GEN:SID 1:3058
Message IMAP copy literal overflow attempt
Summary This event is generated when a remote user sends an overly long string
to an IMAP server via the command COPY. This may indicate an attempt to
exploit a buffer overflow condition.
Impact Serious. Possible remote execution of arbitrary code, which may lead to
a remote root compromise.
Detailed Information When a large amount of data is sent to a vulnerable IMAP server in the
COPY command, a buffer overflow condition may occur. This can allow the
attacker to execute arbitrary code, which may allow the attacker to gain
root access to the compromised server.
Affected Systems IMAP servers
Attack Scenarios An attacker can send a sufficiently long COPY command to the IMAP
server, creating a buffer overflow condition. This can then allow the
attacker to execute code of their choosing and possibly gain root access
to the compromised server.
Ease of Attack Simple. Exploits exist.
Corrective Action Apply the appropriate patches for your operating system.

Check the host for signs of compromise.
Additional References  
Rule References bugtraq: 1110