticationxx> <FileNameToScan> | |||
Compatibility Mode: Ignores <authenticationxx> then scans the | |||
<FileNameToScan> and returns a result code. This mode provides | |||
drop-in compatibility with previous versions of SNF. | |||
SNFClient.exe -xhdr <FileNameToScan> | |||
XHeader Mode: Scans <FileNameToScan> and returns the result. Also | |||
outputs the contents of the X-Headers created by the SNF engine. If | |||
the SNF engine is configured to inject these headers then they will | |||
also have been injected into the <FileNameToScan>. | |||
The SNF Engine can be configured to provide the X-Headers only to | |||
the API without injecting them. In this case the XHeader Mode will | |||
display the X-Headers that would be injected, but they will not | |||
have been injected into the <FileNameToScan>. | |||
If the SNF Engine is configured not to produce X-Headers (none) then | |||
the XHeader Mode will not produce X-Headers because they will not | |||
have been generated by the engine. | |||
(note: -xhdr and -source options can be combined) | |||
SNFClient.exe -source=<IP4Address> <FileNameToScan> | |||
Source-IP Mode: Scans <FileNameToScan> and returns the result. The | |||
provided source IP is injected into the scan as the first Received | |||
header so that the scanning engine will presume the IP is the source | |||
of the message. This allows you to pre-define the source IP for the | |||
message when there is no other received header or when the received | |||
headers may be incorrect or may not present the actual source of | |||
the message. | |||
(note: -xhdr and -source options can be combined) | |||
_____________________________ | |||
SNFServer Status Report Modes | |||
SNFClient.exe -status.second | |||
SNFClient.exe -status.minute | |||
SNFClient.exe -status.hour | |||
This mode returns the latest posted status report as indicated. | |||
Normally these status reports are also posted to files in the | |||
SNFServer workspace. | |||
In this mode the SNFClient will return a result code (error level) | |||
of 0 when the request is successful and 99 (or some nonzero value) | |||
when the request is not successful. This allows the SNFClient to | |||
be used to verify that the SNFServer is running. | |||
Note: In most other modes the SNFClient returns a fail-safe 0 | |||
result code to avoid tagging messages as spam when there are errors. | |||
________________________ | |||
XCI Server Command Modes | |||
These features will expand as needed in later versions. | |||
SNFClient.exe -shutdown | |||
If the SNF Engine is running in an application that accepts SNF_XCI | |||
server commands then this mode will send that command. The shutdown | |||
command may have no effect if the application does not use the SNF_XCI | |||
server commnand interface or does not recognize the command. | |||
___________ | |||
GBUdb Modes | |||
These modes are used to communicate with the GBUdb system on the | |||
local node. It is possible to test (read out) an IP record or make | |||
any of a number of changes to IP data in the GBUdb. | |||
SNFClient.exe -test <IP4Address> | |||
Returns the current GBUdb statistics for the <IP4Address> | |||
SNFClient also returns a result code that matches the GBUdb range | |||
for the tested IP. These ranges are defined in the SNFServer | |||
configuration file. By default they are: | |||
20 - Truncate | |||
63 - Black | |||
40 - Caution | |||
0 - Normal | |||
SNFClient.exe -set <IP4Address> <flag> <bad> <good> | |||
Creates or updates the data for <IP4Address> as provided. The | |||
<IP4Address> must be provided as well as at least one of | |||
<flag>, <bad>, and <good>. If <flag>, <bad>, or <good> are | |||
to be left unchanged then they should be entered as a dash "-". | |||
Examples: | |||
Set all data for an IP. The flag will be "ugly", the bad count | |||
will be 0 and the good count will be 1000. | |||
SNFClient.exe -set 12.34.56.78 Ugly 0 1000 | |||
Set the flag to "ignore" and do not change the counts. | |||
SNFClient.exe -set 12.34.56.78 ignore - - | |||
Set the good count to 400 and do not change anything else. | |||
SNFClient.exe -set 12.34.56.78 - - 400 | |||
SNFClient.exe -good <IP4Address> | |||
Creates or updates statistics for the <IP4Address>. Increases the | |||
good count by one. (Record a good event) | |||
SNFClient.exe -bad <IP4Address> | |||
Creates or updates statistics for the <IP4Address>. Increases the | |||
bad count by one. (Record a bad event) | |||
SNFClient.exe -drop <IP4Address> | |||
Removes all local data for the <IP4Address>. Anything the local | |||
system "knows" about the IP is forgotten. Next time the IP is | |||
encountered it will be treated as new. | |||
____________________ | |||
For More Information | |||
See www.armresearch.com | |||
Copyright (C) 2007-2008 Arm Research Labs, LLC. | |||
@@ -0,0 +1,47 @@ | |||
@ECHO OFF | |||
SETLOCAL | |||
REM ----- Edit This Section -------- | |||
SET SNIFFER_PATH=\mdaemon\snf | |||
SET AUTHENTICATION=authenticationxx | |||
SET LICENSE_ID=licensid | |||
REM -------------------------------- | |||
CD /d %SNIFFER_PATH% | |||
if not exist UpdateReady.txt GOTO DONE | |||
if exist UpdateReady.lck GOTO DONE | |||
:DOWNLOAD | |||
COPY UpdateReady.txt UpdateReady.lck | |||
wget http://www.sortmonster.net/Sniffer/Updates/%LICENSE_ID%.snf -O %LICENSE_ID%.new.gz --header=Accept-Encoding:gzip --http-user=sniffer --http-passwd=ki11sp8m | |||
if exist %LICENSE_ID%.new.gz gzip -d -f %LICENSE_ID%.new.gz | |||
snf2check.exe %LICENSE_ID%.new %AUTHENTICATION% | |||
if errorlevel 1 goto CLEANUP | |||
if exist %LICENSE_ID%.old del %LICENSE_ID%.old | |||
rename %LICENSE_ID%.snf %LICENSE_ID%.old | |||
rename %LICENSE_ID%.new %LICENSE_ID%.snf | |||
if exist UpdateReady.txt del UpdateReady.txt | |||
if exist UpdateReady.lck del UpdateReady.lck | |||
:CLEANUP | |||
if exist %LICENSE_ID%.new del %LICENSE_ID%.new | |||
if exist UpdateReady.lck del UpdateReady.lck | |||
:DONE | |||
ENDLOCAL | |||
@@ -0,0 +1 @@ | |||
<snf><identity licenseid='licensid' authentication='authenticationxx'/></snf> |
@@ -0,0 +1,80 @@ | |||
## Basic rules for detecting Message Sniffer header emissions | |||
## so that they can be given scores in subsequent SpamAssassin | |||
## scanning. Modify the scores and headers as needed for your | |||
## system. | |||
score SNF_IPTRUNCATE 10 | |||
describe SNF_IPTRUNCATE IP Source consistently sends spam | |||
header SNF_IPTRUNCATE X-MessageSniffer-Scan-Result =~ /20/ | |||
score SNF_IPCAUTION 3 | |||
describe SNF_IPCAUTION New IP source mixed scan results | |||
header SNF_IPCAUTION X-MessageSniffer-Scan-Result =~ /40/ | |||
score SNF_IPBLACK 4 | |||
describe SNF_IPBLACK Static IP rules and GBUdb Black | |||
header SNF_IPBLACK X-MessageSniffer-Scan-Result =~ /63/ | |||
score SNF_OBFUSCATION 5 | |||
describe SNF_OBFUSCATION Obfuscation detection | |||
header SNF_OBFUSCATION X-MessageSniffer-Scan-Result =~ /62/ | |||
score SNF_ABSTRACT 5 | |||
describe SNF_ABSTRACT Abstracted spam patterns | |||
