[sniffer] Re: Rulebase updates increased by 25%!!!
Thanks Pete, That would explain it. Maybe just my eyes playing tricks, but I swear my clock jumped ahead 1 hour as I was looking at the screen. Win2000 server. I re-installed some SNF files, using the current time-stamps. I'll report back if the issue persists. And/or at least we have something solid to work with if it continues. Thanks for your fast assistance. Regards, --Paul -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com]on Behalf Of Pete McNeil Sent: Monday, March 22, 2010 6:29 PM To: Message Sniffer Community Subject: [sniffer] Re: Rulebase updates increased by 25%!!! On 3/22/2010 4:59 PM, Peer-to-Peer (Support) wrote: > Pete, > > We're only seeing an about 1 update every hour (or so) as well. > I did some checking and sent you an email off list. It looks like the UTC clock on your server is about an hour in the future (compared to worldtimeserver.com) -- That's a guess, but based on the telemetry I see in your rulebase file timestamps it seems about right. If your update script isn't preserving the file timestamp from the delivery server and is pushing it into the future by an hour then your SNF node will not see the file on our server as newer until that hour has expired (at least). Two things... * The update script _should_ preserve the timestamp provided by the delivery server. * Even if that's not the case, if your UTC clock is correct then the timestamp of the new rulebase file would not be in the future. Please let us know the resolution on this. Please let us know if there is more we can do. Thanks! _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
On 3/22/2010 4:59 PM, Peer-to-Peer (Support) wrote: Pete, We're only seeing an about 1 update every hour (or so) as well. I did some checking and sent you an email off list. It looks like the UTC clock on your server is about an hour in the future (compared to worldtimeserver.com) -- That's a guess, but based on the telemetry I see in your rulebase file timestamps it seems about right. If your update script isn't preserving the file timestamp from the delivery server and is pushing it into the future by an hour then your SNF node will not see the file on our server as newer until that hour has expired (at least). Two things... * The update script _should_ preserve the timestamp provided by the delivery server. * Even if that's not the case, if your UTC clock is correct then the timestamp of the new rulebase file would not be in the future. Please let us know the resolution on this. Please let us know if there is more we can do. Thanks! _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
The problem was on my end and thanks again Pete. I'll be upgrading to the latest version later today. Kevin On 3/22/2010 3:04 PM, Pete McNeil wrote: On 3/22/2010 4:47 PM, Kevin Rogers wrote: I haven't had an update since 8:45am PST. Usually I'll have 3 or 4 updates in this period. Anything going on? Kevin, Thanks for calling me back -- Glad we got things sorted out. I'm sure you'll see better performance when you upgrade to version 3, and the installer should handle most of the process for you. If you have any questions or problems please feel free to call back. Best, _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
On 3/22/2010 4:47 PM, Kevin Rogers wrote: I haven't had an update since 8:45am PST. Usually I'll have 3 or 4 updates in this period. Anything going on? Kevin, Thanks for calling me back -- Glad we got things sorted out. I'm sure you'll see better performance when you upgrade to version 3, and the installer should handle most of the process for you. If you have any questions or problems please feel free to call back. Best, _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
On 3/22/2010 4:59 PM, Peer-to-Peer (Support) wrote: Pete, We're only seeing an about 1 update every hour (or so) as well. Once per hour (about) is normal for most systems. I will contact you off list while I'm looking into this. At present things look normal for your systems too. _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
Pete, We're only seeing an about 1 update every hour (or so) as well. Using the GetRuleBase.cmd Just an FYI --Paul -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com]on Behalf Of Pete McNeil Sent: Monday, March 22, 2010 4:53 PM To: Message Sniffer Community Subject: [sniffer] Re: Rulebase updates increased by 25%!!! On 3/22/2010 4:47 PM, Kevin Rogers wrote: > I haven't had an update since 8:45am PST. Usually I'll have 3 or 4 > updates in this period. Anything going on? Everything looks normal. I can't identify your system by your email address -- please send a note (privately) to support@ with your SNF license ID and I will look it up to check your telemetry etc. Thanks, _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
On 3/22/2010 4:47 PM, Kevin Rogers wrote: I haven't had an update since 8:45am PST. Usually I'll have 3 or 4 updates in this period. Anything going on? Everything looks normal. I can't identify your system by your email address -- please send a note (privately) to support@ with your SNF license ID and I will look it up to check your telemetry etc. Thanks, _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rulebase updates increased by 25%!!!
I haven't had an update since 8:45am PST. Usually I'll have 3 or 4 updates in this period. Anything going on? Thanks Kevin On 2/5/2010 11:44 AM, Pete McNeil wrote: Hi Sniffer Folks, After more back-end improvements and some careful analysis we have increased our rulebase update rate by another 25%. This will mean: -- Less time for new spam to get through between updates -- More accurate IP reputation information against new bots -- Faster removal of troublesome rules (fewer false positives) As always your comments and questions are welcome and encouraged. Please let us know if there is more we can do. _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
