Feature #2736
closed
Additional configuration options for SMTP, POP3 and IMAP Pre-Processors in snort.conf
0%
Description
The attached snort.inc file contains some changes to the section that generates the snort.conf file for a newly added interface. I added additional options to the SMTP, POP3 and IMAP pre-processors. These options help eliminate some errors I was seeing with decoding attachments and other content in e-mail messages. My changes are in the snort_generate_conf() function in the attached file.
The following options were added to both POP3 and IMAP:
memcap 1310700 \
qp_decode_depth 0 \
b64_decode_depth 0 \
bitenc_decode_depth 0
The following options were added to SMTP:
ignore_tls_data \
log_mailfrom \
log_rcptto \
log_email_hdrs \
email_hdrs_log_depth 1464 \
log_filename \
qp_decode_depth 0 \
b64_decode_depth 0 \
bitenc_decode_depth 0
Files
Updated by Jim Pingle over 12 years ago
- Status changed from New to Feedback
Have these changes already been merged in by pull requests?
Updated by Bill Meeks over 12 years ago
This can be closed. These were incorporated in the other changes included in subsequent Pull Requests via Github.
Updated by Jim Pingle over 12 years ago
- Status changed from Feedback to Resolved