header SNF_ABSTRACT X-MessageSniffer-Scan-Result =~ /61/ | |||
score SNF_GENERAL 5 | |||
describe SNF_GENERAL General spam content - unclassified | |||
header SNF_GENERAL X-MessageSniffer-Scan-Result =~ /60/ | |||
score SNF_GAMBLE 5 | |||
describe SNF_GAMBLE Gambling and Casino spam patterns | |||
header SNF_GAMBLE X-MessageSniffer-Scan-Result =~ /59/ | |||
score SNF_DEBT 5 | |||
describe SNF_DEBT Debt and Credit offer spam patterns | |||
header SNF_DEBT X-MessageSniffer-Scan-Result =~ /58/ | |||
score SNF_GETRICH 5 | |||
describe SNF_GETRICH Home Biz, Stock Push, get rich quick | |||
header SNF_GETRICH X-MessageSniffer-Scan-Result =~ /57/ | |||
score SNF_TONER 5 | |||
describe SNF_TONER Ink and Toner offer spam patterns | |||
header SNF_TONER X-MessageSniffer-Scan-Result =~ /56/ | |||
score SNF_MALWARE 5 | |||
describe SNF_MALWARE Virus, worm, and exploit patterns | |||
header SNF_MALWARE X-MessageSniffer-Scan-Result =~ /55/ | |||
score SNF_ADULT 5 | |||
describe SNF_ADULT Porn and Adult spam patterns | |||
header SNF_ADULT X-MessageSniffer-Scan-Result =~ /54/ | |||
score SNF_SCAM 5 | |||
describe SNF_SCAM Phishing, 419, and other scam patterns | |||
header SNF_SCAM X-MessageSniffer-Scan-Result =~ /53/ | |||
score SNF_SNAKEOIL 5 | |||
describe SNF_SNAKEOIL Drugs, diet aids, health scams | |||
header SNF_SNAKEOIL X-MessageSniffer-Scan-Result =~ /52/ | |||
score SNF_SPAMWARE 5 | |||
describe SNF_SPAMWARE Spamming tools and spam hosting offers | |||
header SNF_SPAMWARE X-MessageSniffer-Scan-Result =~ /51/ | |||
score SNF_DATATHEFT 5 | |||
describe SNF_DATATHEFT Movies, software, unlimited downloads | |||
header SNF_DATATHEFT X-MessageSniffer-Scan-Result =~ /50/ | |||
score SNF_AVPUSH 5 | |||
describe SNF_AVPUSH Antivirus software push | |||
header SNF_AVPUSH X-MessageSniffer-Scan-Result =~ /49/ | |||
score SNF_INSURANCE 5 | |||
describe SNF_INSURANCE Insurance offer patterns | |||
header SNF_INSURANCE X-MessageSniffer-Scan-Result =~ /48/ | |||
score SNF_TRAVEL 5 | |||
describe SNF_TRAVEL Travel offer patterns | |||
header SNF_TRAVEL X-MessageSniffer-Scan-Result =~ /47/ |
@@ -0,0 +1,156 @@ | |||
<!-- SNFMulti V3.0 Configuration File, Setup: Typical of MDaemon Plugin --> | |||
<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp --> | |||
<snf> | |||
<node identity='/MDaemon/SNF/identity.xml'> | |||
<paths> | |||
<log path='/MDaemon/SNF/'/> | |||
<rulebase path='/MDaemon/SNF/'/> | |||
<workspace path='/MDaemon/SNF/'/> | |||
</paths> | |||
<logs> | |||
<rotation localtime='no'/> | |||
<status> | |||
<second log='yes' append='no'/> | |||
<minute log='yes' append='no'/> | |||
<hour log='no' append='no'/> | |||
</status> | |||
<scan> | |||
<identifier force-message-id='no'/> | |||
<classic mode='none' rotate='no' matches='none'/> | |||
<xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/> | |||
<xheaders> | |||
<output mode='inject'/> | |||
<version on-off='off'>X-MessageSniffer-Version</version> | |||
<license on-off='off'>X-MessageSniffer-License</license> | |||
<rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase> | |||
<identifier on-off='off'>X-MessageSniffer-Identifier</identifier> | |||
<gbudb on-off='on'>X-MessageSniffer-GBUdb-Result</gbudb> | |||
<result on-off='on'>X-MessageSniffer-Scan-Result</result> | |||
<matches on-off='on'>X-MessageSniffer-Patterns</matches> | |||
<black on-off='off'>X-MessageSniffer-Spam: Yes</black> | |||
<white on-off='off'>X-MessageSniffer-White: Yes</white> | |||
<clean on-off='off'>X-MessageSniffer-Clean: Yes</clean> | |||
<symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol> | |||
<symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol> | |||
<symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol> | |||
<symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol> | |||
<symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol> | |||
<symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol> | |||
<symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol> | |||
<symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol> | |||
<symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol> | |||
<symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol> | |||
<symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol> | |||
<symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol> | |||
<symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol> | |||
<symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol> | |||
<symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol> | |||
<symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol> | |||
<symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol> | |||
<symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol> | |||
<symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol> | |||
<symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol> | |||
</xheaders> | |||
</scan> | |||
</logs> | |||
<network> | |||
<sync secs='30' host='sync.messagesniffer.net' port='25'/> | |||
<update-script on-off='on' call='/MDaemon/SNF/getRulebase.cmd' guard-time='180'/> | |||
</network> | |||
<xci on-off='on' port='9001'/> | |||
<gbudb> | |||
<database> | |||
<condense minimum-seconds-between='600'> | |||
<time-trigger on-off='on' seconds='86400'/> | |||
<posts-trigger on-off='off' posts='1200000'/> | |||
<records-trigger on-off='off' records='600000'/> | |||
<size-trigger on-off='on' megabytes='150'/> | |||
</condense> | |||
<checkpoint on-off='on' secs='3600'/> | |||
</database> | |||
<regions> | |||
<white on-off='on' symbol='0'> | |||
<edge probability='-1.0' confidence='0.4'/> | |||
<edge probability='-0.8' confidence='1.0'/> | |||
<panic on-off='on' rule-range='1000'/> | |||
</white> | |||
<caution on-off='on' symbol='40'> | |||
<edge probability='0.4' confidence='0.0'/> | |||
<edge probability='0.8' confidence='0.5'/> | |||
</caution> | |||
<black on-off='on' symbol='63'> | |||
<edge probability='0.8' confidence='0.2'/> | |||
<edge probability='0.8' confidence='1.0'/> | |||
<truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/> | |||
<sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/> | |||
</black> | |||
</regions> | |||
<training on-off='on'> | |||
<bypass> | |||
<!-- <header name='To:' find='spam@example.com'/> --> | |||
<!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> --> | |||
</bypass> | |||
<drilldown> | |||
<!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 --> | |||
<!-- <received ordinal='0' find='mixed-source.com'/> --> | |||
<!-- <received ordinal='1' find='mixed-source-internal.com'/> --> | |||
</drilldown> | |||
<source> | |||
<!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> --> | |||
<!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> --> | |||
</source> | |||
<white> | |||
<result code='1'/> | |||
<!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> --> | |||
</white> | |||
</training> | |||
</gbudb> | |||
<rule-panics> | |||
<!-- | |||
