MessageSniffer seems to have a clogged nose...
Question asked by echoDreamz - 3/30/2020 at 4:03 PM
Unanswered
Is anyone else using sniffer and seeing useless results? We are seeing normal good email from places like reddit, Washington Post, universities, etc. being flagged as spam, while blatantly obvious spam emails are being OK'd right on thru.

I've also been reporting the same basic spam emails to a POP3 collector that they supposedly "review" for 2 years now, the message still comes through almost daily. It seems like MessageSniffer is really mostly garbage. Cyren unfortunately is no better.

13 Replies

Reply to Thread
0
So you say that both MessageSniffer and Cyren Antispam are practically useless?

And what do you think about Cyren Zero-Hour Antivirus?

If so, do you recommend disabling them all (since unfortunately they cost ...) and using something else better? If so, what?

Thanks in advance for your advice!
0
echoDreamz Replied
Same issue with Cyren giving confirmed scores to perfectly normal emails but blatant spam getting through. We use an external av engine, I don’t trust Cyren. 
0
so what do you recommend?

I have read that other users use an EFA appliance in front of SMARTERMAIL ...


What's your choice?
3
Matt Petty Replied
Employee Post
I'd actually give Cyren a re-evaluation. We just updated the Cyren engine which we had been using for years previously, we've noticed much better performance out of Cyren. The most recent update has these changes. No more MailService_Subprocess, it uses ctasd (Cyren's Daemon) now.

Note: The virus engine that Cyren uses specializes in new outbreaks. They don't keep a large db of signatures only recent and trending stuff. I would absolutely make sure you pair Cyren with something else monitoring the spool or ClamAV. 
    Cyren is setup to run after ClamAV, but before the command line if setup, could maybe change that.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
echoDreamz Replied
Matt, we lost most of our eval of Cyren back when we had that stalling/crashing issue a bit back. Will have to wait to retest it when we get another eval period. 
1
Robert Emmett Replied
Employee Post
Chris, I'll have our Sales Department get in contact with you about extending the eval period.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
echoDreamz Replied
Robert, Thanks! Though, we thought the stalling / crashing was related to Cyren, turned out it wasnt, but we had it off for almost half the eval period.
0
echoDreamz Replied
Thanks Robert! Emily was able to get me going on a trial. Activated it and running Cyren alone. So far though, ~2500 messages and all of them have been "unknown", I find it hard to believe that out of 2500 emails, not 1 is confirmed, suspect or even bulk.
0
Dave Hunter Replied
We've been noticing obvious spam emails getting through MessageSniffer recently as well. Normally they don't seem to be an issue but I've been getting them daily now. We're still on 15.7 though.
0
Robert Emmett Replied
Employee Post
We have a theory about what is happening. We have recently moved away from Cyren's deprecated DLLs to their new standalone utility (like ClamAV uses).  If the IP it is using to check against is resolving to localhost or an internal IP it may cause Cyren's utility to report "Unknown".  We are further testing this and should have a solution.  This is related to the Cyren Unknown issue.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
I use both Cyren Antispam and Message Sniffer and both find hundreds of SPAMs a day ...

Not many, something surely passes, but still they stop some SPAM.

But I don't know if they are more or less efficient than other systems, like an EFA appliance.
0
echoDreamz Replied
We are currently testing Rspamd. So far it’s working really well.
0
Hi Chris, thanks for the info.

I'm on the way to choose what to test (the candidates are Rspamd, EFA and ProxMox MailGateway).

I like to test Rspamd first, but any advice is welcome!

Reply to Thread