https://live.paloaltonetworks.com/t5/general-topics/mac-mail-gmail-and-vulnerability-cve-2004-2501/m-p/1976#M1455 <HTML><HEAD></HEAD><BODY><P>On a PA 2020 running 4.03, the threat log is filled with clients triggering alerts for MailEnable IMAP Server Long Tag anomaly (CVE-2004-2501), rated "high".They are all in fact Mac Mail clients trying to talk IMAP to GMail servers on port 993. On the face of it they must all be false positives. SSL decryption is being used. Could anyone give any idea why Long Tag anomalies are being detected?</P><P></P><P>Neil Flanagan </P></BODY></HTML> Thu, 30 Jun 2011 08:59:41 GMT n.flanagan 2011-06-30T08:59:41Z https://live.paloaltonetworks.com/t5/general-topics/mac-mail-gmail-and-vulnerability-cve-2004-2501/m-p/1976#M1455 <HTML><HEAD></HEAD><BODY><P>On a PA 2020 running 4.03, the threat log is filled with clients triggering alerts for MailEnable IMAP Server Long Tag anomaly (CVE-2004-2501), rated "high".They are all in fact Mac Mail clients trying to talk IMAP to GMail servers on port 993. On the face of it they must all be false positives. SSL decryption is being used. Could anyone give any idea why Long Tag anomalies are being detected?</P><P></P><P>Neil Flanagan </P></BODY></HTML> Thu, 30 Jun 2011 08:59:41 GMT https://live.paloaltonetworks.com/t5/general-topics/mac-mail-gmail-and-vulnerability-cve-2004-2501/m-p/1976#M1455 n.flanagan 2011-06-30T08:59:41Z https://live.paloaltonetworks.com/t5/general-topics/mac-mail-gmail-and-vulnerability-cve-2004-2501/m-p/1977#M1456 <HTML><HEAD></HEAD><BODY><P>Hello Neil,</P><P>if you can get a packet capture of this traffic, then you can open a case with support and they can refer this to the content team to verify if this is indeed a false positive.</P><P></P><P></P><P>thanks,</P><P>Stephen&nbsp; </P></BODY></HTML> Mon, 04 Jul 2011 14:21:10 GMT https://live.paloaltonetworks.com/t5/general-topics/mac-mail-gmail-and-vulnerability-cve-2004-2501/m-p/1977#M1456 swhyte 2011-07-04T14:21:10Z