Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1371 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Receiving Intrusion Prevention Alert Daily With No Information To Treat It

Mathew Smith

Hi Everyone,

One one of our Sophos XG applicanaces, we are receiving this alert daily, but it does not provide any information on what to do to prevent it. If you click on the link provided in the alert, it takes you to the Sophos knowledge base, but within the knowledge base, there is no reference to this alert.

Subject: *ALERT* Sophos XG Firewall - Intrusion prevention alert (Critical)

Body:

Alert ID: 7002
Message:
PROTOCOL-IMAP Dovecot and Pigeonhole Remote Code Execution Vulnerability

Also, Googling this alert in quotes does not bring up any KB articles for Sophos.

Any suggestions would be great.

Cheers,

Mathew



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Mathew Smith

    Is there any old software running that uses Dovecot? If not, then probably it is a false positive.

    Even then, if you want to check more information on this, you can login on the firewall and open the log viewer at the IPS tab and search with the signature name "PROTOCOL-IMAP Dovecot and Pigeonhole" (You can copy paste from the e-mail.)

    While searching on the IPS tab, it should give some information on which device is being affected, source ip and destination ip, together with the time when it happened.