[Oisf-users] STMP Filecarving
Andreas Moe
moe.andreas at gmail.com
Mon Nov 3 07:48:45 UTC 2014
Hi,
With the new pull request adding STMP carving (#1195), ive been testing
this abit. But, i cant seem to be able to carve any files. Im betting the
issue is my rule writing skills. Any one have any tips?
alert smtp any any -> any any (msg:"TOTAL CAPTURE!"; filestore; sid:1;
rev:1;)
/Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141103/b506576a/attachment.html>
More information about the Oisf-users
mailing list