Changes in version 18.104.22.168 (October 15th, 2007)
Added a scanning penalty for mixed and lower case commands. Click here.
Connections with invalid characters in the HELO command will now be refused immediately.
Bug fix in excluded addresses not being excluded from tarpitting.
Alligate Distributed Checksum
This version adds an experimental distributed checksum mechanism that generates and collects a SHA1 checksum on the contents of the message. The generated checksum is posted to one of our servers, and a numerical code is returned indicating a real time frequency ratio based on how many times this message has been seen by all Alligate users. This functionality is extremely fast and efficient and should cause no speed degradation. The number returned is added to the scanning score. These numbers are very low, unless the message is indicative of a large spam campaign.
This experimental feature is enabled by default so we can collect checksum data from various installations to fine tune the algorithms to make this test more useful. The danger of a false positive is virtually non-existent. As we collect more data from disparate sources, we can work on the scoring mechanisms to make this an extremely useful "zero-hour" type detection technique.
If for some reason you do not want to participate in this you can manually edit the following registry key:
HKLM\SOFTWARE\SolidOak\Alligate\Settings\CheckSum\Enabled=0 (1=enabled 0=disabled)