Snort mailing list archives
Re: [WARNING : A/V UNSCANNABLE] Re: pop: Unknown POP3 response/command
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 11 Jan 2016 18:15:54 +0000
What decoding methods do you have setup ( uuencoded, qp, base64 etc...)? Can you send what you have setup in your preprocessor? Have you tried lengthening your decoding depths? Try to get the entire session in a pcap and see what the pop commands are (after decoding the data). The message you sent is truncated and if snort tries to read that it will throw an Unknown error command. Hope this helps. Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Matteo De Rosa [mailto:matteo.derosa () enea it] Sent: Monday, January 11, 2016 10:14 AM To: Joel Esler (jesler); snort-users () lists sourceforge net Subject: [WARNING : A/V UNSCANNABLE] Re: [Snort-users] pop: Unknown POP3 response/command this is the detail of one of the alert:
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: pop: Unknown POP3 response/command Matteo De Rosa (Jan 08)
- <Possible follow-ups>
- Re: pop: Unknown POP3 response/command Matteo De Rosa (Jan 11)
- Re: [WARNING : A/V UNSCANNABLE] Re: pop: Unknown POP3 response/command Al Lewis (allewi) (Jan 11)
- pop: Unknown POP3 response/command Matteo De Rosa (Jan 12)
- Re: Unknown POP3 response/command Al Lewis (allewi) (Jan 12)
- capture traffic Matteo De Rosa (Jan 12)
- Re: Unknown POP3 response/command Matteo De Rosa (Jan 13)
- Re: [WARNING : A/V UNSCANNABLE] Re: pop: Unknown POP3 response/command Al Lewis (allewi) (Jan 11)