Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SIG5478 Microsoft Exchange SMTP Overflow

Regarding above signature, I already checking on my exchange server (2003 with SP2) and confirmed we are patching with MS05-021 (KB894549) but there is still huge alarm fire between my exchange servers on this signature daily.

Any1 experienced this before? Mind to sharing your advice? thanks and appreciate it.

4 REPLIES
New Member

Re: SIG5478 Microsoft Exchange SMTP Overflow

If your exchange server's are patched and are not vulnerable you have the option to either filter or disable this signature.

If you suspect false positives would you be able to provide some traffic samples or at least some show event outputs? It would greatly help in improving the signature.

You can e-mail me directly at jlimbo@cisco.com and I will provide you with my pgp key.

Thanks,

Jonathan

Gold

Re: SIG5478 Microsoft Exchange SMTP Overflow

we saw the same thing (false positives on traffic between exchange servers). We just turned it off.

New Member

Re: SIG5478 Microsoft Exchange SMTP Overflow

Hi dude.

Are you just turn off this signature or filtered out your exchange server on this signature?

Can CISCO doing something on this Signature? appreciate it.

Gold

Re: SIG5478 Microsoft Exchange SMTP Overflow

We just turned the signature off. I'm not in an environment where complicated filtering is feasible. There are exceptions, but if a false-postive alarm is cluttering up my display, it's gone. It helps that we're patched for this vuln.

128
Views
0
Helpful
4
Replies