<rule id='123456'/> | |||
<rule id='123457'/> | |||
--> | |||
</rule-panics> | |||
<!-- Platform Specific Configuration --> | |||
<platform> | |||
<mdaemon> | |||
<ip-test on-off='on'/> | |||
<configurator command='start notepad' append-path='yes'/> | |||
</mdaemon> | |||
</platform> | |||
<msg-file type='rfc822'/> | |||
</node> | |||
</snf> | |||
@@ -0,0 +1,184 @@ | |||
#include "configdialog.h" | |||
//(*InternalHeaders(configdialog) | |||
#include <wx/bitmap.h> | |||
#include <wx/button.h> | |||
#include <wx/font.h> | |||
#include <wx/image.h> | |||
#include <wx/intl.h> | |||
#include <wx/string.h> | |||
//*) | |||
//(*IdInit(configdialog) | |||
const long configdialog::ID_STATICBITMAP1 = wxNewId(); | |||
const long configdialog::ID_STATICTEXT2 = wxNewId(); | |||
const long configdialog::ID_STATICTEXT3 = wxNewId(); | |||
const long configdialog::ID_STATICTEXT1 = wxNewId(); | |||
const long configdialog::ID_HYPERLINKCTRL2 = wxNewId(); | |||
const long configdialog::ID_HYPERLINKCTRL1 = wxNewId(); | |||
//*) | |||
BEGIN_EVENT_TABLE(configdialog,wxDialog) | |||
//(*EventTable(configdialog) | |||
//*) | |||
END_EVENT_TABLE() | |||
bool fileExists(const std::string &fileName) { | |||
return std::ifstream(fileName.c_str()).good(); | |||
} | |||
void configdialog::OnQuit(wxCommandEvent& event) | |||
{ | |||
Close(TRUE); | |||
} | |||
std::string configdialog::utf8_encode(const std::wstring &wstr) | |||
{ | |||
if( wstr.empty() ) return std::string(); | |||
int size_needed = WideCharToMultiByte(CP_UTF8, 0, &wstr[0], (int)wstr.size(), NULL, 0, NULL, NULL); | |||
std::string strTo( size_needed, 0 ); | |||
WideCharToMultiByte (CP_UTF8, 0, &wstr[0], (int)wstr.size(), &strTo[0], size_needed, NULL, NULL); | |||
return strTo; | |||
} | |||
std::wstring getSNFFilePath() { // Get the config file path. | |||
std::wstring install_pathW; | |||
HKEY hKey; | |||
WCHAR szBuffer[512]; | |||
DWORD dwBufferSize = sizeof(szBuffer); | |||
std::wstring regValue = L""; | |||
if (ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Alt-N Technologies\\MDaemon", 0, KEY_READ, &hKey)){ | |||
if(ERROR_SUCCESS == RegQueryValueEx(hKey, (LPCWSTR) L"AppPath", NULL, NULL, (LPBYTE) &szBuffer, &dwBufferSize)){ | |||
RegCloseKey(hKey); | |||
regValue = std::wstring(szBuffer); | |||
std::wstring termCheck; | |||
for(auto val: regValue){ | |||
if(val != L'\0'){ | |||
termCheck += val; | |||
} | |||
} | |||
if(termCheck.size() == 512){ | |||
regValue = L""; // RegValue wasn't null terminated | |||
} | |||
else{ | |||
int PathEnd = regValue.length(); // Grab the length. | |||
if(PathEnd > 0) { regValue.erase(PathEnd-1,1); } // Eat the stroke at the end. | |||
PathEnd = regValue.find_last_of(L"\\"); // Find the next stroke in. | |||
int PathLength = regValue.length(); // Grab the path length. | |||
int EraseSpan = PathLength - (PathEnd+1); // Calculate the amount to erase. | |||
regValue.erase(PathEnd+1,EraseSpan); // Erase it to get the root path. | |||
regValue.append(L"SNF\\"); | |||
} | |||
} | |||
} | |||
// Return either the empty string or the configuration file path. | |||
return regValue; // Return what we have. | |||
} | |||
configdialog::configdialog(wxWindow* parent,wxWindowID id) | |||
{ | |||
install_path = utf8_encode(getSNFFilePath()); | |||
wxBitmap logo = wxNullBitmap; | |||
std::string image_loc = install_path + "\\logo.png"; | |||
if(fileExists(image_loc)){ | |||
logo = wxBitmap(wxImage(image_loc)); | |||
} | |||
//(*Initialize(configdialog) | |||
wxFlexGridSizer* FlexGridSizer10; | |||
wxFlexGridSizer* FlexGridSizer1; | |||
wxFlexGridSizer* FlexGridSizer2; | |||
wxFlexGridSizer* FlexGridSizer3; | |||
wxFlexGridSizer* FlexGridSizer4; | |||
wxFlexGridSizer* FlexGridSizer5; | |||
wxFlexGridSizer* FlexGridSizer6; | |||
wxFlexGridSizer* FlexGridSizer7; | |||
wxFlexGridSizer* FlexGridSizer8; | |||
wxFlexGridSizer* FlexGridSizer9; | |||
wxStdDialogButtonSizer* StdDialogButtonSizer1; | |||
Create(parent, wxID_ANY, _("SNF Configuration"), wxDefaultPosition, wxDefaultSize, wxSTAY_ON_TOP|wxCAPTION|wxDEFAULT_DIALOG_STYLE|wxSYSTEM_MENU|wxCLOSE_BOX|wxTAB_TRAVERSAL, _T("wxID_ANY")); | |||
SetFocus(); | |||
FlexGridSizer1 = new wxFlexGridSizer(6, 1, 1, 1); | |||
FlexGridSizer6 = new wxFlexGridSizer(0, 2, 0, 0); | |||
FlexGridSizer7 = new wxFlexGridSizer(0, 3, 0, 0); | |||
StaticBitmap1 = new wxStaticBitmap(this, ID_STATICBITMAP1, logo, wxDefaultPosition, wxDefaultSize, wxNO_BORDER, _T("ID_STATICBITMAP1")); | |||
FlexGridSizer7->Add(StaticBitmap1, 1, wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer6->Add(FlexGridSizer7, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer1->Add(FlexGridSizer6, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer8 = new wxFlexGridSizer(3, 1, 0, 0); | |||
StaticText2 = new wxStaticText(this, ID_STATICTEXT2, _("SNF MDaemon Plugin Version 4.0"), wxDefaultPosition, wxDefaultSize, 0, _T("ID_STATICTEXT2")); | |||
wxFont StaticText2Font(12,wxFONTFAMILY_SWISS,wxFONTSTYLE_NORMAL,wxFONTWEIGHT_BOLD,false,_T("Arial"),wxFONTENCODING_DEFAULT); | |||
StaticText2->SetFont(StaticText2Font); | |||
FlexGridSizer8->Add(StaticText2, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer9 = new wxFlexGridSizer(0, 3, 0, 0); | |||
StaticText3 = new wxStaticText(this, ID_STATICTEXT3, _("License ID: "), wxDefaultPosition, wxDefaultSize, 0, _T("ID_STATICTEXT3")); | |||
wxFont StaticText3Font(10,wxFONTFAMILY_SWISS,wxFONTSTYLE_NORMAL,wxFONTWEIGHT_BOLD,true,_T("Arial"),wxFONTENCODING_DEFAULT); | |||
StaticText3->SetFont(StaticText3Font); | |||
FlexGridSizer9->Add(StaticText3, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer8->Add(FlexGridSizer9, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer3 = new wxFlexGridSizer(0, 1, 0, 0); | |||
StaticText1 = new wxStaticText(this, ID_STATICTEXT1, _("\n The full range of SNFServer features are provided by the plugin.\n All of these can be configured in the MDaemon/SNF/snfmdplugin.xml file.\n\n HOWEVER, some of the default settings are required in order\n for the plugin to work properly with MDaemon.\n\n In particular be careful about modifying <paths/> or <xheaders/>.\n"), wxDefaultPosition, wxDefaultSize, wxSUNKEN_BORDER, _T("ID_STATICTEXT1")); | |||
FlexGridSizer3->Add(StaticText1, 1, wxALL, 10); | |||
FlexGridSizer8->Add(FlexGridSizer3, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 0); | |||
FlexGridSizer1->Add(FlexGridSizer8, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer2 = new wxFlexGridSizer(3, 1, 0, 0); | |||
FlexGridSizer4 = new wxFlexGridSizer(0, 3, 0, 0); | |||
HyperlinkCtrl2 = new wxHyperlinkCtrl(this, ID_HYPERLINKCTRL2, _("Click here to view your configuration file."), wxEmptyString, wxDefaultPosition, wxDefaultSize, wxHL_CONTEXTMENU|wxHL_ALIGN_CENTRE|wxNO_BORDER, _T("ID_HYPERLINKCTRL2")); | |||
FlexGridSizer4->Add(HyperlinkCtrl2, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer2->Add(FlexGridSizer4, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 0); | |||
FlexGridSizer5 = new wxFlexGridSizer(0, 3, 0, 0); | |||
