I am getting Alerts related to this Sig ID (3115). This is a Microsoft shop with an Exchange 2003 email server. Is there any risk? Should I be concerned about this Alert?
1) it's older than the hills
2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)
3) you don't run sendmail
as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?