[Snort-sigs] SID 663, SMTP rcpt to sed command attempt
bmc at ...95...
Mon Jul 14 13:23:11 EDT 2003
On Mon, Jul 14, 2003 at 12:45:06PM -0400, Matt Kettler wrote:
> At 11:17 AM 7/14/2003 -0400, Nigel Houghton wrote:
> >Could you both please elucidate on what the false positive condition is
> Really snort needs a "before CR or LF byte" operator added to it's ruleset
> to facilitate proper handling of SMTP rules. Anything else and you're just
> taking guesses when pipelining occurs.
Once pcre is accepted, then you won't need that type of hack.
More information about the Snort-sigs