[sniffer] Re: rule panic not working

2016-12-29 Thread Pete McNeil 

  
  
On 12/29/2016 08:55 AM, Daniel Ivey
  wrote:

Thanks,
but
it appears that my server is failing multiple 54- rules.  For example from Google,
it is failing 54-8064853-304-318-m
and 54-8064853-0-2423-f while from Yahoo it is failing
54-8064853-2063-2077-m
and 54-8064853-0-3703-f.

That is in fact a single rule hitting in multiple places.

http://www.armresearch.com/Documentation/QA/ltmatchesgt-1193870513.jsp

The rule ID is 8064853.
The rule has been removed.
_M


-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 

  

#

This message is sent to you because you are subscribed to

  the mailing list .

This list is for discussing Message Sniffer,

Anti-spam, Anti-Malware, and related email topics.

For More information see http://www.armresearch.com

To unsubscribe, E-mail to: 

To switch to the DIGEST mode, E-mail to 

To switch to the INDEX mode, E-mail to 

Send administrative queries to

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo 
Daniel, the "54" rules are probably related in some form or fashion. The
only thing you can really do is follow the procedure of adding the panics
for each rule and then reporting the urgent FPs to Arm so they can diagnose
and resolve. You may want to use Baregrep on your SNF logs to find the list
of the rules that are triggering incorrectly.

On Thu, Dec 29, 2016 at 8:22 AM, Daniel Ivey  wrote:

> Yes, I am positive.  If I turn off my SNIFFER test then everything works
> properly.
>
>
>
>
>
>
>
> -Original Message-
> *From:* Linda Pagillo [mailto:lpad...@gmail.com]
> *Sent:* Thursday, December 29, 2016 9:16 AM
> *To:* Message Sniffer Community
> *Subject:* [sniffer] Re: rule panic not working
>
>
>
> I don't think there is a way to block an entire set of rules with one
> entry. Someone from Arm may need to chime in here and answer that question.
> Are you positive that every single message coming in and leaving your
> server is triggering Sniffer?
>
>
>
> On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey  wrote:
>
> Thanks, but it appears that my server is failing multiple 54- rules.  For
> example from Google, it is failing 54-8064853-304-318-m and
> 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
> and 54-8064853-0-3703-f.
>
>
>
> Is there a way block all 54- rules temporary?
>
>
>
> Also, do you have any suggestions on what would cause this all of a sudden?
>
>
>
> Daniel
>
>
>
> -Original Message-
> *From:* Linda Pagillo [mailto:lpad...@gmail.com]
> *Sent:* Thursday, December 29, 2016 8:51 AM
> *To:* Message Sniffer Community
> *Subject:* [sniffer] Re: rule panic not working
>
>
>
> Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
> for example... 54-8064853-304-318-m
>
>
>
> On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey  wrote:
>
> It appears that the server is failing SNIFFER Rule 54 for some reason,
> causing issues.  I have added the following line in my snf_engine.xml file
> for a rule panic but it doesn't appear to be working.
>
> 
> 
> 
>
> Can someone help me with what I have wrong?
>
> Daniel
>
>
> #
> This message is sent to you because you are subscribed to
>   the mailing list .
> This list is for discussing Message Sniffer,
> Anti-spam, Anti-Malware, and related email topics.
> For More information see http://www.armresearch.com
> To unsubscribe, E-mail to: 
> To switch to the DIGEST mode, E-mail to 
> To switch to the INDEX mode, E-mail to 
> Send administrative queries to  
>
>
>
>
>

[sniffer] Re: rule panic not working

2016-12-29 Thread Daniel Ivey 
Yes, I am positive.  If I turn off my SNIFFER test then everything works
properly.
 
 
 
-Original Message-
From: Linda Pagillo [mailto:lpad...@gmail.com]
Sent: Thursday, December 29, 2016 9:16 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
I don't think there is a way to block an entire set of rules with one entry.
Someone from Arm may need to chime in here and answer that question. Are you
positive that every single message coming in and leaving your server is
triggering Sniffer?
 
On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey < d...@gcrcompany.com
 > wrote:

Thanks, but it appears that my server is failing multiple 54- rules.  For
example from Google, it is failing 54-8064853-304-318-m and
54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
and 54-8064853-0-3703-f.
 
Is there a way block all 54- rules temporary?
 
Also, do you have any suggestions on what would cause this all of a sudden?
 
