[sniffer] Re: Significant increase in false positives

[Darin Cox]

Hi Matt,   I know Pete has requested this in the past, but Declude hasn't been willing to make the change necessary for this to make it in the headers.  But I totally agree with you, I'd love to see this in the headers so tracking down the rule isn't such a pain. Darin.     ----- Original Message ----- From: Matt To: Message Sniffer Community Sent: Monday, October 16, 2006 10:03 PM Subject: [sniffer] Re: Significant increase in false positives Pete, Would you please clarify this a bit.  Declude of course doesn't record the rule in the headers, so this is difficult to figure out.  Knowing the pattern may help identify the problematic messages.  Also knowing the start time and end time of the rule would also help. I would be nice too if you talked with Declude about allowing for the insertion of headers, or even if you did this on your own.  I believe the D* file may be editable when the external app is launched.  That would make recovery of this so much easier for me (minutes instead of hours of work). Thanks, Matt Pete McNeil wrote: Hello Darin, Monday, October 16, 2006, 5:17:26 PM, you wrote: > Anyone else seeing a sudden increase in FPs?  We normally report a few each day, but we're seeing a 10x increase in FPs for the past three days. Not sure if this is it, but there was an image segment rule that went in over the weekend and resulted in an unusual number of false positives today. The rule was removed. IIRC the rule id was: 1174356 Hope this helps, _M --  Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>