At 07:42 AM 3/26/2004, you wrote:
Pete,
Just wanted to interject a couple observations. I'm connected to the
Internet through a 15Mb frac ds/3 from ATT and a T1 from Sprint. I of
course of no way of telling which pipe our automated downloads are coming
from. However, I too have noticed
At 09:10 AM 3/26/2004, you wrote:
On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote:
ERROR_BAD_MATRIX is definitely a corrupted rulebase file. A manual
download should solve the problem.
Should not snf2check.exe detect this? If the sniffer can detect it, it
seems that the checker should too
being put into production.
Fred
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 10:26 AM
Subject: Re: [sniffer] Error_Bad_Matrix
At 09:10 AM 3/26/2004, you wrote:
On Mar 25, 2004, at 8:10 PM, Pete McNeil wrote
mail to myself
There has to be something in the rule base that is doing this...or maybe
my Windows NT update broke something???
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
- Original Message -
From: Pete McNeil
To: [EMAIL PROTECTED]
Sent
At 02:26 PM 3/26/2004, you wrote:
I've been getting the error message below for the past two weeks. I get
it for both smtp32.exe and imail1.exe
Application popup: smtp32.exe - Application Error : The application
failed to initialize properly (0xc142). Click on OK to terminate the
application.
Hello folks,
We have traced the source of the corrupted rulebase problem to our Sprint
T1 line. This line has been shutdown until the problem can be resolved.
This has reduced our available bandwidth but should prevent further
corrupted downloads.
In order to reduce traffic and improve
Hello folks,
I have just finished work with Sprint Verizon on the T1 and we now have a
clean circuit. I have opened it up for traffic and all appears to be back
to normal. Please let me know if there are any lingering symptoms.
I will restore the second rulebase compiler to active duty
There was a bad rule yesterday. It was removed almost immediately but it
looks like you missed the update until 1000pm. It takes a while to compile
rulebase updates. Since you mention 4pm and 10pm I'm guessing you have your
updates scheduled. A better method would be to trigger updates based on
That is possible. I'm still looking for an alternate repeatable cause.
_M
At 08:43 PM 3/24/2004, you wrote:
I see over a 1000 of these ERROR_BAD_MATRIX entries in my Sniffer log file
today, as well. Is this due to the ruleset issue from earlier today?
Bill
-Original Message-
From:
. Can you see what I am doing wrong? The program seems to be
running OK in normal mode.
Thanks,
Bill Morgan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, March 17, 2004 1:05 PM
To: [EMAIL PROTECTED]
Subject: [sniffer
-
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 2:01 PM
Subject: Re: [sniffer] Possible Bad Rule?
We had a badly coded rule that matched yahoo.
The rule has been removed.
About 30 rulebases went out before it was caught.
These are being
I've been looking at that. The problem seems to be related to downloads,
not generation. That is, every rulebase that I use locally has been clean
throughout this episode. Also, folks who manually download the rulebase
seem to be able to correct the problem. I'm not sure yet what is different
snf2check.exe will catch a partial download but it will not catch
corruption in the middle of the file.
_M
At 03:57 PM 3/25/2004, you wrote:
I run snf2check.exe against every .snf file downloaded. I just checked it
again manually, and no errors were reported. I now have almost 3500
By 8pm we had done at least 6 that I was part of.
_M
At 04:32 PM 3/25/2004, you wrote:
How many updates have happened today...I have only received 1 today..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
- Original Message -
From: Pete McNeil [EMAIL
SEPARATOR ***
On 3/25/2004 at 6:05 PM Pete McNeil wrote:
This helps narrow things down. Specifically we know that the rulebase
files
are not corrupted on the server but during the download. That explains why
I haven't been able to recreate a problem in the lab.
I have a suspicion that wget
the
rulebase file format. There aren't any simple mechanisms that come to mind.
Perhaps there will be no choice but to change the format in order to
prevent this possibility.
_M
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Thursday
will
try to watch the logs more closely and manually test the snf files that
begin to generate bad_matrix errors to see if their bad at that time.
-Original Message-
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 18:05:39 -0500
Subject: Re: [sniffer] Spam
At 06:51 PM 3/25/2004, you wrote:
Looks like a bandwidth issue to me, since even doing the download manually,
my connection stalled 5 times before I could complete a successful download.
And the download speeds were atrocious, many times in bytes/second rather
than even kb/second - and my
, that might
identify something not so obvious if you run out of ideas.
I know how these things go and the worst part is not knowing the source
while others expect an quick fix. No big deal on my end in the mean time
though.
Matt
Pete McNeil wrote:
snf2check.exe will catch a partial download
parts
of the file. In theory this is covered by TCP - but in practice not so much :-(
_M
At 12:48 AM 3/26/2004, you wrote:
How about a byte length compare or checksum of some sort?
Matt
Pete McNeil wrote:
At 06:25 PM 3/25/2004, you wrote:
We also saw many BAD_MATRIX errors last night
At 08:08 PM 3/17/2004, you wrote:
What is the number after Polled waited:
That is the number of milliseconds the persistent server waited to poll the
working directory for more jobs. This number will increase each time no
jobs are found. When a job is found the persistent server will not wait
We have just added a rule for the Bagle.Q worm derived from data at the
following link:
http://www.auscert.org.au/render.html?it=3957
The rule should be present in your next update.
A full rule-base compile is under way.
Thanks!
_M
This E-Mail came from the Message Sniffer mailing list. For
Hello folks,
I know folks are anxious to get their hands on this version so I'm going to
play this beta round a little looser than usual. Version 2-3b1 implements a
persistent mode feature for our cellular peer-server technology. Launching
a persistent instance of Message Sniffer has the
Hello folks,
The primary database server went online with full data at 2100.
Full synchronization and testing was completed by 2300.
Spamtraps have been cleared.
False submissions have been cleared.
Another full compile is underway.
Thanks for your patience and your support!
_M
This E-Mail came
901 - 924 of 924 matches
Mail list logo