Hi Pete,
I'll send the logs for the past two days separately
to support (at). We do run snf2check on every downloaded rulebase, so that
shouldn't be an issue.
The one thing I didn't think to do was to revert to
an old rulebase, but we only keep the previous, so it would have already been
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
>
Hi Pete,
There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time. They suddenly started at 5pm (shortly after a 4:30pm rulesbase update), and were fairly evenly sprea
Hi Pete,
There was a consistent stream of false positives
over the mentioned time period, not just a blast at a particular
time. They suddenly started at 5pm (shortly after a 4:30pm rulesbase
update), and were fairly evenly spread from 5pm - 11pm and 6am - 10am today (not
many legitimate
On Tuesday, November 8, 2005, 10:19:20 AM, Darrell wrote:
Dsic> I too have had to submit a lot more false positives lately. I also second
Dsic> that false positive processing seems to be a lot slower than previously.
We have introduced a number of new rule coding procedures (and people)
as well
On Tuesday, November 8, 2005, 11:02:09 AM, Darin wrote:
>
Hi Pete,
The rash of false positives seems to have stopped with the last sniffer rulebase update at 10am ET. It had started with a rulebase update at 4:30pm ET yesterday, and continued through the updates at 8:40pm, 12am, 3am, a
Hi Pete,
The rash of false positives seems to have
stopped with the last sniffer rulebase update at 10am ET. It had started
with a rulebase update at 4:30pm ET yesterday, and continued through the updates
at 8:40pm, 12am, 3am, and 6:20am today.
I'd still like to know what happened, and h
I've submitted about 45 so far this morning. I normally submit at most a
half dozen each morning.
Darin.
- Original Message -
From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, November 08, 2005 10:19 AM
Subject: Re: [sniffer] Rash of false positives
I too ha
I too have had to submit a lot more false positives lately. I also second
that false positive processing seems to be a lot slower than previously.
Darrell
Check out http://www.invariantsystems.com for utilities for Declud
I don't know if I would call it a rash, but over
the last week, I've submitted about 30 false positives. That's far more than
average.
I've developed a feeling that Message Sniffer has
become "too tight".
- Original Message -
From:
Darin Cox
To: sniffer@SortMonster.com
No, we automatically update with every notification
of a new rulebase.
Looking further, they started just before 5pm ET
yesterday. So far, it's about 10 times the usual number of Sniffer false
positives. We've sent quite a few this morning to false (at) for
processing.
Darin.
- O
After reviewing all the blocked messages for the past 2 days on 2
different servers, I found no false positives. Do you happen to have an old
rule base from several days again ? If so, try that to see if it temporarily
resolves the false positives.
-Original
Message-From: "Darin Cox"
We're seeing a continual stream of false
positives. It's taking all of our time just to keep up with it at the
moment. If something isn't done soon, we're going to have to disable
sniffer.
Darin.
- Original Message -
From: Computer
House Support
To: sniffer@SortMonster.com
S
Dear Darin,
Thanks for the heads up. It's going to take me about
45 minutes to check the 9000 messages that were blocked by Sniffer last night,
but I'll let you know if we experienced the same thing.
Michael SteinComputer House
www.computerhouse.com
- Original Message -
Hi Pete,
What's going on over there? We had somewhere
between 5 and 10 times the usual number of Sniffer false positives this
morning. They are across the board, so it's not just one rule that's
catching them, or a particular set of senders or receivers.
Hopefully you can get it under c
14 matches
Mail list logo