Pete:
Thanks for looking. It was very strange because it was such varied messages
from general correspondence, quotes. and personal correspondence. I put a
little negative weight in for statefarm.com which should keep it from
getting caught.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Wednesday, January 19, 2005 7:05 PM
To: Pete McNeil
Subject: Re[2]: [sniffer] Sniffer seems to be causing false positives.
On Wednesday, January 19, 2005, 9:02:02 PM, Pete wrote:
PM On Wednesday, January 19, 2005, 8:00:41 PM, Chuck wrote:
CS It appears that emails from statefarm.com are all being failed by
CS SNIFFER-OBFUSCATION code 61. It appears from multiple senders and
CS to multiple recipient domains. Any thoughts??
PM I will check though I doubt seriously that we would create this kind
PM of rule - - a show of hands says we all recognize statefarm. Most
PM likely this is an IP rule that got picked up by a robot, or perhaps
PM something incidental.
PM Please be sure to post a false positive report and if you can
PM identify the rule in your log files then you can add the ID as a
PM rule panic in your .cfg to alleviate the problem immediately while
PM we take the time to understand things further.
Just to follow up --- there are no rules that contain statefarm - so we
must be looking for something incidental.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html