Actions
Feature #4386
closed
GD
PA
Support for RFC2231
Feature #4386:
Support for RFC2231
Effort:
Difficulty:
Label:
C, Protocol
Description
We noticed a lack of support for multiline header attributes in mime documents as defined in RFC2231 (standard track).
This RFC documents a way to split header attributes across multiple lines, so that the line length remains short.
This wrapping is implemented by some popular MUA, including Thunderbird. Lack of support for this RFC results in Suricata not noticing/storing email attachments with filenames wrapped that way (filename*0=, filename*1=...).
This can also be considered as a evasion technique, although this is a standard track RFC.
We attached a pcap file containing an email attachment ignored by Suricata.
Thank you,
Cheers,
Florian Maury
Files
PA Updated by Philippe Antoine almost 5 years ago
- Status changed from New to In Review
- Target version set to 7.0.0-beta1
VJ Updated by Victor Julien over 4 years ago
- Assignee set to Philippe Antoine
PA Updated by Philippe Antoine over 4 years ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien over 3 years ago
- Status changed from Closed to Resolved
- Label Needs backport to 6.0 added
PA Updated by Philippe Antoine over 3 years ago
- Subtask #5478 added
VJ Updated by Victor Julien over 3 years ago
- Label deleted (
Needs backport to 6.0)
PA Updated by Philippe Antoine over 3 years ago
- Status changed from Resolved to Closed
Actions