March 7, 2003
Intruder Alert 3.6 Sendmail_BrokenPipe_Messages Policy
This policy contains rules that detect Sendmail broken pipe error messages (Sendmail Header Processing Buffer Overflow Vulnerability). These error messages can be a result of a configuration error or an indication of malicious activity associated with Sendmail.
Sendmail (All Versions)
This policy detects Sendmail broken pipe error messages sent to syslog.
Policy rules include:
Configuring External Audit Log Monitoring
If Sendmail is configured to send error messages to logs other than syslog, it is recommended ITA be configured to monitor that log. To configure Intruder Alert to monitor an external mail log, follow the steps below.
Last modified on: Friday, 07-Mar-2003 17:17:09 PST