Hello Sniffer folks, There were a couple of upgrades put in place today. I want to run them past you...
* A new piece of optimization code was added to drop any Received IP rule that has 0 rule strength and is more than 30 days old. This will help to reduce false positives caused by IP rules that "hang on" after the infection/problem with the source is fixed. It also reduces the compiler workload a bit by reducing the core rulebase size. Today, we dropped 240000 rules that were "dead" IP rules. Unlike rules that are removed due to FPs, these rules are "forgotten" which means that they can be restored as new if they are detected again. (Rules that are removed due to FP reports are actually placed in a special group called "Problematic". This prevents anyone (human or machine) from reintroducing problematic rules without a special review. To date this has happened with fewer than 10 rules.) * Standard rulebase delivery pacing has been changed from 200 to 150. This means that, on average, rulebase files will be recompiled every 2.5 hours or so. This timing will be variable based on system loads etc, but it is a significant improvement. Since our partnership w/ AppRiver and the formation of ARM, we have sped up our rulebase delivery process by 267%!! (from 3.6 updates/day to 9.6 updates/day). That's all for now. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
