01-03-2008 01:36 PM - edited 03-10-2019 03:55 AM
I am getting Alerts related to this Sig ID (3115). This is a Microsoft shop with an Exchange 2003 email server. Is there any risk? Should I be concerned about this Alert?
Solved! Go to Solution.
01-03-2008 02:03 PM
no.
1) it's older than the hills
2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)
3) you don't run sendmail
as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?
01-03-2008 02:03 PM
no.
1) it's older than the hills
2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)
3) you don't run sendmail
as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?
01-03-2008 02:20 PM
Thanks for the information. I must have an old sig set; I thought I was current as of a few weeks ago. I'll update the sig set and confirm that it disables this Alert.
01-03-2008 02:41 PM
I may have spoken too soon. While 3115-0 is default disabled/retired, 3115-3 is not. The former has vendor acknowledged false positives. The latter is just as old though and if you don't run sendmail I would recommend disable/retire.
see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=3
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: