Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 853 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

since we have updated to 9.0040-we see these from two email servers

Barry_Foss
INDICATOR-COMPROMISE IRC channel notice on non-standard port
Details........: Snort ::
Time...........: 2012-11-14 11:34:35
Packet dropped.: no
Priority.......: high
Classification.: A Network Trojan was detected IP protocol....: 6 (tcp)

the emails look ok,  didn't want to disable the rule if it means something, can someone give me some detail on this or let me know if you need more info


This thread was automatically locked due to age.
  • 0
    Barry,

    Are these your servers, or do you mean you're getting this alert for two domains that send email to you?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    It is my email server sending to two different companies,  i found a common thing in the emails that my staff sent,  they both included some web content and a link to a webx meeting.  Maybe the html code and that link triggered this? 
     If i see it again i will turn it off but would like to just disable that rule for my exchange server i don't want an exception for all intrusion on my email server(is there not a way to do this?)
  • 0
    That error message shouldn't be triggered by email.  Can you determine from the logs whether an email was being sent or if this had to do with the conversation around sending the email to the SMTP Proxy?

    This might be worth opening a Support ticket.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?