Feature #2561: Add possibility for smtp raw extraction - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2561

closed

Add possibility for smtp raw extraction

Added by Maurizio Abba about 6 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Maurizio Abba

Target version:

5.0beta1

Effort:

low

Difficulty:

low

Label:

Description

It may be useful to store a whole email, in raw format, as part of an SMTP extracted file.

The proposed feature adds an optional smtp flag, disabled by default, enabling raw-extraction, allowing an e-mail to be dumped in raw format, headers and eventual attachment (base64 encoded) included.
Note that, when this feature is enabled, we won't be able to match on the actual content of the attachment (as we are extracting the email in raw form, the attachment will be base64 encoded).
Of course, this will be disabled by default.

I'm a bit unsure about how to document this feature though (in case it will be accepted). Any suggestion?

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2561

Add possibility for smtp raw extraction

Updated by Andreas Herz about 6 years ago

Updated by Maurizio Abba almost 6 years ago

Updated by Victor Julien almost 6 years ago

Updated by Victor Julien almost 6 years ago

Updated by Maurizio Abba almost 6 years ago

Updated by Victor Julien over 5 years ago