GEN:SID 1:2330
Message IMAP auth overflow attempt
Summary This event is generated when a remote user sends an overly long string
to an IMAP server via the command AUTH. This may indicate an attempt to
exploit a buffer overflow condition.
Impact Serious. Possible remote execution of arbitrary code, which may lead to a remote root compromise.
Detailed Information When a large amount of data is sent to a vulnerable IMAP server in the
AUTHENTICATE command, a buffer overflow condition may occur. This can
allow the attacker to execute arbitrary code, which may allow the
attacker to gain root access to the compromised server.
Affected Systems IMAP servers
Attack Scenarios An attacker can send a sufficiently long AUTHENTICATE command to the
IMAP server, creating a buffer overflow condition. This can then allow
the attacker to execute code of their choosing and possibly gain root
access to the compromised server.
Ease of Attack Simple. Exploits exist.
Corrective Action Apply the appropriate patches for your operating system.

Check the host for signs of compromise.
Additional References Bugtraq
http://www.securityfocus.com/bid/8861
Rule References bugtraq: 8861