06-30-2011 01:59 AM
On a PA 2020 running 4.03, the threat log is filled with clients triggering alerts for MailEnable IMAP Server Long Tag anomaly (CVE-2004-2501), rated "high".They are all in fact Mac Mail clients trying to talk IMAP to GMail servers on port 993. On the face of it they must all be false positives. SSL decryption is being used. Could anyone give any idea why Long Tag anomalies are being detected?
Neil Flanagan
07-04-2011 07:21 AM
Hello Neil,
if you can get a packet capture of this traffic, then you can open a case with support and they can refer this to the content team to verify if this is indeed a false positive.
thanks,
Stephen
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
