Feature #6296
open
smtp: BDAT chunking support incl MIME parsing
Added by Marko Jahnke about 1 year ago.
Updated 10 months ago.
Description
If I got it right, the MIME part of SMTP messages is not parsed if the "BDAT" command is used for chunking.
In app-layer-smtp.c, the initialization of the MIME state data structure is only performed if the plain "DATA" command is used.
The SMTPProcessCommandBDAT function just seems to step over the lines following the BDAT command without any further processing.
If my observation is correct, I would like to suggest to implement it. If not, please close the ticket. Thanks.
Related issues
1 (1 open — 0 closed)
- Related to Task #6443: Suricon 2023 brainstorm added
- Subject changed from Support MIME parsing in SMTP messages using BDAT chunking to smtp: BDAT chunking support incl MIME parsing
- Status changed from New to Assigned
I have encountered the same issue as user maja and developed some patches that implements the BDAT command and passes the data to the MIME parser...
I would like to share these patches with you. How can this be done?
I would also like to offer my assistance getting your contributions into Suricata, if there are still questions. Feel free to get in touch by simply replying here.
Also available in: Atom
PDF