https://community.cisco.com/t5/network-security/signature-3529-0-false-positives/m-p/413767#M94978 <HTML><HEAD></HEAD><BODY><P>Thank you for bringing this to our attention. Yes, the Min Match Length parameter should be used. We will release a modified signature in an upcoming release. </P></BODY></HTML> Fri, 06 Jan 2006 22:48:38 GMT rupadras 2006-01-06T22:48:38Z https://community.cisco.com/t5/network-security/signature-3529-0-false-positives/m-p/413766#M94976 <P>This signature triggers on a normal EXAMINE INBOX command. Won't the following regex fire on any imap EXAMINE command and not just "examine..256+"? Can this be combined with the "min match length" to fix?</P><P></P><P>[0-9][\x20][Ee][Xx][Aa][Mm][Ii][Nn][Ee][\x20][^\x0a\x0d]+[\x0a\x0d]</P> Sun, 10 Mar 2019 09:49:45 GMT https://community.cisco.com/t5/network-security/signature-3529-0-false-positives/m-p/413766#M94976 mhellman 2019-03-10T09:49:45Z https://community.cisco.com/t5/network-security/signature-3529-0-false-positives/m-p/413767#M94978 <HTML><HEAD></HEAD><BODY><P>Thank you for bringing this to our attention. Yes, the Min Match Length parameter should be used. We will release a modified signature in an upcoming release. </P></BODY></HTML> Fri, 06 Jan 2006 22:48:38 GMT https://community.cisco.com/t5/network-security/signature-3529-0-false-positives/m-p/413767#M94978 rupadras 2006-01-06T22:48:38Z