Hi,
1. I read this page:
http://www.armresearch.com/support/articles/procedures/falsePositives.jsp
and it seems to be the same.
However, should this chapter be expanded to contain information about what
to do if some of the new technologies are responsible for the false
positive?
Hello Andy,
Thanks for this -- I will address the documentation issues shortly.
Regarding GBUdb FP issues-- to date we've not had a truncate (result code 20) false positive report from any system that was configured properly.
Are you reporting such an FP?
Depending upon the circumstances
Hi Pete,
You can drop the record for the IP from GBUdb with SNFClient -drop IP,
but if the system is not configured properly then the IP will quickly rise
back into the truncate list.
The IP address in question was a third party IP address, not related to us,
not a gateway. It was not in the
Hello Andy,
Tuesday, October 7, 2008, 2:40:01 PM, you wrote:
Hi Pete,
You can drop the record for the IP from GBUdb with SNFClient -drop IP, but if the system is not configured properly then the IP will quickly rise back into the truncate list.
The IP address in question was a third
Thanks Pete - I'll save that command.
I also suggest that some of your instructions might be helpful to see in the
documentation in the chapters on how to deal with false positives.
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Tuesday, October 07, 2008
PS:
And, for bonus points, to correctly support your sub-directory feature in
your sample script, you would do that with the -P parameter, e.g.:
wget http://www.sortmonster.net/Sniffer/Updates/%LICENSE_ID%.snf -N -P
%RULEBASE_PATH% --header=Accept-Encoding:gzip --http-user=sniffer
Hello Andy,
Wednesday, October 8, 2008, 12:50:23 AM, you wrote:
PS:
And, for bonus points, to correctly support your sub-directory feature in your sample script, you would do that with the P parameter, e.g.:
wget http://www.sortmonster.net/Sniffer/Updates/%LICENSE_ID%.snf-N -P
Hi Pete,
Thanks for giving it your consideration. If you decide to revise these
parameteres, then it will require an extra command in your script (because
the WGET command will output the compressed file as .SNF).
If you don't insist on using WGET, then CURL (also free/open software)
actually
Hello Andy,
Wednesday, October 8, 2008, 1:13:50 AM, you wrote:
Hi Pete,
Thanks for giving it your consideration. If you decide to revise these parameteres, then it will require an extra command in your script (because the WGET command will output the compressed file as .SNF).
Hello Andy,
Wednesday, October 8, 2008, 1:35:41 AM, you wrote:
snip/
Also -- are you saying that with the parameters you've provided WGET would decompress the file on it's own so that we wouldn't need to do that in our script? If so, how does it know for sure where to find GZIP?
10 matches
Mail list logo