Rule number 5 million rolled on by this week. We found the highest rule
seven times, which was rule 5 million and 429.
C:\MessageSniffer>grep -P "Final\t" munged.2012062?.log | cut -f7 |
usort | uniq -c | usort -k2 -n -r 2>nul | head
7 5000429
6 5000190
9 5000187
2 5000186
1 5000170
3 4999799
1 4999618
6 4999419
1 4999415
4 4999088
Andrew 8)
-Original Message-
From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On
Behalf Of Colbeck, Andrew
Sent: Thursday, June 21, 2012 9:15 AM
To: Message Sniffer Community
Subject: [sniffer] Creeping higher on those rule numbers
Via the GnuWin32 tools on my Windows server:
C:\MessageSniffer>grep -P "Match\t" munged.2012062?.log | cut -f7 |
usort | uniq -c | usort -k2 -n -r 2>nul | head
2 4991501
8 4991483
8 4991462
8 4991459
8 4991457
8 4991456
8 4991446
6 4991286
3 4991284
11 4991231
>From the top down, this is the top ten highest rule numbers (column 2)
that I've seen today and yesterday, and their volume (column 1).
So, the highest rule number I've seen in the last two days is 4,991,501
and I've seen it twice.
That was the list of rules I've seen. Here's the list of rules that were
matched as the "winning" rule for the message scanned:
C:\MessageSniffer>grep -P "Final\t" munged.2012062?.log | cut -f7 |
usort | uniq -c | usort -k2 -n -r 2>nul | head
2 4991501
8 4991446
6 4991286
3 4991284
3 4991231
6 4991221
1 4991178
1 4991130
1 4991120
5 4991105
(Oh, and I replaced my License ID with the text "munged" before I pasted
the command line into this email.)
Andrew 8)
#
This message is sent to you because you are subscribed to
the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to
#
This message is sent to you because you are subscribed to
the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to