]> git.ipfire.org Git - people/ms/suricata.git/commit - src/app-layer-smtp.c
projects / people / ms / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2a6c60) | patch
smtp: create raw-extraction feature
authorMaurizio Abba <mabba@lastline.com>
Thu, 2 Aug 2018 18:43:17 +0000 (19:43 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 8 Feb 2019 06:38:56 +0000 (07:38 +0100)
commit469735118876b2eaec1d4efe5a7af9cf3b1a23cc
treebf198c6a0b266e3887d39249bf67035a2fe5d03ctree | snapshot
parentb2a6c60dee83908b383a329b1648df32a342fe54commit | diff
smtp: create raw-extraction feature

Add a raw-extraction option for smtp. When enabled, this feature will
store the raw e-mail inside a file, including headers, e-mail content,
attachments (base64 encoded). This content is stored in a normal File *,
allowing for normal file detection.
It'd also allow for all-emails extraction if a rule has
detect-filename:"rawmsg" matcher (and filestore).
Note that this feature is in contrast with decode-mime.

This feature is disabled by default, and will be disabled automatically
if decode-mime is enabled.
doc/userguide/configuration/suricata-yaml.rst diff | blob | blame | history
src/app-layer-smtp.c diff | blob | blame | history
src/app-layer-smtp.h diff | blob | blame | history
suricata.yaml.in diff | blob | blame | history
Michael's tree of suricata