[Bro-Dev] [JIRA] (BIT-1258) POP3 question
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Mon Sep 22 06:04:08 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18200#comment-18200 ]
Johanna Amann commented on BIT-1258:
------------------------------------
At the moment, Bro does not ship with the pop3 analyzer enabled by default (or with any scripts for it). If you want to activate the pop3 analyzer, you would have to write a script that enables the analyzer and handles the different protocol events just like they are loaded by default for http, smtp, ftp.
Due to the fact that plain unencrypted pop3 is used very rarely nowadays (and that the analyzer could need a bit of clean-up) we will probably not add any scripts for that in the near future.
> POP3 question
> -------------
>
> Key: BIT-1258
> URL: https://bro-tracker.atlassian.net/browse/BIT-1258
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.3
> Environment: CentOS 6
> Reporter: Jimmy Jones
> Assignee: Johanna Amann
> Attachments: pop.pcap
>
>
> Using attached POP3 sample (extracted from http://leonward.wordpress.com/2009/04/10/openpacketorg-examplecom-pcap-files/) I get pop3 detected in conn.log but nothing else. Should I get a pop3.log or similar out of the box?
--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)
More information about the bro-dev
mailing list