HI Pete, We are running the older version, and get our updates about every 50-60 minutes. We're using GBUdb as a test in Declude, separately from Message Sniffer.
I'll look up the info on upgrading gracefully. Hadn't had much time to do that previously. Darin. ----- Original Message ----- From: Pete McNeil To: Message Sniffer Community Sent: Monday, March 12, 2012 6:22 PM Subject: [sniffer] Re: FPs on Sniffer-Schemes On 3/12/2012 5:41 PM, Darin Cox wrote: Started getting hits at 4:30pm EST up to 15 minutes ago (5:25pm EST). I think I can see part of the problem (possibly). I do not have telemetry from your system (based on looking up your Id from your domain). I suspect this means that you are running an older version of SNF. By extension, that would mean a couple of things: * Your rulebase update would not come as quickly as for most systems. * Your SNF engine won't match on many of the newer rules. * Your SNF engine will not have GBUdb and also will not be able to auto-panic new rules that conflict with IP reputation data. Am I right about these assumptions? If not, then we should figure out why I don't see your telemetry. Thanks, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
