Hi Pete,
The rash of false positives seems to have
stopped with the last sniffer rulebase update at 10am ET. It had started
with a rulebase update at 4:30pm ET yesterday, and continued through the updates
at 8:40pm, 12am, 3am, and 6:20am today.
I'd still like to know what happened, and how we
can avoid it in the future.
Thanks,
Darin. ----- Original Message -----
From: Darin Cox
Sent: Tuesday, November 08, 2005 8:45 AM
Subject: [sniffer] Rash of false positives Hi Pete,
What's going on over there? We had somewhere
between 5 and 10 times the usual number of Sniffer false positives this
morning. They are across the board, so it's not just one rule that's
catching them, or a particular set of senders or receivers.
Hopefully you can get it under control
soon.
It would also be extremely helpful if you could
speed up the false positive processing. Lately it seems to take 2-4 days
for the rules to be adjusted, which usually means more of the same are caught
and submitted over that time. I believe speeding up that process would
result in fewer to process all around.
Thanks,
Darin. |
- [sniffer] Rash of false positives Darin Cox
- Re: [sniffer] Rash of false po... Computer House Support
- Re: [sniffer] Rash of fals... Darin Cox
- Re: [sniffer] Rash of ... Scott Fisher
- Re: [sniffer] Rash... Darrell (supp...@invariantsystems.com)
- Re: [sniffer]... Darin Cox
- Re[2]: [sniff... Pete McNeil
- Re: [sniffer] Rash of false po... Paul Lushinsky
- Re: [sniffer] Rash of fals... Darin Cox
- Re: [sniffer] Rash of false po... Darin Cox
- Re[2]: [sniffer] Rash of f... Pete McNeil
- Re: Re[2]: [sniffer] R... Darin Cox
- Re[4]: [sniffer] R... Pete McNeil
- Re: Re[4]: [s... Darin Cox
- Re: Re[4]: [s... Richard Farris
- RE: Re[4]... John Moore