Thanks for the heads-up, Pete. For what it's worth, I had a hit on only one message on each of my gateways, from different senders.
The "Sniffer General" result code wasn't weighted high enough on my Declude system to hold either message because they came from senders with "clean" implementations. I put the rule-panic into each of my snf_engine.xml files and after a several rulebase updates, I've taken it out again. While the rule-panic was in place, I had several more hits, which were of course "passed". Andrew. -----Original Message----- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Thursday, June 18, 2009 1:13 PM To: Message Sniffer Community Subject: [sniffer] Bad rule: 2524136 Hello Sniffer Folks, Rule ID 2524136 was coded for an image binary segment and was pulled shortly after it was created when false positives were detected. If you use a quarantine system and you are able to re-scan quarantined messages then you may be able for avoid further FP reports and even prevent the detection of these false positives. If you are using the latest version of SNF then your rulebase is most likely already up to date. If you are using a scheduled task and the previous version of SNF then you may need to trigger an update manually first. Please upgrade as soon as possible. What we have done: * As with all false positives, this rule is retained to prevent any future events of the same kind. * We have researched the process that created this rule and adapted the process to prevent similar cases in the future. We are sorry for any inconvenience. Thanks, _M ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>