[Oisf-users] SMTP payload /eml extraction
Tom DeCanio
decanio.tom at gmail.com
Thu Mar 24 15:40:49 UTC 2016
Christophe;
The code can't write the email (not just the attachments) to disk the way
it exists today. However it wouldn't be difficult to add the capability.
In fact if you compile suricata with SMTP debug flags turned on you'll see
suricata display all sorts of email content. It would be just a matter of
writing out that content somewhere.
Tom
On Thu, Mar 24, 2016 at 2:41 AM Christophe Vandeplas <
christophe at vandeplas.com> wrote:
> Hello there,
>
>
> I already did file extraction on smtp streams, however I'm not sure
> how to extract the smtp payload (the eml).
>
> Any advice?
>
>
> Thanks
> Christophe
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160324/61f8586d/attachment-0002.html>
More information about the Oisf-users
mailing list