Hmmmm.... "Update notifications happen as soon as the rulebase compilers have created a new rulebase."
I don't know what your internal processes are, but if I understand this correctly the rule was created at 5:39am ET, and was compiled into the rulebase somewhere just before 8:53am ET, at which point update notifications were sent. >From the customer point of view, when the rule was created or removed doesn't >really matter, and those times are meaningless to us. What matters is when >the rulebases that include them are published/updated, as that is what we key >off of for updates. "We have features on the short list to automatically render removed rules inert in near real-time (within seconds)" Sounds good. That would definitely be better than notifications for us to be able to put in RulePanics, assuming there's no negative effect to overall performance from checking each rule for active/inactive state. I assume some sort of push mechanism to all subscribers, to notify their systems that a rule is no longer valid, is what you're planning here. Best. Darin. ----- Original Message ----- From: Pete McNeil To: Message Sniffer Community Sent: Friday, January 07, 2011 1:43 PM Subject: [sniffer] Re: RulePanic on 3741490 On 1/7/2011 12:33 PM, Darin Cox wrote: Hmmm... so 70 minutes after the rule was released we were notified of the rule update for auto-update of rulebase, but at 10:11ET we still hadn't gotten the update for the 8:53am removal. Anything we can do to speed up the rulebase update notifications? Update notifications happen as soon as the rulebase compilers have created a new rulebase. We are in the process of reworking our compiler cluster to improve it's performance and further shorten update times. Also, for rules identified as problematic and removed, what about an automated email so we can remove it immediately via RulePanic. For peak times like beginning of the business day, that would be very helpful. An hour could save a lot of headaches for both us and our customers. Or are there so many of those that we would be swamped with notifications? We have features on the short list to automatically render removed rules inert in near real-time (within seconds). Just trying to figure out a way to avoid this as much as possible in the future. It cost me a half hour this morning, and, more importantly, delayed over 150 legitimate messages to our customers. We are constantly improving our process to minimize these cases, increase the speed with which we can detect and correct these, and add features to automate and expedite the process. Thanks in advance for anything you can do. Thanks very much for your feedback! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
