|
Oh, I assumed the rule had been removed. Are
you saying there was a rule in place, but the FP processing somehow failed to
find it? If so, I'd say that is a major failing on the part of the FP
processing.
There's no way that we can find time to go
through the Sniffer logs after this bounces back with "no rule found".
This would have to be automated to have any chance of occurring, but again I
would say the FP processing needs to be corrected to identify the rule the
message failed since the complete message, headers and body, are included in the
report.
Darin. ----- Original Message -----
From: Scott
Fisher
Sent: Wednesday, June 07, 2006 10:08 AM
Subject: Re: [sniffer]FP suggestions For me the pain of false positives submissions is
the research that happens when I get a "no rule found" return.
I then need to find the queue-id of the original
message and then find the appropriate Sniffer log and pull out the log lines
from there and then submit it. Almost always in these cases, a rule is
removed.
If this process could be improved that would really
be a time saver.
|
- Re: [sniffer]FP suggestions Matt
- Re: [sniffer]FP suggestions Darin Cox
- Re: [sniffer]FP suggestions Scott Fisher
- Re: [sniffer]FP suggestions Darin Cox
- Re: [sniffer]FP suggestions Matt
- Re: [sniffer]FP suggestions Darin Cox
