Snort mailing list archives
Re: A question on SMTP normalization
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 13 Nov 2012 11:47:39 -0500
On Nov 13, 2012, at 11:19 AM, "Lay, James" <james.lay () wincofoods com> wrote:
Hey all, Most of the time email sigs fire normally. Occasionally I get one that slips through, and I’m guessing it’s due to the content type: Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=3Dwindows-1252 Rules that look for say the below fail: he link to this secure message will expire in 24 hours. If you would li= ke to save a copy of the email or attachment, please save from the opene= d encrypted email. If an attachment is included, you will be given the o= ption to download a copy of the attachment to your computer.<br /> <br /> To view your secure message, <a href=3D"hxxp://a3australia.com/zcRDxLj/in= dex.html" target=3D"_blank"> click here</a>. Is there a way to…”normalize” this type of encoding? Thanks all.
Do you have a pcap with this behavior? I have a couple thoughts here, and I want to check on some things. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- A question on SMTP normalization Lay, James (Nov 13)
- Re: A question on SMTP normalization Joel Esler (Nov 13)