Feature #885
closedFeature #549: Extract file attachments from emails
smtp file_data support
VJ Updated by Victor Julien over 12 years ago
- Tracker changed from Bug to Feature
VJ Updated by Victor Julien over 12 years ago
We should probably inspect the decoded attachments with it, like Snort does: "When the traffic is SMTP the file_data points to the decoded attachments when decoding is enabled for those preprocessors, otherwise to the entire data body." http://blog.snort.org/2011/08/snort-291-where-does-filedata-point.html
AS Updated by Anoop Saldanha over 12 years ago
- headers
- raw_headers
- envelope.from
- envelope.to
to start with. Won't be hard to support these.
Let's start with file_data first of course.
VJ Updated by Victor Julien over 12 years ago
- Target version set to TBD
WM Updated by Will Metcalf over 12 years ago
This has been TBD'd?!?! Wheres Peter? I need a shoulder to cry on. We need this.
EM Updated by Eoin Miller over 12 years ago
This type of functionality would be VERY useful for creating alerting based on spammed out/speared attacks coming in via SMTP. Without this, currently you are unable to even create IDS alerting for .exe files, encrypted zip files, etc that are coming to your users through the mail flow.
VJ Updated by Victor Julien over 12 years ago
- Target version changed from TBD to 3.0RC2
- Parent task set to #549
This depends on #549.
VJ Updated by Victor Julien over 11 years ago
- Assignee changed from Anoop Saldanha to Victor Julien
- Target version changed from 3.0RC2 to 2.1beta2
VJ Updated by Victor Julien over 11 years ago
- Target version changed from 2.1beta2 to 2.1beta3
VJ Updated by Victor Julien over 11 years ago
- Target version changed from 2.1beta3 to 2.1beta4
VJ Updated by Victor Julien almost 11 years ago
- Status changed from Assigned to Closed
- Assignee changed from Victor Julien to Giuseppe Longo