[Bro] Extracting Email Attachments
init.conf at gmail.com
Fri Mar 22 07:32:09 PDT 2013
## define the mime types you want extracted /.*/ means everything
redef SMTP::extract_file_types += /application\/*/;
## path where extracted attachments need to go:
redef SMTP::extraction_prefix = "/data/bro/extract/smtp-entity" ;
On Mar 22, 2013, at 3:49 AM, Digital Ninja <dn1nj4 at gmail.com> wrote:
> Hello all,
> New bro user here. I'm trying to understand how to enable email attachment extraction with bro. I see in smtp-entities the setting "extract-file" which by default is False. What is the right way to enable it and set the directory where these attachments will reside?
> Thanks in advance!
> Bro mailing list
> bro at bro-ids.org
More information about the Bro