Re: [sniffer] Rash of false positives

2005-11-09 Thread Matt
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Wednesday, November 09, 2005 1:47 PM To: sniffer@SortMonster.com Subject: Re: Re[4]: [sniffer] Rash of false positives Arecorrupted rulebase files the culprit? How do you update... and do you run

RE: [sniffer] Rash of false positives

2005-11-09 Thread John Moore
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, November 09, 2005 4:49 PM To: sniffer@SortMonster.com Subject: Re: [sniffer] Rash of false positives John, The mystery heap issue is a memory issue with Windows where it only reserves so much memory for running

Re: [sniffer] Rash of false positives

2005-11-09 Thread Serge
i thought declude.cfg is for V 3.x Am I wrong ?is declude.cfg used with V 2.x ? - Original Message - From: John Moore To: sniffer@SortMonster.com Sent: Wednesday, November 09, 2005 11:12 PM Subject: RE: [sniffer] Rash of false positives Matt, Thank you

Re: [sniffer] Rash of false positives

2005-11-09 Thread Darrell (supp...@invariantsystems.com)
, and Log Parsers. - Original Message - From: Serge To: sniffer@SortMonster.com Sent: Wednesday, November 09, 2005 9:27 PM Subject: Re: [sniffer] Rash of false positives i thought declude.cfg is for V 3.x Am I wrong ?is declude.cfg used with V 2.x

Re: [sniffer] Rash of false positives

2005-11-08 Thread Computer House Support
Dear Darin, Thanks for the heads up. It's going to take me about 45 minutes to check the 9000 messages that were blocked by Sniffer last night, but I'll let you know if we experienced the same thing. Michael SteinComputer House www.computerhouse.com - Original Message -

Re: [sniffer] Rash of false positives

2005-11-08 Thread Darin Cox
: Tuesday, November 08, 2005 9:34 AM Subject: Re: [sniffer] Rash of false positives Dear Darin, Thanks for the heads up. It's going to take me about 45 minutes to check the 9000 messages that were blocked by Sniffer last night, but I'll let you know if we experienced the same thing. Michael

Re: [sniffer] Rash of false positives

2005-11-08 Thread Paul Lushinsky
After reviewing all the blocked messages for the past 2 days on 2 different servers, I found no false positives. Do you happen to have an old rule base from several days again ? If so, try that to see if it temporarily resolves the false positives. -Original Message-From: "Darin Cox"

Re: [sniffer] Rash of false positives

2005-11-08 Thread Darin Cox
. - Original Message - From: Paul Lushinsky To: sniffer@SortMonster.com Sent: Tuesday, November 08, 2005 10:10 AM Subject: Re: [sniffer] Rash of false positives After reviewing all the blocked messages for the past 2 days on 2 different servers, I found no false positives. Do you happen to have

Re: [sniffer] Rash of false positives

2005-11-08 Thread Scott Fisher
onster.com Sent: Tuesday, November 08, 2005 8:54 AM Subject: Re: [sniffer] Rash of false positives We're seeing a continual stream of false positives. It's taking all of our time just to keep up with it at the moment. If something isn't done soon, we're going to have to disable

Re: [sniffer] Rash of false positives

2005-11-08 Thread Darin Cox
developed a feeling that Message Sniffer has become too tight. - Original Message - From: Darin Cox To: sniffer@SortMonster.com Sent: Tuesday, November 08, 2005 8:54 AM Subject: Re: [sniffer] Rash of false positives We're seeing a continual stream of false positives. It's

Re: [sniffer] Rash of false positives

2005-11-08 Thread Darin Cox
Hi Pete, The rash of false positivesseems to have stopped with the last sniffer rulebase update at 10am ET. It had started with a rulebase update at 4:30pm ET yesterday, and continued through the updates at 8:40pm, 12am, 3am, and 6:20am today. I'd still like to know what happened, and how