[Bro] bro SMTP failing to parse attributes (subject, attachment) with EHLO

Gross, Brett gross.b at ghc.org
Fri May 13 17:32:35 PDT 2016

Is it possible that during the processing of SMTP traffic that parsing is interrupted when certain conditions are meant? For example, short circuit parsing logic after seeing "starttls" as the traffic won't be readable and parsing is not applicable?


From: Gross, Brett
Sent: Friday, May 13, 2016 12:50 PM
To: 'bro at bro.org'
Subject: bro SMTP failing to parse attributes (subject, attachment) with EHLO

Hello Bro Community,

I'm having an issue with bro SMTP not parsing certain mail attributes like subject or attachment. The parsing worked correctly when utilizing HELO but after switching to EHLO, parsing is minimal for those attributes or not at all.

Thank you


GHC Confidentiality Statement

This message and any attached files might contain confidential information protected by federal and state law. The information is intended only for the use of the individual(s) or entities originally named as addressees. The improper disclosure of such information may be subject to civil or criminal penalties. If this message reached you in error, please contact the sender and destroy this message. Disclosing, copying, forwarding, or distributing the information by unauthorized individuals or entities is strictly prohibited by law.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160514/d94b7467/attachment.html 

More information about the Bro mailing list