HyperlinkCtrl1 = new wxHyperlinkCtrl(this, ID_HYPERLINKCTRL1, _("Click here for more information."), _("https://www.armresearch.com/Documentation/QA/mdaemon_plugin-238282018.jsp"), wxDefaultPosition, wxDefaultSize, wxHL_CONTEXTMENU|wxHL_ALIGN_CENTRE|wxNO_BORDER, _T("ID_HYPERLINKCTRL1")); | |||
FlexGridSizer5->Add(HyperlinkCtrl1, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer2->Add(FlexGridSizer5, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer1->Add(FlexGridSizer2, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
StdDialogButtonSizer1 = new wxStdDialogButtonSizer(); | |||
StdDialogButtonSizer1->AddButton(new wxButton(this, wxID_OK, wxEmptyString)); | |||
StdDialogButtonSizer1->Realize(); | |||
FlexGridSizer1->Add(StdDialogButtonSizer1, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
FlexGridSizer10 = new wxFlexGridSizer(0, 3, 0, 0); | |||
FlexGridSizer1->Add(FlexGridSizer10, 1, wxALL|wxALIGN_CENTER_HORIZONTAL|wxALIGN_CENTER_VERTICAL, 5); | |||
SetSizer(FlexGridSizer1); | |||
FlexGridSizer1->Fit(this); | |||
FlexGridSizer1->SetSizeHints(this); | |||
Connect(ID_HYPERLINKCTRL2,wxEVT_COMMAND_HYPERLINK,(wxObjectEventFunction)&configdialog::OnHyperlinkCtrl2Click); | |||
Connect(ID_HYPERLINKCTRL1,wxEVT_COMMAND_HYPERLINK,(wxObjectEventFunction)&configdialog::OnHyperlinkCtrl1Click); | |||
//*) | |||
//install_path = utf8_encode(install_pathW); | |||
std::string license_path = install_path + "\\identity.xml"; | |||
if (fileExists(license_path)) { | |||
std::ifstream identity; // Grab the input file. | |||
identity.open(license_path.c_str(), // Open it in binary mode | |||
std::ios::in | std::ios::binary); // to avoid corruption issues. | |||
std::string line; | |||
std::string license_tag = "licenseid=\'"; | |||
while (getline(identity, line)) // read in line | |||
{ | |||
std::size_t found = line.find(license_tag); | |||
if (found!=std::string::npos){ | |||
std::cout << "first 'needle' found at: " << found << '\n'; | |||
StaticText3->SetLabel("License ID: " + line.substr(found+11, 8)); | |||
} | |||
} | |||
} | |||
} | |||
configdialog::~configdialog() | |||
{ | |||
//(*Destroy(configdialog) | |||
//*) | |||
} | |||
void configdialog::OnHyperlinkCtrl1Click(wxCommandEvent& event) | |||
{ | |||
wxLaunchDefaultBrowser("https://www.armresearch.com/Documentation/QA/mdaemon_plugin-238282018.jsp"); | |||
} | |||
void configdialog::OnHyperlinkCtrl2Click(wxCommandEvent& event) | |||
{ | |||
wxLaunchDefaultApplication(install_path + "\\snfmdplugin.xml"); | |||
} |
@@ -0,0 +1,58 @@ | |||
#ifndef CONFIGDIALOG_H | |||
#define CONFIGDIALOG_H | |||
#include <string> | |||
#include <fstream> | |||
#include <iostream> | |||
#include <stdlib.h> | |||
//(*Headers(configdialog) | |||
#include <wx/dialog.h> | |||
#include <wx/hyperlink.h> | |||
#include <wx/sizer.h> | |||
#include <wx/statbmp.h> | |||
#include <wx/stattext.h> | |||
//*) | |||
class configdialog: public wxDialog | |||
{ | |||
public: | |||
configdialog(wxWindow* parent,wxWindowID id=wxID_ANY); | |||
virtual ~configdialog(); | |||
//(*Declarations(configdialog) | |||
wxHyperlinkCtrl* HyperlinkCtrl1; | |||
wxHyperlinkCtrl* HyperlinkCtrl2; | |||
wxStaticBitmap* StaticBitmap1; | |||
wxStaticText* StaticText1; | |||
wxStaticText* StaticText2; | |||
wxStaticText* StaticText3; | |||
//*) | |||
protected: | |||
//(*Identifiers(configdialog) | |||
static const long ID_STATICBITMAP1; | |||
static const long ID_STATICTEXT2; | |||
static const long ID_STATICTEXT3; | |||
static const long ID_STATICTEXT1; | |||
static const long ID_HYPERLINKCTRL2; | |||
static const long ID_HYPERLINKCTRL1; | |||
//*) | |||
private: | |||
std::string install_path; | |||
//(*Handlers(configdialog) | |||
std::string utf8_encode(const std::wstring &wstr); | |||
void OnQuit(wxCommandEvent& event); | |||
void OnHyperlinkCtrl1Click(wxCommandEvent& event); | |||
void OnHyperlinkCtrl2Click(wxCommandEvent& event); | |||
//*) | |||
DECLARE_EVENT_TABLE() | |||
}; | |||
#endif |
@@ -0,0 +1,26 @@ | |||
#include "dialogapp.h" | |||
//(*AppHeaders | |||
#include "configdialog.h" | |||
#include <wx/image.h> | |||
//*) | |||
IMPLEMENT_APP_NO_MAIN(dialogapp); | |||
bool dialogapp::OnInit() | |||
{ | |||
//(*AppInitialize | |||
bool wxsOK = true; | |||
wxInitAllImageHandlers(); | |||
if ( wxsOK ) | |||
{ | |||
configdialog Dlg(0); | |||
SetTopWindow(&Dlg); | |||
Dlg.ShowModal(); | |||
wxsOK = false; | |||
} | |||
//*) | |||
return wxsOK; | |||
} | |||
@@ -0,0 +1,14 @@ | |||
#ifndef DIALOGAPP_H | |||
#define DIALOGAPP_H | |||
#include <wx/app.h> | |||
class dialogapp : public wxApp | |||
{ | |||
public: | |||
virtual bool OnInit(); | |||
}; | |||
//wxDECLARE_APP(dialogapp); | |||
#endif |
@@ -0,0 +1,6 @@ | |||
EXPORTS | |||
ConfigFunc@4 @1 | |||
MessageFunc@8 @2 | |||
MessageIPFunc@8 @3 | |||
Shutdown@4 @4 | |||
Startup@4 @5 |
@@ -0,0 +1,496 @@ | |||
// main.cpp | |||
// SNF MDaemon Plugin | |||
// Copyright (C) 2007-2008, ARM Research Labs, LLC. | |||
#include <tchar.h> | |||
#include <winerror.h> | |||
#include <wx/app.h> | |||
#include <wx/window.h> | |||
#include <wx/dialog.h> | |||
#include <wx/toplevel.h> | |||
#include "dialogapp.h" | |||
#include "configdialog.h" | |||
#include <winsock2.h> | |||
#include <windows.h> | |||
#include "mdconfiguration.hpp" | |||
#include "SNFMulti/SNFMulti.hpp" | |||
#ifndef _UNICODE | |||
#define _UNICODE | |||
#endif | |||
#ifndef UNICODE | |||
#define UNICODE | |||
#endif | |||
//IMPLEMENT_APP_NO_MAIN(dialogapp); | |||
//IMPLEMENT_WX_THEME_SUPPORT; | |||
//////////////////////////////////////////////////////////////////////////////// | |||
// Constants And Tweaks | |||
//////////////////////////////////////////////////////////////////////////////// | |||
const int MDPLUGIN_MSG = 22000; | |||
const int MDPLUGIN_DISPLAY = 22001; | |||
const char* PLUGIN_VERSION_INFO = "SNF MDaemon Plugin Version 4.0 Build: " __DATE__ " " __TIME__; | |||
BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { // Thread attach/detach functions. | |||
switch (fdwReason) { // Switch on the reason for the call. | |||
case DLL_PROCESS_ATTACH: | |||
{ // Attach to process. | |||
/*** Startup function moved to API ***/ | |||
} // We will assume it worked. | |||
break; | |||
case DLL_PROCESS_DETACH: // Detach from process. | |||
/*** Shutdown function moved to API ***/ | |||
return true; // We will assume that worked. | |||
break; | |||
case DLL_THREAD_ATTACH: // Attach to thread | |||
break; // Just be happy. | |||
case DLL_THREAD_DETACH: // Detach from thread | |||
break; // Just be happy. | |||
} | |||
return TRUE; // Be happy by default. | |||
} | |||
//////////////////////////////////////////////////////////////////////////////// | |||
// SNF MDaemon Plugin Engine Code | |||
//////////////////////////////////////////////////////////////////////////////// | |||
// Handy Debug Functions. This is how we can display critical events on screen | |||
// and emit entries into the MDaemon logs. | |||
