Thanks for the heads-up, Pete.
For what it's worth, I had a hit on only one message on each of my
gateways, from different senders.
The "Sniffer General" result code wasn't weighted high enough on my
Declude system to hold either message because they came from senders
with "clean" implementations.
I put the rule-panic into each of my snf_engine.xml files and after a
several rulebase updates, I've taken it out again. While the rule-panic
was in place, I had several more hits, which were of course "passed".
Andrew.
-Original Message-
From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of Pete McNeil
Sent: Thursday, June 18, 2009 1:13 PM
To: Message Sniffer Community
Subject: [sniffer] Bad rule: 2524136
Hello Sniffer Folks,
Rule ID 2524136 was coded for an image binary segment and was pulled
shortly after it was created when false positives were detected.
If you use a quarantine system and you are able to re-scan quarantined
messages then you may be able for avoid further FP reports and even
prevent the detection of these false positives.
If you are using the latest version of SNF then your rulebase is most
likely already up to date.
If you are using a scheduled task and the previous version of SNF then
you may need to trigger an update manually first. Please upgrade as soon
as possible.
What we have done:
* As with all false positives, this rule is retained to prevent any
future events of the same kind.
* We have researched the process that created this rule and adapted the
process to prevent similar cases in the future.
We are sorry for any inconvenience.
Thanks,
_M
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to
