Yeah, because 3.4.x implements maxhits.
So, should I disable the __GENERATE_LEADS family for < 3.4.0? I
suspect it would be prudent, but I am surprised the other
tflags=multiple rules aren't also problematic in the same manner...
Hello,
I don`t think I am in a position to comment on where to go from here for
SA < 3.4.0 . I am just glad I found the cause and was able to find and
share a workaround and findings to the mailing list.
This is perhaps one of many loops, I would have to check other emails;
however, over the last 2-3 weeks, we have noted that SA started to
become a huge memory and cpu hog, with a growing number of timeouts in
emails not completing within 300 seconds of scan and also occasionally
servers running out of RAM; this could be coincidence, or new rules in
the sa-update? In any case, here without Rule2XBody I am able to
operate until I can get 3.4.x deployed.
Thanks again,
Chris