HWND LatestParent = 0; // Handle MDaemon log operations. | |||
void sayToScreen(const string StuffToSay) { // Display a modal system message. | |||
MessageBox ( // Use a message box. | |||
GetFocus(), // Take the user's focus. | |||
(LPCWSTR) StuffToSay.c_str(), // This is what to say. | |||
(LPCWSTR) _T("Message Sniffer Plug-In"), // This is how to title the box. | |||
MB_OK|MB_SYSTEMMODAL ); // This makes it modal with a button. | |||
} | |||
void sayToLog(const string Msg) { // Emit message into MDaemon log. | |||
if(0 != LatestParent) { // If we have a handle: | |||
COPYDATASTRUCT Packet; // Create a packet for the log. | |||
Packet.dwData = MDPLUGIN_DISPLAY; | |||
Packet.cbData = Msg.length(); | |||
Packet.lpData = reinterpret_cast<void*>( | |||
const_cast<char*>(Msg.c_str())); | |||
SendMessage(LatestParent, MDPLUGIN_MSG, MDPLUGIN_DISPLAY, // Send the packet. | |||
(LPARAM)(PCOPYDATASTRUCT)&Packet); | |||
} | |||
} | |||
// The configuration file path is theoretically in a fixed location based on | |||
// the installation directory of MDaemon. We read the installation directory | |||
// from the registry and derive the path from that. If we get what we want | |||
// then we return the full path to the SNFMDPlugin.xml file - which is derived | |||
// from snf_engine.xml. If we don't get what we want then we return nothing. | |||
string ConfigurationFilePath() { // Get the config file path. | |||
std::wstring install_pathW; | |||
HKEY hKey; | |||
WCHAR szBuffer[512]; | |||
DWORD dwBufferSize = sizeof(szBuffer); | |||
std::wstring regValue = L""; | |||
if (ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Alt-N Technologies\\MDaemon", 0, KEY_READ, &hKey)){ | |||
if(ERROR_SUCCESS == RegQueryValueEx(hKey, (LPCWSTR) L"AppPath", NULL, NULL, (LPBYTE) &szBuffer, &dwBufferSize)){ | |||
RegCloseKey(hKey); | |||
regValue = std::wstring(szBuffer); | |||
std::wstring termCheck; | |||
for(auto val: regValue){ | |||
if(val != L'\0'){ | |||
termCheck += val; | |||
} | |||
} | |||
if(termCheck.size() == 512){ | |||
regValue = L""; // RegValue wasn't null terminated | |||
} | |||
else{ | |||
int PathEnd = regValue.length(); // Grab the length. | |||
if(PathEnd > 0) { regValue.erase(PathEnd-1,1); } // Eat the stroke at the end. | |||
PathEnd = regValue.find_last_of(L"\\"); // Find the next stroke in. | |||
int PathLength = regValue.length(); // Grab the path length. | |||
int EraseSpan = PathLength - (PathEnd+1); // Calculate the amount to erase. | |||
regValue.erase(PathEnd+1,EraseSpan); // Erase it to get the root path. | |||
regValue.append(L"SNF\\snfmdplugin.xml"); | |||
} | |||
} | |||
} | |||
//convert wstring to utf8 | |||
size_t buffer_size = WideCharToMultiByte(CP_UTF8, 0, ®Value[0], (int)regValue.size(), NULL, 0, NULL, NULL); | |||
std::string strFilePath(buffer_size, '\0'); | |||
WideCharToMultiByte(CP_UTF8, 0, ®Value[0], (int)regValue.size(), &strFilePath[0], buffer_size, NULL, NULL); | |||
// Return either the empty string or the configuration file path. | |||
return strFilePath; // Return what we have. | |||
} | |||
// Here are out engine components, startup, and shutdown logic. The actual | |||
// engine components are built as the DLL is loaded. They are "lit up" by the | |||
// startup() function - which is called when an application attaches to this | |||
// DLL; and they are closed down when an application detaches from this DLL. | |||
// 20080311 _M Added configuration interpreter for <platform/> and linked it | |||
// to the ConfigFunc() and MessageIPFunc() functions. | |||
volatile bool EngineIsGood = false; // True when things are ready to go. | |||
snf_RulebaseHandler* Rulebase = 0; // Our Rulebase Handler. | |||
snf_EngineHandler* ScanEngine = 0; // Our Scan Engine. | |||
int Generation = -1; // Configuration generation tag. | |||
string Configuration; // Configuration file path. | |||
MDConfiguration* PlatformConfig = 0; // Platform config interpreter. | |||
extern "C" __declspec(dllexport)void _stdcall StartupFunc(HWND Parent){ // How to get all this started. | |||
LatestParent = Parent; | |||
EngineIsGood = false; // Start off pessimistically. | |||
try { // Be sure to catch any exceptions. | |||
Rulebase = new snf_RulebaseHandler(); // Create our rulebase handler. | |||
ScanEngine = new snf_EngineHandler(); // Create our engine scanner. | |||
Configuration = ConfigurationFilePath(); // Get the configuration path. | |||
PlatformConfig = new MDConfiguration(*Rulebase, Configuration); // Set up our configuration monitor. | |||
Rulebase->open(Configuration.c_str(), "", ""); // Open a configured rulebase. | |||
Rulebase->PlatformVersion(PLUGIN_VERSION_INFO); // Set the Platform version string. | |||
ScanEngine->open(Rulebase); // Open the scanning engine. | |||
EngineIsGood = true; // If all went well, we're up! | |||
sayToLog(Rulebase->EngineVersion()); // version info to show we're ok. | |||
sayToLog(Rulebase->PlatformVersion()); // Log our platform and engine | |||
string ConfigInfo = "SNF Config: "; // Build a configuration info | |||
ConfigInfo.append(Configuration); // message and display that | |||
sayToLog(ConfigInfo); // too. | |||
} | |||
catch(snf_RulebaseHandler::ConfigurationError) { // Can't work with config file! | |||
string ErrorMessage = "Unable to Configure with: "; // Tell them about it and give | |||
ErrorMessage.append(Configuration); // them a hint where we looked. | |||
sayToScreen(ErrorMessage); | |||
} | |||
catch(snf_RulebaseHandler::FileError) { // Can't load the rulebase file! | |||
string ErrorMessage = "Unable to Load Rulebase in: "; // Tell them about it and give | |||
ErrorMessage.append(Configuration); // them a hint where we looked. | |||
sayToScreen(ErrorMessage); | |||
} | |||
catch(snf_RulebaseHandler::AllocationError) { // Can't allocate memory! | |||
sayToScreen("Unable to Allocate Enough Memory!"); // Tell them about it. | |||
} | |||
catch(snf_RulebaseHandler::IgnoreListError) { // Can't load ignore list! | |||
sayToScreen("Unable to Load Ingore List!"); // Tell them about it. | |||
} | |||
catch(snf_RulebaseHandler::AuthenticationError) { // Can't authenticate! | |||
sayToScreen("Unable to Authenticate Rulebase!"); // Tell them about it. | |||
} | |||
catch(snf_RulebaseHandler::Busy) { // Busy?!! That's weird. | |||
sayToScreen("Busy Exception?!!"); // Tell them about it. | |||
} | |||
catch(snf_RulebaseHandler::Panic) { // Panic?!! That's weird. | |||
sayToScreen("Panic Exception?!!"); // Tell them about it. | |||
} | |||
catch(exception& e) { // Some other runtime error? | |||
sayToScreen(e.what()); // Tell them what it was. | |||
} | |||
catch(...) { // Catch the unknown exception. | |||
sayToScreen("Unexpected Exception!"); // Tell them things didn't work. | |||
} | |||
return; // All done. | |||
} | |||
/****** THE FOLLOWING IS DEFUNCT, BUT USEFUL INFO SO WE KEEP IT! ******/ | |||
/**** *Note: Why do we always return true even when we fail??? | |||
