suricata
suricata copied to clipboard
OISF
Smtp server detection 1125 v5
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/1125
Describe changes:
- smtp : adds server side detection
- ftp : adds server side detection
The most special trick is that the (server) probing parser waits for the client side to have seen some data to take a definitive positive decision. So that If it looks like a SMTP server (it could be a FTP server), let's see if the client looks like SMTP or FTP or something unknown...
suricata-verify-pr: 866
Modifies #7599 by rebase and removing one unneeded many1 as it was always one and only one
Codecov Report
Merging #7664 (98f810f) into master (61f9f0d) will increase coverage by
0.11%. The diff coverage is88.09%.
@@ Coverage Diff @@
## master #7664 +/- ##
==========================================
+ Coverage 75.78% 75.90% +0.11%
==========================================
Files 659 659
Lines 185660 185684 +24
==========================================
+ Hits 140706 140940 +234
+ Misses 44954 44744 -210
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 60.54% <88.09%> (+0.38%) |
:arrow_up: |
| suricata-verify | 52.59% <80.00%> (+0.04%) |
:arrow_up: |
| unittests | 60.71% <15.78%> (-0.02%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
QA shows quite a difference in extracted files and hashes again. @catenacyber and @ct0br0 can you look into why?
Replaced by https://github.com/OISF/suricata/pull/8119 to get actualized results