topic IMAP long tag anomaly in General Topics https://live.paloaltonetworks.com/t5/general-topics/imap-long-tag-anomaly/m-p/70442#M40513 <P>I know this was kind of asked here, and I was wondering if the best option would be to create a rule like the one mentioned in this post..</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/General-Topics/SMTP-long-MAIL-anomaly-Vulnerability-30392/m-p/2327#M1718" target="_blank">https://live.paloaltonetworks.com/t5/General-Topics/SMTP-long-MAIL-anomaly-Vulnerability-30392/m-p/2327#M1718</A></P> <P>&nbsp;</P> <P>Since I am getting these almost everyday, and they seem to be always from one user account, and they happen to use gmail.</P> <P>&nbsp;</P> <P>I also use gmail but I never seem to see my account as the "attacker" which I'm not sure why his account keep showing up as the attacker.</P> <P>&nbsp;</P> <P>Should I just create the block rule and see if his email still works? He says he uses teh Windows Mail app with all gmail accounts.</P> Wed, 06 Jan 2016 17:06:14 GMT Zewwy 2016-01-06T17:06:14Z IMAP long tag anomaly https://live.paloaltonetworks.com/t5/general-topics/imap-long-tag-anomaly/m-p/70442#M40513 <P>I know this was kind of asked here, and I was wondering if the best option would be to create a rule like the one mentioned in this post..</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/General-Topics/SMTP-long-MAIL-anomaly-Vulnerability-30392/m-p/2327#M1718" target="_blank">https://live.paloaltonetworks.com/t5/General-Topics/SMTP-long-MAIL-anomaly-Vulnerability-30392/m-p/2327#M1718</A></P> <P>&nbsp;</P> <P>Since I am getting these almost everyday, and they seem to be always from one user account, and they happen to use gmail.</P> <P>&nbsp;</P> <P>I also use gmail but I never seem to see my account as the "attacker" which I'm not sure why his account keep showing up as the attacker.</P> <P>&nbsp;</P> <P>Should I just create the block rule and see if his email still works? He says he uses teh Windows Mail app with all gmail accounts.</P> Wed, 06 Jan 2016 17:06:14 GMT https://live.paloaltonetworks.com/t5/general-topics/imap-long-tag-anomaly/m-p/70442#M40513 Zewwy 2016-01-06T17:06:14Z Re: IMAP long tag anomaly https://live.paloaltonetworks.com/t5/general-topics/imap-long-tag-anomaly/m-p/74311#M41657 <P>A very smart network engineer&nbsp;I know informed me this is due to the way google changed the way their email system worked, and is caused when users who particularly use gmail with multiple folders will cause this Threat to be triggered.</P> <P>&nbsp;</P> <P>He provided one of two options to help correct it.&nbsp;</P> <P>&nbsp;</P> <P>1) get my colleague to clean up his gmail. reduce folder, etc (not likly to happen)</P> <P>&nbsp;</P> <P>2) adjust the profile monitor and change it so that particular vulnerability isn't alerted on, this leave it open to exploitation.</P> <P>&nbsp;</P> <P>Both options are not great, thus at this point I'll simply have to ingore in.. *Sticks head in the sand*</P> <P>&nbsp;</P> <P>Thanks for all the replies *Cough none*</P> Mon, 07 Mar 2016 19:50:14 GMT https://live.paloaltonetworks.com/t5/general-topics/imap-long-tag-anomaly/m-p/74311#M41657 Zewwy 2016-03-07T19:50:14Z