***** Because, in a DLL that is being loaded, none of the threads that | |||
***** get created in the rulebase object will get any cycles until the | |||
***** DLL load sequence is complete _AND_SUCCESSFUL_! | |||
***** | |||
***** The same is true when we return false -- because then the OS KNOWS | |||
***** that it's not safe to run any of the threads we've created. | |||
***** | |||
***** As a result, if we try to destroy our rulebase manager after an | |||
***** unsuccessful load then all of the stop() calls to our threads will | |||
***** block waiting for the initialized threads to see their stop bits and | |||
***** end. Since none of these threads actually get any love until the | |||
***** DLL is successfully loaded, we end up waiting happily for ever! | |||
***** | |||
***** Instead of stepping into this world of hurt, we've decided to leave | |||
***** the internal flag set to indicate that the engine is Not-Good so that | |||
***** the scanning functions remain inert, and then we wait patiently for | |||
***** the DLL to be unloaded. | |||
***** | |||
***** When that happens, since the OS KNOWS the DLL was loaded happily | |||
***** before, the objects can go through their normal destruction without | |||
***** deadlocking on their stop() functions (join()). | |||
****/ | |||
extern "C" __declspec(dllexport)void _stdcall ShutdownFunc(HWND Parent){ // How to get all this stopped. | |||
LatestParent = Parent; | |||
if(EngineIsGood) { // If the engine is good: | |||
try { | |||
EngineIsGood = false; // Stop using the engine now. | |||
LatestParent = 0; // No more logging calls. | |||
if(ScanEngine) { // Close the scanner if it exists: | |||
ScanEngine->close(); // Close it. | |||
delete ScanEngine; // Delete it. | |||
ScanEngine = 0; // Forget it. | |||
} | |||
if(Rulebase) { // Close the rulebase if it exists. | |||
Rulebase->close(); // Close it. | |||
delete Rulebase; // Delete it. | |||
Rulebase = 0; // Forget it. | |||
} | |||
if(PlatformConfig) { // Drop the PlatformConfig if it be. | |||
delete PlatformConfig; // Delete it. | |||
PlatformConfig = 0; // Forget it. | |||
} | |||
Generation = -1; // Reset our config gen tag. | |||
sayToLog("SNF: Plugin Shutdown."); // Tell them we're shut down. | |||
} | |||
catch(exception& e) { // If we have a runtime exception | |||
string InShutdown = "SNF, Shutdown: "; // make a human friendly message | |||
InShutdown.append(e.what()); // and package the exception for | |||
sayToScreen(InShutdown); // a screen pop-up. | |||
} | |||
catch(...) { // If we see some other kind of | |||
sayToScreen("SNF, Shutdown: Unknown Exception"); // exception then show that. | |||
} | |||
} | |||
return; // All done. | |||
} | |||
// Now we get to the business end of the plugin. Three functions are exported. | |||
// ConfigFunc() launches an editor for the configuration file. | |||
// 20080311 _M Adjusted ConfigFunc to use Platform Configuration Parameters. | |||
//DLL_EXPORT void __stdcall ConfigFunc(HWND Parent) { // Configuration function. | |||
extern "C" __declspec(dllexport)void _stdcall ConfigFunc(HWND Parent) { | |||
// Initialize application. | |||
wxApp::SetInstance(new dialogapp()); | |||
wxEntryStart(0, NULL); | |||
wxTheApp->CallOnInit(); | |||
wxTheApp->OnRun(); | |||
wxTheApp->OnExit(); | |||
wxEntryCleanup(); | |||
} | |||
// MessageFunc() scans a message file and injects headers. | |||
extern "C" __declspec(dllexport)void _stdcall PostMessageFunc(HWND Parent, const char* File){ // Message Scan Function. | |||
LatestParent = Parent; // Capture the parent for logging. | |||
string LogMessage = "SNF MessageScan: "; // Start a plugin log entry. | |||
LogMessage.append(File); // add the file name. | |||
if(false == EngineIsGood) { // If the engine is not up then | |||
LogMessage.append(", Engine Not Ready!"); // report that in the plug-in log. | |||
sayToLog(LogMessage); // Post our entry to the plug-in log. | |||
return; // We're done. | |||
} | |||
// We are ready to begin our scan. | |||
int ResultCode = 0; // Keep track of the scan result. | |||
try { // Be sure to catch any exceptions. | |||
ResultCode = ScanEngine->scanMessageFile(File); | |||
} | |||
catch(snf_EngineHandler::FileError& e) { // Exception when a file won't open. | |||
LogMessage.append(", File Error!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::XHDRError& e) { // Exception when XHDR Inject/File fails. | |||
LogMessage.append(", X-Header Error!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::BadMatrix& e) { // Exception out of bounds of matrix. | |||
LogMessage.append(", Bad Matrix!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::MaxEvals& e) { // Exception too many evaluators. | |||
LogMessage.append(", Too Many Evaluators!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::AllocationError& e) { // Exception when we can't allocate something. | |||
LogMessage.append(", Allocation Error!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::Busy& e) { // Exception when there is a collision. | |||
LogMessage.append(", Engine Busy!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(snf_EngineHandler::Panic& e) { // Exception when something else happens. | |||
LogMessage.append(", Engine Panic!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(exception& e) { // Some unexpected exception. | |||
LogMessage.append(", Unexpected Exception!"); | |||
sayToLog(LogMessage); | |||
string DebugData = "SNF Debug: "; | |||
DebugData.append(e.what()); | |||
sayToLog(DebugData); | |||
return; | |||
} | |||
catch(...) { // We should never get one of these, but | |||
LogMessage.append(", Non-Std Exception!"); // if we do we have something to say. | |||
sayToLog(LogMessage); | |||
return; | |||
} | |||
// At this point we know our scan worked ok. So, let's post the result. | |||
ostringstream O; // A stringstream makes it easy to | |||
O << LogMessage << ", Result=" << ResultCode; // format our plug-in log entry. | |||
sayToLog(O.str()); // Then we post it to the plug-in log. | |||
} | |||
// ControlFilePath(MessageFilePath) Converts .msg path to .ctl path. | |||
string ControlFilePath(string MessageFilePath) { // Convert .msg/.tmp to .ctl path. | |||
const string ControlFileExt(".ctl"); // Control file extension. | |||
const string EmptyString(""); // The empty string. | |||
string ControlFilePath(MessageFilePath); // Start with the message path. | |||
string::size_type CFExtPosition = ControlFilePath.find_last_of('.'); // Find the extension. | |||
if(string::npos == CFExtPosition) return EmptyString; // If we didn't find it return "" | |||
ControlFilePath.replace( // Replace the message file | |||
CFExtPosition, ControlFileExt.length(), // extension with the control | |||
ControlFileExt // file extension. | |||
); | |||
return ControlFilePath; | |||
} | |||
// MessageIPFunc() looks at the control file for a message, extracts the | |||
// source IP, and deletes the message if the IP is in the truncate range. | |||
extern "C" __declspec(dllexport) void _stdcall SMTPMessageFunc(HWND Parent, const char* File){ // IP Scan Function. | |||
