[Snort-devel] snort-2.9.6.0 problem imap,pop,smtp paf reassembly

Mitesh Jadia mitesh.jadia at ...2499...
Fri Apr 4 04:11:24 EDT 2014


Hello,

I found one strange behavior in imap,pop,smtp reassembly when mail has
attachment with mime *content-transfer-encoding = 7bit. *
configuration of paf_max is 16000 and the file has content of plain
text(file-size : 64kb). Ideally I should get reassembled packet when paf
limit is reached or EOF is reached. But I am getting reassembled packet of
1460 bytes after each packet from server(Imap case).

I debugged the code and found the problem with mime_paf function in
file-process utility. It find \r\n in normal text file and flushes the
packet.


Regards,
Mitesh Jadia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140404/c207e57f/attachment.html>


More information about the Snort-devel mailing list