On Tuesday, October 26, 2004, 7:02:53 PM, Nick wrote: NJ> Do we have a timetable for this new release.... Sorry cant afford NJ> time to beta test!
The current interim version will be republished as the official release tonight. There will be no changes other than re-tagging the build info. NJ> I do get alarmed at the huge .snf file at around 14 meg for my NJ> personal rule base.. Is this optimised in any way or will NJ> continue to grow? This will continue to grow I'm afraid --- though later versions will deal with the file directly at some point. All of the rules that are included in the rulebase file are live patterns that have seen recent activity. The system automatically removes anything below your rule strength threshold so that there are no inert rules in the system. This mechanism is one of the critical things we do with reported log files. Since you have your rulebase set at the most sensitive setting it contains 120242 active heuristics (as of the last recompile - I looked it up). I have plans to deal with growing rulebase sizes in mid-far future versions --- everything from completely automated updates, diffs, peer transfers, compression, and new rulebase formats... but I don't want to talk about vaporware. Suffice to say that as rulebase sizes grow we will adapt technologies to mitigate that growth - as well as things to make the engine faster, more efficient, more accurate, and more flexible. There are lots of plans for all of this. Hope this helps, _M ( SIDE NOTE 1: The inactive portion of the rulebase is as large as the active portion. On our system we compile the entire rulebase to perform "deep scans" on every message we see including all reported spam. This mechanism "wakes up" inactive rules any time the pattern comes back into use. Even when scanning with a quarter million rules on a P3/800 Linux box we get scan times well below 300ms, even some 10ms and 20ms scans. ) ( SIDE NOTE 2: If you use wget to retrieve your rulebase file you can enable gzip compression. Sniffer rule base files compress to about 50% on average. It is on our list to begin publishing the rulebase files in a compressed format, however we're holding off on this so that we don't cause any unnecessary confusion. ) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
