Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

sendmail data header overflow

I am getting Alerts related to this Sig ID (3115). This is a Microsoft shop with an Exchange 2003 email server. Is there any risk? Should I be concerned about this Alert?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: sendmail data header overflow

no.

1) it's older than the hills

2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)

3) you don't run sendmail

as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?

3 REPLIES
Gold

Re: sendmail data header overflow

no.

1) it's older than the hills

2) has known false positives (see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=0)

3) you don't run sendmail

as of s311, this is by default disabled and retired. did you "unretire" it or are you running an older signature set?

Community Member

Re: sendmail data header overflow

Thanks for the information. I must have an old sig set; I thought I was current as of a few weeks ago. I'll update the sig set and confirm that it disables this Alert.

Gold

Re: sendmail data header overflow

I may have spoken too soon. While 3115-0 is default disabled/retired, 3115-3 is not. The former has vendor acknowledged false positives. The latter is just as old though and if you don't run sendmail I would recommend disable/retire.

see: http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3115&signatureSubId=3

152
Views
0
Helpful
3
Replies
CreatePlease to create content