Hmmm... so 70 minutes after the rule was released we were notified of the rule update for auto-update of rulebase, but at 10:11ET we still hadn't gotten the update for the 8:53am removal. Anything we can do to speed up the rulebase update notifications?
Also, for rules identified as problematic and removed, what about an automated email so we can remove it immediately via RulePanic. For peak times like beginning of the business day, that would be very helpful. An hour could save a lot of headaches for both us and our customers. Or are there so many of those that we would be swamped with notifications? Just trying to figure out a way to avoid this as much as possible in the future. It cost me a half hour this morning, and, more importantly, delayed over 150 legitimate messages to our customers. Thanks in advance for anything you can do. Darin. ----- Original Message ----- From: Pete McNeil To: Message Sniffer Community Sent: Friday, January 07, 2011 11:27 AM Subject: [sniffer] Re: RulePanic on 3741490 On 1/7/2011 10:19 AM, Darin Cox wrote: Hi guys, We're seeing a lot of FPs on 3741490 this morning. I've added a RulePanic for it in our systems. The rule was created at 0539 and removed at 0853 when it was detected by our early warning system. It codes for a binary segment found in some image files. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>