[Oisf-users] SMTP payload /eml extraction
Christophe Vandeplas
christophe at vandeplas.com
Tue Mar 29 07:53:59 UTC 2016
Hi Tom,
Thanks for the feedback.
I can easily extract the stuff using tcpflow or similar. However I was
curious if Suri would have been able to.
Greetings
Christophe
On 24 March 2016 at 16:40, Tom DeCanio <decanio.tom at gmail.com> wrote:
> Christophe;
>
> The code can't write the email (not just the attachments) to disk the way it
> exists today. However it wouldn't be difficult to add the capability. In
> fact if you compile suricata with SMTP debug flags turned on you'll see
> suricata display all sorts of email content. It would be just a matter of
> writing out that content somewhere.
>
> Tom
>
> On Thu, Mar 24, 2016 at 2:41 AM Christophe Vandeplas
> <christophe at vandeplas.com> wrote:
>>
>> Hello there,
>>
>>
>> I already did file extraction on smtp streams, however I'm not sure
>> how to extract the smtp payload (the eml).
>>
>> Any advice?
>>
>>
>> Thanks
>> Christophe
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC:
>> http://oisfevents.net
More information about the Oisf-users
mailing list