I have a pair of ASA 5540s running 8.2(3) in active/active failover mode.  The internal networks are arranged on a /24 subnet "ring" around a central core switch.  The ASAs are connected to a 3750 stack to provide redundant paths for each ASA as well...

Thousands and thousands... apparently firing on nulls outside of uricontent. ASA5540/AIP-SSM20s. 5.1(3)S256.0.

Mail from myspace.com is being blocked by our ASAs (not that *I* think that is necessarily a bad thing, but our users do).The ASA is triggering ASA-3-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail addressData:MAIL ...

This signature appears to be looking for script markers in the header, but is firing on just the presence of 'script' which is not a problem. Example:000000 47 45 54 20 2F 42 75 72 73 74 69 6E 67 53 63 72 GET /BurstingScr000010 69 70 74 2F 61 64...

Getting numerous 3550 alerts, apparently embedded text within a POP mail item (not command text).