From: Philippe Antoine Date: Wed, 18 Jun 2025 12:15:36 +0000 (+0200) Subject: email: test body-md5 auto setting without rules X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2fd4ed4e19c7b1527dd659250dcbe06f93d0133e;p=thirdparty%2Fsuricata-verify.git email: test body-md5 auto setting without rules Ticket: 7587 Verify that we do not output a body_md5 --- diff --git a/tests/detect-email-body_md5-auto/README.md b/tests/detect-email-body_md5-auto/README.md new file mode 100644 index 000000000..521adc947 --- /dev/null +++ b/tests/detect-email-body_md5-auto/README.md @@ -0,0 +1,9 @@ +# Test Description + +Test body_md5 auto setting without rules using email.body_md5 keyword + +## PCAP +From ../bug-3616-smtp/input.pcap + +## Redmine Ticket +https://redmine.openinfosecfoundation.org/issues/7587 diff --git a/tests/detect-email-body_md5-auto/suricata.yaml b/tests/detect-email-body_md5-auto/suricata.yaml new file mode 100644 index 000000000..27a179c11 --- /dev/null +++ b/tests/detect-email-body_md5-auto/suricata.yaml @@ -0,0 +1,24 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular #regular|syslog|unix_dgram|unix_stream|redis + filename: eve.json + types: + - smtp: + extended: yes + md5: [body, subject] + - alert: + smtp: yes + +app-layer: + protocols: + smtp: + enabled: yes + raw-extraction: no + mime: + decode-mime: yes + decode-base64: yes + body-md5: auto diff --git a/tests/detect-email-body_md5-auto/test.yaml b/tests/detect-email-body_md5-auto/test.yaml new file mode 100644 index 000000000..0793bff82 --- /dev/null +++ b/tests/detect-email-body_md5-auto/test.yaml @@ -0,0 +1,18 @@ +requires: + min-version: 9 + +pcap: ../bug-3616-smtp/input.pcap + +args: + - -k none --set stream.inline=true + +checks: +- filter: + count: 0 + match: + event_type: smtp + has-key: email.body_md5 +- filter: + count: 2 + match: + event_type: smtp