Project

General

Profile

Actions
Copy link

Feature #2736

closed

Additional configuration options for SMTP, POP3 and IMAP Pre-Processors in snort.conf

Added by Bill Meeks almost 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Snort
Target version:
-
Start date:
12/27/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

The attached snort.inc file contains some changes to the section that generates the snort.conf file for a newly added interface. I added additional options to the SMTP, POP3 and IMAP pre-processors. These options help eliminate some errors I was seeing with decoding attachments and other content in e-mail messages. My changes are in the snort_generate_conf() function in the attached file.

The following options were added to both POP3 and IMAP:
memcap 1310700 \
qp_decode_depth 0 \
b64_decode_depth 0 \
bitenc_decode_depth 0

The following options were added to SMTP:
ignore_tls_data \
log_mailfrom \
log_rcptto \
log_email_hdrs \
email_hdrs_log_depth 1464 \
log_filename \
qp_decode_depth 0 \
b64_decode_depth 0 \
bitenc_decode_depth 0

Files

snort.inc (50 KB) snort.inc Bill Meeks, 12/27/2012 05:27 PM
Actions
Copy link

Also available in: Atom PDF