//LatestParent = Parent; // Capture the parent for logging. | |||
if(false == PlatformConfig->MessageIPFuncOn()) { // If the IP func is off: | |||
return; // We're done. | |||
} | |||
string LogMessage = "SNF IPScan: "; // Start a plugin log entry. | |||
LogMessage.append(File); // add the file name. | |||
if(false == EngineIsGood) { // If the engine is not up then | |||
LogMessage.append(", Engine Not Ready!"); // report that in the plug-in log. | |||
sayToLog(LogMessage); // Post our entry to the plug-in log. | |||
return; // We're done. | |||
} | |||
// Open the control file and find the RemoteIP | |||
const string CtlRemoteIP("RemoteIP="); // This is what we're looking for. | |||
string RemoteIP = ""; // This is where it will go. | |||
try { // Do this safely. | |||
ifstream ControlFile(ControlFilePath(File).c_str()); // Open the control file. | |||
while(ControlFile) { // While the file is good... | |||
string Line; // Read one line at a time | |||
getline(ControlFile, Line); // into a string. | |||
string::size_type TagPos = Line.find(CtlRemoteIP); // Look for the RemoteIP tag. | |||
if(string::npos != TagPos) { // If we find the RemoteIP tag: | |||
RemoteIP = Line.substr(TagPos + CtlRemoteIP.length()); // Get the string after the tag | |||
break; // We're done with the ctl file! | |||
} | |||
} | |||
ControlFile.close(); // Be nice and close our file. | |||
} | |||
catch(...) {} // Eat any exceptions. | |||
if(0 == RemoteIP.length()) { // If we didn't get the IP then | |||
LogMessage.append(", Didn't Get Remote IP!"); // make that the rest of our log | |||
sayToLog(LogMessage); // entry and post it. | |||
return; // We're done. | |||
} | |||
// At this point we have the remote IP to check. | |||
LogMessage.append(", "); LogMessage.append(RemoteIP); // Add the IP to the log entry. | |||
IPTestRecord IPAnalysis(RemoteIP); // Set up a test record. | |||
try { // Safely, | |||
Rulebase->performIPTest(IPAnalysis); // check the IP w/ GBUdb. | |||
} | |||
catch(...) { // If we encountered a problem | |||
LogMessage.append(", Analysis Failed!"); // then we need to report that | |||
sayToLog(LogMessage); // our analysis failed. | |||
return; // We're done. | |||
} | |||
// At this point we've got a good analysis, so we take action (if needed) | |||
// and produce a helpful log entry. | |||
ostringstream Happy; // A stringstream for easy formatting. | |||
Happy << LogMessage << ", {"; // Start the analysis report. | |||
switch(IPAnalysis.G.Flag()) { // Identify the flag data for this IP. | |||
case Good: Happy << "Good, "; break; | |||
case Bad: Happy << "Bad, "; break; | |||
case Ugly: Happy << "Ugly, "; break; | |||
case Ignore: Happy << "Ignore, "; break; | |||
} | |||
Happy << "p=" << IPAnalysis.G.Probability() << ", " // Probability and Confidence. | |||
<< "c=" << IPAnalysis.G.Confidence() << ", "; | |||
switch(IPAnalysis.R) { // The Range analysis. | |||
case snfIPRange::Unknown: { Happy << " Unknown}"; break; } // Unknown - not defined. | |||
case snfIPRange::White: { Happy << " White}"; break; } // This is a good guy. | |||
case snfIPRange::Normal: { Happy << " Normal}"; break; } // Benefit of the doubt. | |||
case snfIPRange::New: { Happy << " New}"; break; } // It is new to us. | |||
case snfIPRange::Caution: { Happy << " Caution}"; break; } // This is suspicious. | |||
case snfIPRange::Black: { Happy << " Black}"; break; } // This is bad. | |||
case snfIPRange::Truncate: { Happy << " Truncate}"; break; } // This is bad unless we ignore it. | |||
} | |||
string WhatWeDid; // So, what do we do? | |||
if( // Are we in Truncate land? | |||
(snfIPRange::Truncate == IPAnalysis.R && Ugly == IPAnalysis.G.Flag()) || // If the IP is Truncate & Ugly, or | |||
Bad == IPAnalysis.G.Flag() // If the IP is just plain bad then | |||
) { // we are in truncate land so we | |||
Happy << " Rejected!"; WhatWeDid = "Rejected"; // mark the message Rejected! and | |||
remove(File); // remove the file to reject it! | |||
} else { // If we are not rejecting the | |||
Happy << " Allowed."; WhatWeDid = "Allowed"; // message tell them it's allowed. | |||
} | |||
Rulebase->logThisIPTest(IPAnalysis, WhatWeDid); // Log the event. | |||
sayToLog(Happy.str()); // Post to the plug-in log. | |||
} |
@@ -0,0 +1,19 @@ | |||
MICRONEILLIBS = -LC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLLx32\SNFMulti -lSNFMulti -LC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLLx32\CodeDweller -lCodedweller | |||
MICROINC = -IC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLLx32\SNFMulti -IC:\Users\Dylan\Documents\Microneil\MDaemon\SNFMDaemon\SNFMDaemonDLLx32\CodeDweller | |||
WXLIBS = -LC:\wxWidgets-3.0.4x32\lib\gcc_lib -lwxmsw30u_richtext -lwxmsw30u_xrc -lwxmsw30u_aui -lwxmsw30u_media -lwxbase30u_net -lwxmsw30u_gl -lwxbase30u_xml -lwxmsw30u_adv -lwxmsw30u_html -lwxmsw30u_core -lwxbase30u -lwxpng -lwxjpeg -lwxtiff -lwxzlib -lwxregexu -lwxexpat -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 -lshell32 -lole32 -loleaut32 -luuid -lcomctl32 -lwsock32 -lodbc32 | |||
WXINC = -IC:\wxWidgets-3.0.4x32\include -IC:\wxWidgets-3.0.4x32\lib\gcc_lib\mswu | |||
WXFLAGS = -D__GNUWIN32__ -D__WXMSW__ -DWXUSINGDLL -DwxUSE_UNICODE | |||
WX32LIBS = -LC:\MinGW\lib | |||
resource: | |||
windres.exe ${WXINC} -J rc -O coff -i C:\Users\Dylan\DOCUME~1\MICRON~1\SPWXDI~2\resource.rc -o resource.res | |||
g++.exe -LC:\wxWidgets-3.0.4x32\lib\gcc_lib -LC:\wxWidgets-3.0.4\lib\gcc_dll64 -o bin\Release\Testing.exe obj\Release\TestingApp.o obj\Release\TestingMain.o obj\Release\resource.res -s -m32 -mthreads -lwxmsw30u_richtext -lwxmsw30u_xrc -lwxmsw30u_aui -lwxmsw30u_media -lwxbase30u_net -lwxmsw30u_gl -lwxbase30u_xml -lwxmsw30u_adv -lwxmsw30u_html -lwxmsw30u_core -lwxbase30u -lwxpng -lwxjpeg -lwxtiff -lwxzlib -lwxregexu -lwxexpat -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 -lshell32 -lole32 -loleaut32 -luuid -lcomctl32 -lwsock32 -lodbc32 -mwindows | |||
wx: | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DDEBUG -DUNICODE -D_UNICODE ${WXFLAGS} -Wall -O2 ${WXINC} -c configdialog.cpp -o configdialog.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DDEBUG -DUNICODE -D_UNICODE ${WXFLAGS} -Wall -O2 ${WXINC} -c dialogapp.cpp -o dialogapp.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DDEBUG -DUNICODE -D_UNICODE -Wall -O2 ${MICRONEILLIBS} ${MICROINC} -c mdconfiguration.cpp -o mdconfiguration.o | |||
g++.exe -pipe -std=gnu++11 -mthreads -g -DDEBUG -DUNICODE -D_UNICODE -Wall -O2 ${MICRONEILLIBS} ${MICROINC} ${WXINC} -c main.cpp -o main.o | |||
g++.exe -std=gnu++11 -Wall -DDEBUG -DUNICODE -D_UNICODE -g -shared -static-libgcc -static-libstdc++ -o bin\snfmdplugin32.dll main.o mdconfiguration.o configdialog.o dialogapp.o ${MICROINC} ${MICRONEILLIBS} ${WXINC} ${WX32LIBS} -LC:\MinGW\lib\gcc\mingw32\6.3.0\ -lstdc++ -lws2_32 -s -mwindows ${WXLIBS} | |||
@@ -0,0 +1,68 @@ | |||
// mdconfiguration.cpp | |||
// SNF MDaemon Plugin: Platform Configuration Module | |||
