[Snort-sigs] capture email

Ricardo Londono rlondono at ...1999...
Mon Nov 3 09:38:14 EST 2003


I saw the following question in the archives and was wondering if this is possible?  I work for a school  district and we have a student sending threats via email to a teacher.  The student is using web-based email...


***************************************************************
EMAIL FROM James...
"Wouldn't it be nice to be able to capture an _entire SMTP session_ based on
a key word embedded somewhere in the SMTP message?  This could easily be
used to look for messages with a specific email address on them, with a
specific key word inside them, etc.  

Anyone want to write an SMTP protocol handler?"
***************************************************************


I'm interested in capturing email from a specific email.

thanks for any help.

Ricardo Londoño






More information about the Snort-sigs mailing list