Actions
Feature #4386
closedSupport for RFC2231
Effort:
Difficulty:
Label:
C, Protocol
Description
We noticed a lack of support for multiline header attributes in mime documents as defined in RFC2231 (standard track).
This RFC documents a way to split header attributes across multiple lines, so that the line length remains short.
This wrapping is implemented by some popular MUA, including Thunderbird. Lack of support for this RFC results in Suricata not noticing/storing email attachments with filenames wrapped that way (filename*0=, filename*1=...).
This can also be considered as a evasion technique, although this is a standard track RFC.
We attached a pcap file containing an email attachment ignored by Suricata.
Thank you,
Cheers,
Florian Maury
Files
Updated by Philippe Antoine over 3 years ago
- Status changed from New to In Review
- Target version set to 7.0.0-beta1
Updated by Philippe Antoine almost 3 years ago
- Status changed from In Review to Closed
Updated by Victor Julien over 2 years ago
- Status changed from Closed to Resolved
- Label Needs backport to 6.0 added
Updated by Victor Julien about 2 years ago
- Label deleted (
Needs backport to 6.0)
Updated by Philippe Antoine about 2 years ago
- Status changed from Resolved to Closed
Actions