// Copyright (C) 2007-2008, ARM Research Labs, LLC. | |||
#include "mdconfiguration.hpp" | |||
MDConfiguration::MDConfiguration(snf_RulebaseHandler& R, string& C) : // Default constructor. | |||
MyCFGReader("mdaemon"), // The top element is "mdaemon" | |||
MyGeneration(-1), // Our first real gen will be 0. | |||
MyMessageIPFuncOn(true), // By default the IP func is on. | |||
MyConfiguratorCommand("start notepad"), // By default we start notepad to | |||
MyAppendConfigurationFileOn(true), // edit our config and pass it the path. | |||
MyConfigurationPath(C), // This is the config file path. | |||
MyRulebase(R) { // This is the rulebase manager. | |||
// Here we construct the configuration elements that will parse the platform | |||
// configuration data from our rulebase manager. | |||
MyCFGReader | |||
.Element("ip-test") | |||
.Attribute("on-off", MyMessageIPFuncOn, false) | |||
.End("ip-test") | |||
.Element("configurator") | |||
.Attribute("command", MyConfiguratorCommand, "") | |||
.Attribute("append-path", MyAppendConfigurationFileOn, true) | |||
.End("configurator") | |||
.End("mdaemon"); | |||
} | |||
int MDConfiguration::Generation() { // When checking our generation we | |||
return MyGeneration; // need only return what we have. | |||
} | |||
bool MDConfiguration::MessageIPFuncOn() { // Are we using the MessageIP function? | |||
ScopeMutex EverybodyFreeze(MyMutex); // Freeze the mutex. | |||
updateConfig(); // Update the configuration if needed. | |||
return MyMessageIPFuncOn; // Return the IP Func On/Off value. | |||
} | |||
string MDConfiguration::ConfiguratorCommand() { // Return proper configurator command. | |||
ScopeMutex EverybodyFreeze(MyMutex); // Freeze the mutex. | |||
updateConfig(); // Update the configuration. | |||
string ConfiguratorCommandString = ""; // Keep this in scope. | |||
if(0 < MyConfiguratorCommand.length()) { // If we have a command configured: | |||
ConfiguratorCommandString = MyConfiguratorCommand; // capture that command. | |||
if(MyAppendConfigurationFileOn) { // If we are supposed to append the | |||
ConfiguratorCommandString.append(" "); // configuration file path then | |||
ConfiguratorCommandString.append(MyConfigurationPath); // tack that on the end. | |||
} // If the configure command string was | |||
} // configured empty we will return "". | |||
return ConfiguratorCommandString; // Send back what we got. | |||
} | |||
void MDConfiguration::updateConfig() { // Parse & update the config if needed. | |||
if(MyGeneration != MyRulebase.Generation()) { // If our config is out of sync: | |||
try { // Catch any parsing errors. | |||
string NewConfiguration = MyRulebase.PlatformConfiguration(); // Grab the configuration string. | |||
ConfigurationData MyConfigData( // Load the configuration string | |||
NewConfiguration.c_str(), NewConfiguration.length()); // into a configuration data object. | |||
MyCFGReader.initialize(); // Initialize the parser and | |||
MyCFGReader.interpret(MyConfigData); // feed it the object. | |||
MyGeneration = MyRulebase.Generation(); // Grab the new generation tag. | |||
} | |||
catch(...) { } // Eat any thrown exceptions. | |||
} // If we're in sync we don't budge. | |||
} | |||
@@ -0,0 +1,50 @@ | |||
// mdconfiguration.hpp | |||
// SNF MDaemon Plugin: Platform Configuration Module | |||
// Copyright (C) 2007-2008, ARM Research Labs, LLC. | |||
// This module handles the platform specific configuration for the MDaemon | |||
// plugin. The rulebase is passed to the object when constructed. Each call to | |||
// get a parameter from the object causes a quick check to the generation data. | |||
// If the generation is still valid then the data is provided as is. If not then | |||
// the configuration is updated before it is returned. All of this is protected | |||
// by a mutex. | |||
#ifndef included_mdconfiguration_hpp | |||
#define included_mdconfiguration_hpp | |||
#include <winsock2.h> | |||
#include <windows.h> | |||
#include "SNFMulti/SNFMulti.hpp" | |||
#include "CodeDweller/configuration.hpp" | |||
#include "CodeDweller/threading.hpp" | |||
class MDConfiguration { | |||
private: | |||
Mutex MyMutex; // Protects configuration. | |||
ConfigurationElement MyCFGReader; // This is how we read our cfg data. | |||
string& MyConfigurationPath; // Configuration file path. | |||
snf_RulebaseHandler& MyRulebase; // Rulebase manager at startup. | |||
volatile int MyGeneration; // Numeric Generation Tag. | |||
bool MyMessageIPFuncOn; // Message IP test on/off switch. | |||
string MyConfiguratorCommand; // Config editor command string. | |||
bool MyAppendConfigurationFileOn; // Append config file path to command? | |||
void updateConfig(); // Update config if needed. | |||
public: | |||
MDConfiguration(snf_RulebaseHandler& R, string& C); // Default constructor. | |||
int Generation(); // Numeric generation tag. | |||
bool MessageIPFuncOn(); // Message IP test on/off switch. | |||
string ConfiguratorCommand(); // Configure function command string. | |||
}; | |||
#endif | |||
@@ -0,0 +1,61 @@ | |||
https://wiki.wxwidgets.org/WxWidgets_Build_Configurations | |||
in dir C:\wxWidgets-3.0.4\build\msw | |||
64bit wx build: | |||
mingw32-make -j8 -f makefile.gcc BUILD=release UNICODE=1 SHARED=0 CXXFLAGS="-std=gnu++11" | |||
in dir C:\wxWidgets-3.0.4x32\build\msw | |||
32bit wx compile: | |||
mingw32-make.exe -j8 -f makefile.gcc BUILD=release CPP="gcc -E -D_M_IX86 -m32" LDFLAGS="-m32" CPPFLAGS="-m32" WINDRES="windres --use-temp-file -F pe-i386" UNICODE=1 SHARED=0 CXXFLAGS="-m32 -fno-keep-inline-dllexport -std=gnu++11" | |||
--------------------------------------- | |||
****************** | |||
FIX TIFF ERROR 32/64 bit | |||
****************** | |||
CHANGE: | |||
/* MSVC 14 does have snprintf() and doesn't allow defining it */ | |||
#if !defined(_MSC_VER) || _MSC_VER < 1900 | |||
# define snprintf _snprintf | |||
#endif | |||
to: | |||
/* MSVC 14 does have snprintf() and doesn't allow defining it. Also MinGW32 | |||
starting with GCC 6.3 has changed _snprintf so that it is no longer suitable. | |||
It does have snprintf, so just use it. */ | |||
#if defined (__MINGW32__) && (__GNUC__ > 6 || (__GNUC__ == 6 && __GNUC_MINOR__ > 2)) | |||
/* do nothing*/ | |||
#elif !defined(_MSC_VER) || _MSC_VER < 1900 | |||
# define snprintf _snprintf | |||
#endif | |||
in wx\src\tiff\libtiff\tif_config.h | |||
----------------------------------------- | |||
--------------------------------------- | |||
*************************************** | |||
TO COMPILE CODEDWELLER WITH -std=gnu++11 | |||
*************************************** | |||
add winerror include here in networking.cpp | |||
networking.cpp: | |||
//// Platform Specific Stuff /////////////////////////////////////////////////// | |||
#if defined(WIN32) || defined(WIN64) | |||
#include "winerror.h" // <--- line to add | |||
in /CodeDweller: | |||
g++ -std=gnu++11 -c *.cpp //add -m32 if 32bit | |||
ar rvs libCodedweller.a *.o | |||