https://inliniac.net/blog/tag/smtp/ Recent content in Smtp on Inliniac Hugo en Tue, 11 Nov 2014 10:47:42 +0000 https://inliniac.net/blog/2014/11/11/smtp-file-extraction-in-suricata/ Tue, 11 Nov 2014 10:47:42 +0000 https://inliniac.net/blog/2014/11/11/smtp-file-extraction-in-suricata/ <p>In <a href="http://suricata-ids.org/2014/11/06/suricata-2-1beta2-available/">2.1beta2</a> the long awaited SMTP file extraction support for Suricata finally appeared. It has been a long development cycle. Originally started by BAE Systems, it was picked up by Tom Decanio of FireEye Forensics Group (formerly nPulse Technologies) followed by a last round of changes from my side. But it&rsquo;s here now.</p> <p>It contains:</p> <ul> <li>a MIME decoder</li> <li>updates to the SMTP parser to use the MIME decoder for extracting files</li> <li>SMTP JSON log, integrated with EVE</li> <li>SMTP message URL extraction and logging</li> </ul> <p>As it uses the Suricata file handling API, it shares almost everything with the existing file handling for HTTP. The rule keyword work and the various logs work automatically with SMTP as well.</p> https://inliniac.net/blog/2011/12/07/suricata-1-1-1-released/ Wed, 07 Dec 2011 18:34:50 +0000 https://inliniac.net/blog/2011/12/07/suricata-1-1-1-released/ <p>A maintenance update for the Suricata 1.1 series was just released. It fixed an important issue. In some cases Suricata could crash on SMTP traffic.</p> <p>The full announcement for the 1.1.1 release is <a href="http://www.openinfosecfoundation.org/index.php/component/content/article/140-suricata-111-available">here</a>.</p> <p>Naturally, the issue has also been fixed in the 1.2 development branch.</p>