This signature triggers on a normal EXAMINE INBOX command. Won't the following regex fire on any imap EXAMINE command and not just "examine..256+"? Can this be combined with the "min match length" to fix?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...