Hello Jonathan, Monday, January 15, 2007, 10:58:06 AM, you wrote:
> After our last update (I believe it was on Friday), we have encountered > numerous false positives related to MS-GREYMAIL; however, there have been > others as well. This did not start until this weekend, but basically, it > seems like every message is being caught by Sniffer for some reason or > another, and most of the valid ones seem to fit into the GREYMAIL category. Updates happen several times per day - - you should have had many updates since last Friday. What you are describing sounds like a "rule-panic". Please check your SNF logs to identify the rule (it's probably just one) that is causing your false positives problem and enter that rule ID in your cfg file in the rule-panic area. That will make the rule inert to give you immediate relief. Then you can follow the normal FP procedure and we will get the rule adjsuted or removed. This are rare - but they do happen. Please see the info on our rule-panic process: http://kb.armresearch.com/index.php?title=Message_Sniffer.FAQ.FalsePositives#Sniffer_is_suddenly_creating_a_lot_of_False_Positives._What_do_I_do.3F Hope this helps, Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
