Darin Cox
Sent: Tuesday, November 08, 2005 3:03
PM
Subject: Re[4]: [sniffer] Rash of false
positives
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives
, November 09, 2005
11:38 AM
To: sniffer@SortMonster.com
Subject: Re: Re[4]: [sniffer] Rash
of false positives
This morning my server quit sending mail and my tech said the Dr.
Watson error on the server was my Sniffer file...I rebooted and thought it was
OK but quit again..I had a lot of mail
rin Cox
Sent:Tuesday, November 08, 2005 3:03 PM
Subject:Re[4]: [sniffer] Rash of false positives
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time. They suddenly sta
Message -
From: John Moore
To: sniffer@SortMonster.com
Sent: Wednesday, November 09, 2005 12:42 PM
Subject: RE: Re[4]: [sniffer] Rash of false positives
We had this same thing
happen.
It has been happening
more frequently recently and we are looking into disabling sniffer as it seems
is less than 10,000 emails per day.
J
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Darin Cox
Sent: Wednesday, November 09, 2005
1:47 PM
To: sniffer@SortMonster.com
Subject: Re: Re[4]: [sniffer] Rash
of false positives
Arecorrupted
rulebase files the culprit? How
@SortMonster.com
Subject:Re: Re[4]: [sniffer] Rash of false positives
Are corrupted rulebase files the culprit? How do you update... and do you run snf2check on the updates?
Just wondering if the rulebase file is the problem, if the problem occurs during the update, or if you are running into obscure
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On
Behalf Of Darin Cox
Sent: Wednesday,
November 09, 2005
1:47 PM
To: sniffer@SortMonster.com
Subject: Re: Re[4]:
[sniffer] Rash
of false positives
Arecorrupted
rulebase files the culprit? How do you update... and do you run
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matt
Sent: Wednesday, November 09, 2005
4:49 PM
To: sniffer@SortMonster.com
Subject: Re: [sniffer] Rash of
false positives
John,
The mystery heap issue is a memory issue with Windows where it only reserves so
much memory for running
i thought declude.cfg is for V 3.x
Am I wrong ?is declude.cfg used with V 2.x
?
- Original Message -
From:
John Moore
To: sniffer@SortMonster.com
Sent: Wednesday, November 09, 2005 11:12
PM
Subject: RE: [sniffer] Rash of false
positives
Matt,
Thank you
, and
Log Parsers.
- Original Message -
From:
Serge
To: sniffer@SortMonster.com
Sent: Wednesday, November 09, 2005 9:27
PM
Subject: Re: [sniffer] Rash of false
positives
i thought declude.cfg is for V 3.x
Am I wrong ?is declude.cfg used with V 2.x
Hi Pete,
What's going on over there? We had somewhere
between 5 and 10 times the usual number of Sniffer false positives this
morning. They are across the board, so it's not just one rule that's
catching them, or a particular set of senders or receivers.
Hopefully you can get it under
:
Darin Cox
To: sniffer@SortMonster.com
Sent: Tuesday, November 08, 2005 8:45
AM
Subject: [sniffer] Rash of false
positives
Hi Pete,
What's going on over there? We had
somewhere between 5 and 10 times the usual number of Sniffer false positives
this morning
: Tuesday, November 08, 2005 9:34 AM
Subject: Re: [sniffer] Rash of false positives
Dear Darin,
Thanks for the heads up. It's going to take me about
45 minutes to check the 9000 messages that were blocked by Sniffer last night,
but I'll let you know if we experienced the same thing.
Michael
n Cox" [EMAIL PROTECTED]To:
sniffer@SortMonster.comDate: Tue, 8 Nov 2005 08:45:39 -0500
Subject: [sniffer] Rash of false positives
Hi Pete,
What's going on over there? We had
somewhere between 5 and 10 times the usual number of Sniffer false positives
this morning. They are across the boar
.
- Original Message -
From: Paul Lushinsky
To: sniffer@SortMonster.com
Sent: Tuesday, November 08, 2005 10:10 AM
Subject: Re: [sniffer] Rash of false positives
After reviewing all the blocked messages for the past 2 days on 2 different
servers, I found no false positives. Do you happen to have
onster.com
Sent: Tuesday, November 08, 2005 8:54
AM
Subject: Re: [sniffer] Rash of false
positives
We're seeing a continual stream of false
positives. It's taking all of our time just to keep up with it at the
moment. If something isn't done soon, we're going to have to disable
developed a feeling that Message Sniffer has become too tight.
- Original Message -
From: Darin Cox
To: sniffer@SortMonster.com
Sent: Tuesday, November 08, 2005 8:54 AM
Subject: Re: [sniffer] Rash of false positives
We're seeing a continual stream of false positives. It's
we
can avoid it in the future.
Thanks,
Darin.
- Original Message -
From: Darin Cox
To: sniffer@SortMonster.com
Sent: Tuesday, November 08, 2005 8:45 AM
Subject: [sniffer] Rash of false positives
Hi Pete,
What's going on over there? We had somewhere
between 5 and 10 times the usual
On Tuesday, November 8, 2005, 11:02:09 AM, Darin wrote:
Hi Pete,
The rash of false positives seems to have stopped with the last sniffer rulebase update at 10am ET. It had started with a rulebase update at 4:30pm ET yesterday, and continued through the updates at 8:40pm, 12am, 3am, and
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time. They suddenly started at 5pm (shortly after a 4:30pm rulesbase update), and were fairly evenly spread
20 matches
Mail list logo
