[Oisf-users] Does anybody test IMAP protocol dection under version 5.0.0-dev? I guess it may not work.
Ma Allen
mazhh at outlook.com
Thu Mar 14 02:59:08 UTC 2019
In AppLayerParserRegisterProtocolParsers(),
/** IMAP */
AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
"1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
{
SCLogInfo("imap proto registration failure\n");
exit(EXIT_FAILURE);
}
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
"imap");
}
As AppLayerProtoDetectPMRegisterPatternCS() is used, 5.0.0-dev will use the pattern "capability" case-sensitively to detect whether the protocol is IMAP.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190314/09429f53/attachment.html>
More information about the Oisf-users
mailing list