suricata
suricata copied to clipboard
imap: extend detection patterns - v7
Ticket: #2886
Make sure these boxes are signed before submitting your Pull Request -- thank you.
- [x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
- [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)
- [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)
Link to redmine ticket:2886
Describe changes:
- extend detection patterns for imap protocol as per rfc9051
- compared to this previous PR: rebase to latest master.
- this is not comprehensive and might create more false positives, but i think this tradeoff is acceptable, and we can overcome these limitations when we add a complete parser.
SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1915