> Does anyone know if any of the SARE rules are causing timeouts? My server
> was bogging down really bad. I removed the custom rules and that seems to
> have fixed it. Only thing is, I don't know which one is causing the
problem.
In general timeouts tend to get caused by net tests. I can't recall any of
our tests that are currently net tests, so the likelyhood of a SARE rule
timeout should be small.
However - a regexp can be a dangerous thing, and a pathelogical spam input
to one might end up finding a logic hole that can take a VERY long time.
You may have found such a thing. However, it should happen on very specific
spams, and not in general. We did have that happen once before with one re,
long since fixed. In general ".*" is dangerous, and it likely occurs in
several of our rules.
Of the rulesets you listed it is a little hard to guess which (if any) might
be the culprit. About all I can suggest is "divide and conquer".
I would start by trying to find a particular message that causes the
problem, so you can run it through SA by hand. Then I would start lopping
rulesets out until the problem went away. Then it would be possible to
start chopping that single ruleset down until the problem became fairly
obvious.
Loren
