[Snort-sigs] SMTP rcpt to sed command attempt

Tony Lill ajlill at ...1531...
Sun Jun 1 12:45:05 EDT 2003

>>>>> "Matt" == Matt Kettler <mkettler at ...1208...> writes:

    Matt> Agreed. That rule is really silly at this point but it might be difficult 
    Matt> to do this correctly just using "within" modifiers.. For example it could 

    Matt> It's almost like snort needs a "before_linebreak" option so that we can 

perhaps a more regex-y content option, or some way for the more
intelligent protocol preprocessors to get info to the rules wo we
could know if we are in smtp comands, headers, body.
Tony Lill,                         Tony.Lill at ...1532...
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"

More information about the Snort-sigs mailing list