suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

imap: extend detection patterns - v7

Open mmaatuq opened this issue 1 month ago • 5 comments

Ticket: #2886

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
  • [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)
  • [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:2886

Describe changes:

  • extend detection patterns for imap protocol as per rfc9051
  • compared to this previous PR: rebase to latest master.
  • this is not comprehensive and might create more false positives, but i think this tradeoff is acceptable, and we can overcome these limitations when we add a complete parser.

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1915

mmaatuq avatar Jun 02 '24 21:06 mmaatuq