cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
390
Views
0
Helpful
3
Replies

sendmail data header overflow

tjcorlando
Level 1
Level 1

I am getting Alerts related to this Sig ID (3115). This is a Microsoft shop with an Exchange 2003 email server. Is there any risk? Should I be concerned about this Alert?

1 Accepted Solution

Accepted Solutions

mhellman
Level 7
Level 7

no.

1) it's older than the hills

2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)

3) you don't run sendmail

as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?

View solution in original post

3 Replies 3

mhellman
Level 7
Level 7

no.

1) it's older than the hills

2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)

3) you don't run sendmail

as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?

Thanks for the information. I must have an old sig set; I thought I was current as of a few weeks ago. I'll update the sig set and confirm that it disables this Alert.

I may have spoken too soon. While 3115-0 is default disabled/retired, 3115-3 is not. The former has vendor acknowledged false positives. The latter is just as old though and if you don't run sendmail I would recommend disable/retire.

see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=3

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: