suricata
suricata copied to clipboard
Smtp server detection 1125 v5
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/1125
Describe changes:
- smtp : adds server side detection
- ftp : adds server side detection
The most special trick is that the (server) probing parser waits for the client side to have seen some data to take a definitive positive decision. So that If it looks like a SMTP server (it could be a FTP server), let's see if the client looks like SMTP or FTP or something unknown...
suricata-verify-pr: 866
Modifies #7599 by rebase and removing one unneeded many1
as it was always one and only one
Codecov Report
Merging #7664 (98f810f) into master (61f9f0d) will increase coverage by
0.11%
. The diff coverage is88.09%
.
@@ Coverage Diff @@
## master #7664 +/- ##
==========================================
+ Coverage 75.78% 75.90% +0.11%
==========================================
Files 659 659
Lines 185660 185684 +24
==========================================
+ Hits 140706 140940 +234
+ Misses 44954 44744 -210
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 60.54% <88.09%> (+0.38%) |
:arrow_up: |
suricata-verify | 52.59% <80.00%> (+0.04%) |
:arrow_up: |
unittests | 60.71% <15.78%> (-0.02%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
ERROR:
ERROR: QA failed on tlpw1_files_sha256.
Pipeline 8428
QA shows quite a difference in extracted files and hashes again. @catenacyber and @ct0br0 can you look into why?
Replaced by https://github.com/OISF/suricata/pull/8119 to get actualized results