[Snort-sigs] capture email

Ricardo Londono rlondono at ...1999...
Mon Nov 3 09:38:14 EST 2003

I saw the following question in the archives and was wondering if this is possible?  I work for a school  district and we have a student sending threats via email to a teacher.  The student is using web-based email...

"Wouldn't it be nice to be able to capture an _entire SMTP session_ based on
a key word embedded somewhere in the SMTP message?  This could easily be
used to look for messages with a specific email address on them, with a
specific key word inside them, etc.  

Anyone want to write an SMTP protocol handler?"

I'm interested in capturing email from a specific email.

thanks for any help.

Ricardo Londoño

More information about the Snort-sigs mailing list