dra007 Posted August 24, 2006 Share Posted August 24, 2006 Lately I have been getting spam that is blocked by NIS when I attempt to transfer it from my inbox to the SC heldmail folder for reporting (OE in XP SP2), a bit annoying since I have to report such spam mannually...any ideas? Here is an example: TRACKING URL Link to comment Share on other sites More sharing options...
Telarin Posted August 24, 2006 Share Posted August 24, 2006 Not having worked much with the recent versions of NIS because I've always found it to cause more problems than it fixes, I can't say for sure. However, in previous versions there was an option buried in there somewhere to turn of NIS's handling of spam, so that it only checks your inbox for actual viruses. Link to comment Share on other sites More sharing options...
Wazoo Posted August 24, 2006 Share Posted August 24, 2006 Possible technical terminology involved here ..... Firewall .... Symantec (Norton) bought the [at]Guard firewall and then proceded to bloat it up, screw it up, etc. If it is the "firewall" that's at issue, then based on the [at]Guard roots, you apparently need to "train" it to allow the connection/transfer you're trying to make in the (assumed) IMAP connection. On the other hand, as Telarin suggests, you may be running into a "spam prevention" module .. but not exactly sure why this would show up as a "firewall" alert. It sure seems to me that it should be labeled as something else .. or at least have a better description ....????? Link to comment Share on other sites More sharing options...
dra007 Posted August 24, 2006 Author Share Posted August 24, 2006 It only happens with certain stock spam, but a small prcentage of even look alike spam. The spam option on the firewall should move the spam to a different folder, but it doesn't work on imap folder where I make the transfer. Besides, I have disabled it as it's totally useless.. I move the spam in bulk between imap folders, when it finds the spam in question it gives a firewall warning; "Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked. Intruder: OWNER-Mehere(67.186.61.132)(3143). Risk Level: Medium. Protocol: TCP. Attacked IP: imap.spamcop.net(216.154.195.50). Attacked Port: imap(143)." Their explanation: IMAP Mailbox Name Length BO Severity: Medium This attack could pose a moderate security threat. It does not require immediate action. Description This signature detects attempts to exploit a buffer overflow vulnerability due to the unchecked mailbox name length in some IMAP commands. it seems to be bogus or a false positive, but certaily triggered by unusual spam. The glitch is independent of the PC or operating system, I get the same error on different PCs with different OS and connections (work vs. home) Link to comment Share on other sites More sharing options...
Farelf Posted August 24, 2006 Share Posted August 24, 2006 ... a firewall warning; "Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked. Intruder: OWNER-Mehere(67.186.61.132)(3143). Risk Level: Medium. Protocol: TCP. Attacked IP: imap.spamcop.net(216.154.195.50). Attacked Port: imap(143)." Sounds like something you should be able to reach in configuration, if you are sure it is bogus - NIS Personal firewall Configure Advanced Trojan horse ... from dropdown - Any "Block" on direction: outbound, protocol: TCP? Nothing resembling it on my setup (all my blocks are "inbound") Worth a look perhaps, if you've not done so already. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.