[sniffer] Re: Rule Panic on 3364665
I have seen one hit, and it looks like a false positive to me. Sent as a sample to the false@ address. Thanks for the heads-up, Darin. Andrew. From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Darin Cox Sent: Tuesday, August 17, 2010 12:11 PM To: Message Sniffer Community Subject: [sniffer] Rule Panic on 3364665 Hi, We've had a lot of FPs on this rule, and wanted to alert everyone on it. Pete, can you look into it? Thanks, Darin.
[sniffer] Re: Rule Panic on 3364665
On 8/17/2010 3:10 PM, Darin Cox wrote: Hi, We've had a lot of FPs on this rule, and wanted to alert everyone on it. Pete, can you look into it? It's already dead. It was a binary rule for an image spam. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Rule Panic on 3364665
We had 231 hits on that rule from 12:15pm to 3:03pm ET. At least 90% of them were FPs. Since there was a broad spectrum of customers and content affected, I'm guessing there was an error or over-generalization in the rule. Darin. - Original Message - From: Colbeck, Andrew To: Message Sniffer Community Sent: Tuesday, August 17, 2010 3:31 PM Subject: [sniffer] Re: Rule Panic on 3364665 I have seen one hit, and it looks like a false positive to me. Sent as a sample to the false@ address. Thanks for the heads-up, Darin. Andrew. From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Darin Cox Sent: Tuesday, August 17, 2010 12:11 PM To: Message Sniffer Community Subject: [sniffer] Rule Panic on 3364665 Hi, We've had a lot of FPs on this rule, and wanted to alert everyone on it. Pete, can you look into it? Thanks, Darin.
[sniffer] Re: Rule Panic on 3364665
Thanks, Pete. Darin. - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Tuesday, August 17, 2010 3:37 PM Subject: [sniffer] Re: Rule Panic on 3364665 On 8/17/2010 3:10 PM, Darin Cox wrote: Hi, We've had a lot of FPs on this rule, and wanted to alert everyone on it. Pete, can you look into it? It's already dead. It was a binary rule for an image spam. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
