[Snort-sigs] SMTP rcpt to sed command attempt

Tony Lill ajlill at ...1531...
Sun Jun 1 12:45:05 EDT 2003


>>>>> "Matt" == Matt Kettler <mkettler at ...1208...> writes:


    Matt> Agreed. That rule is really silly at this point but it might be difficult 
    Matt> to do this correctly just using "within" modifiers.. For example it could 
...

    Matt> It's almost like snort needs a "before_linebreak" option so that we can 

perhaps a more regex-y content option, or some way for the more
intelligent protocol preprocessors to get info to the rules wo we
could know if we are in smtp comands, headers, body.
--
Tony Lill,                         Tony.Lill at ...1532...
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"




More information about the Snort-sigs mailing list