Hello Sniffer Folks, Around 2100 yesterday we coded a handful of bad rules. I discovered these early this morning during a review and have removed them. However, there is no doubt that the rules will have caused some false positives through the night.
I have taken steps to get these removed from all of the active rulebases as fast as possible by removing all limits from our rulebase compiler network. That process should be complete in about 4 hours at the outside (starting around 0600 today, so by 1000) EDT. You can eliminate the problem immediately on your system by making rule panic entries in your .cfg file for the following rules: 505505, 505520, 505519, and 505518. You can safely remove these rule-panic entries once you receive your next rulebase update notification. Please keep in mind that a new version of your rulebase file is only available after an update notification. Downloading a copy in between notifications only provides you with a duplicate copy of your previous file. There is no need for you to take any special action, except of course that you may want to implement the rule-panic entries described above if you are experiencing a high rate of false positives. The cause of this particular error has been corrected and due to the way our system learns it cannot be repeated. I am very sorry for the confusion. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html