Via the GnuWin32 tools on my Windows server: C:\MessageSniffer>grep -P "Match\t" munged.2012062?.log | cut -f7 | usort | uniq -c | usort -k2 -n -r 2>nul | head 2 4991501 8 4991483 8 4991462 8 4991459 8 4991457 8 4991456 8 4991446 6 4991286 3 4991284 11 4991231
>From the top down, this is the top ten highest rule numbers (column 2) that I've seen today and yesterday, and their volume (column 1). So, the highest rule number I've seen in the last two days is 4,991,501 and I've seen it twice. That was the list of rules I've seen. Here's the list of rules that were matched as the "winning" rule for the message scanned: C:\MessageSniffer>grep -P "Final\t" munged.2012062?.log | cut -f7 | usort | uniq -c | usort -k2 -n -r 2>nul | head 2 4991501 8 4991446 6 4991286 3 4991284 3 4991231 6 4991221 1 4991178 1 4991130 1 4991120 5 4991105 (Oh, and I replaced my License ID with the text "munged" before I pasted the command line into this email.) Andrew 8) ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>