Re: Re[2]: [sniffer] F001 Rule Bot Change
I'd say I get least FPs on: warez (50), av push (49), advertising (56), insurance (48), and gambling (59) Most FPs on general (60), experimental (61) and travel (47) - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Nick Hayer" Sent: Thursday, March 09, 2006 9:54 AM Subject: Re[2]: [sniffer] F001 Rule Bot Change On Thursday, March 9, 2006, 10:04:17 AM, Nick wrote: NH> Hi Pete, It's a bit too early to know about the reliability of F001. NH> Understood - sorry I was not clear on this :) NH> I was referring to all your tests eg: printers, snake oil, what NH> have you. which one do you have the most confidence in maybe get NH> the least false positive reports on? I don't have hard data on that right now. My impression is that we get the fewest FP reports on Porn/Adult and also on Malware. My impression is that we get the most on group 63 - I think mostly because of IP rules from old bots. I don't have any other strong impressions at this time. I have it on the list to upgrade the FP processing bot - I will be providing it with behaviors to keep running statistics on rule locations at the time of report and other contextual data. This is not a high priority task - so it will be a while. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] F001 Rule Bot Change
On Thursday, March 9, 2006, 10:04:17 AM, Nick wrote: NH> Hi Pete, >>It's a bit too early to know about the reliability of F001. >> NH> Understood - sorry I was not clear on this :) NH> I was referring to all your tests eg: printers, snake oil, what NH> have you. which one do you have the most confidence in maybe get NH> the least false positive reports on? I don't have hard data on that right now. My impression is that we get the fewest FP reports on Porn/Adult and also on Malware. My impression is that we get the most on group 63 - I think mostly because of IP rules from old bots. I don't have any other strong impressions at this time. I have it on the list to upgrade the FP processing bot - I will be providing it with behaviors to keep running statistics on rule locations at the time of report and other contextual data. This is not a high priority task - so it will be a while. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] F001 Rule Bot Change
On Thursday, March 9, 2006, 8:48:43 AM, Nick wrote: NH> Hi Pete - NH> Pete McNeil wrote: >>Hello Sniffer Folks, >> >> The F001 Rule Bot has been adjusted. >> NH> Is it possible for you to recommend a percentage of accuracy or maybe NH> better stated a percentage of delete weight for each rule? I am NH> wondering which rules you feel are the weakest and which are the NH> strongest. I am well aware 'mileage may vary' but just your thoughts on NH> reliability would be insightful. Currently the rules I trust the most NH> are at 90% of my hold weight which overall is less than 50% of my delete NH> weight. Rules that I trust the least like general and experimental are NH> at ~ 40% of my hold weight. It's a bit too early to know about the reliability of F001. So far the number of false positives has fallen quite sharply and continues to fall from what I can see. In addition, the new constraints on F001 will cause it to be much more reliable still (w/ regard to FPs). I would say that the most conservative weight for symbol 63 would be to weight it at the same weight as your average IP based blacklist. A more moderate position might have the lowest rated SNF tests at about 70% of your hold weight (this seems to be fairly common). Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
