From: Victor Julien <victor@inliniac.net>
Date: Thu, 21 Apr 2016 12:37:43 +0000 (+0200)
Subject: smtp: fix file logging and matching
X-Git-Tag: suricata-3.1RC1~236
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c514c904ffee373b8d872ee13ff3eda7d1fec9c;p=thirdparty%2Fsuricata.git

smtp: fix file logging and matching

When no rules with 'file content' keywords like filemd5 or filestore
were used, and non of the file outputs would force 'output' like
'force-md5' and 'force-magic', the file would not be tracked at all.

This meant that logging wouldn't work and neither would filename and
fileext inspection.

This patch removes the tracking bypass from the SMTP code and leaves
decisions to the file API.
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 701b97dcf0..79d4f16b83 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -406,13 +406,6 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
         flags |= FILE_NOMD5;
     }
 
-    /* Determine whether to process files */
-    if ((flags & (FILE_NOSTORE | FILE_NOMAGIC | FILE_NOMD5)) ==
-            (FILE_NOSTORE | FILE_NOMAGIC | FILE_NOMD5)) {
-        SCLogDebug("File content ignored");
-        return 0;
-    }
-
     /* Find file */
     if (entity->ctnt_flags & CTNT_IS_ATTACHMENT) {