[sniffer] Re: Bad Rule Event

[Pete McNeil]

On 12/16/2010 11:07 AM, Bonno Bloksma wrote: Hi Pete,   > Hello Sniffer Folks, > > We have had a bad rule event. > The bad rules were created near 0830E, and removed by 1030E. [...]   Regarding this event.... A while ago we talked about sniffer installations exchanging rule-panic info via the GUBdb sync info as that is happening every (few) minute(s) in stead of every few hours. Any idea when a new version of Sniffer with that feature will be launched? Actually -- rule-panics are triggered instantaneously based on local GBUdb data. Auto-Panic: When a relatively new rule conflicts with a known good IP on your system that rule is made inert until the next rulebase update. The next full release will include features for near-real-time rule additions and removals. We plan to begin releasing interim updates of the SNF engine with some of these features early next year. We plan to complete the next full release by Q3. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>