Daniel
 
-Original Message-
From: Linda Pagillo [mailto: lpad...@gmail.com  ]
Sent: Thursday, December 29, 2016 8:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
for example... 54-8064853-304-318-m
 
On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com
 > wrote:
It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list < sniffer@sortmonster.com
 >.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
 
To unsubscribe, E-mail to: < sniffer-...@sortmonster.com
 >
To switch to the DIGEST mode, E-mail to < sniffer-dig...@sortmonster.co
 m>
To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com
 >
Send administrative queries to  < sniffer-request@sortmonster.c
 om>

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo 
I don't think there is a way to block an entire set of rules with one
entry. Someone from Arm may need to chime in here and answer that question.
Are you positive that every single message coming in and leaving your
server is triggering Sniffer?

On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey  wrote:

> Thanks, but it appears that my server is failing multiple 54- rules.  For
> example from Google, it is failing 54-8064853-304-318-m and
> 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
> and 54-8064853-0-3703-f.
>
>
>
> Is there a way block all 54- rules temporary?
>
>
>
> Also, do you have any suggestions on what would cause this all of a sudden?
>
>
>
> Daniel
>
>
>
> -Original Message-
> *From:* Linda Pagillo [mailto:lpad...@gmail.com]
> *Sent:* Thursday, December 29, 2016 8:51 AM
> *To:* Message Sniffer Community
> *Subject:* [sniffer] Re: rule panic not working
>
>
>
> Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
> for example... 54-8064853-304-318-m
>
>
>
> On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey  wrote:
>
> It appears that the server is failing SNIFFER Rule 54 for some reason,
> causing issues.  I have added the following line in my snf_engine.xml file
> for a rule panic but it doesn't appear to be working.
>
> 
> 
> 
>
> Can someone help me with what I have wrong?
>
> Daniel
>
>
> #
> This message is sent to you because you are subscribed to
>   the mailing list .
> This list is for discussing Message Sniffer,
> Anti-spam, Anti-Malware, and related email topics.
> For More information see http://www.armresearch.com
> To unsubscribe, E-mail to: 
> To switch to the DIGEST mode, E-mail to 
> To switch to the INDEX mode, E-mail to 
> Send administrative queries to  
>
>
>

[sniffer] Re: rule panic not working

2016-12-29 Thread Daniel Ivey 
Thanks, but it appears that my server is failing multiple 54- rules.  For
example from Google, it is failing 54-8064853-304-318-m and
54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m
and 54-8064853-0-3703-f.
 
Is there a way block all 54- rules temporary?
 
Also, do you have any suggestions on what would cause this all of a sudden?
 
Daniel
 
-Original Message-
From: Linda Pagillo [mailto:lpad...@gmail.com]
Sent: Thursday, December 29, 2016 8:51 AM
To: Message Sniffer Community
Subject: [sniffer] Re: rule panic not working
 
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
for example... 54-8064853-304-318-m
 
On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com
 > wrote:
It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list < sniffer@sortmonster.com
 >.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
 
To unsubscribe, E-mail to: < sniffer-...@sortmonster.com
 >
To switch to the DIGEST mode, E-mail to < sniffer-digest@sortmonster.
 com>
To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com
 >
Send administrative queries to  < sniffer-request@sortmonster.
 com>

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo 
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this
for example... 54-8064853-304-318-m

On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey  wrote:

> It appears that the server is failing SNIFFER Rule 54 for some reason,
> causing issues.  I have added the following line in my snf_engine.xml file
> for a rule panic but it doesn't appear to be working.
>
> 
> 
> 
>
> Can someone help me with what I have wrong?
>
> Daniel
>
>
> #
> This message is sent to you because you are subscribed to
>   the mailing list .
> This list is for discussing Message Sniffer,
> Anti-spam, Anti-Malware, and related email topics.
> For More information see http://www.armresearch.com
> To unsubscribe, E-mail to: 
> To switch to the DIGEST mode, E-mail to 
> To switch to the INDEX mode, E-mail to 
> Send administrative queries to  
>
>

[sniffer] rule panic not working

2016-12-29 Thread Daniel Ivey 
It appears that the server is failing SNIFFER Rule 54 for some reason,
causing issues.  I have added the following line in my snf_engine.xml file
for a rule panic but it doesn't appear to be working.





Can someone help me with what I have wrong?

Daniel


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to