[Bro-Dev] [JIRA] (BIT-1507) Intel framework does not match mail addresses properly
Jan Grashoefer (JIRA)
jira at bro-tracker.atlassian.net
Wed Nov 11 02:44:00 PST 2015
Jan Grashoefer created BIT-1507:
-----------------------------------
Summary: Intel framework does not match mail addresses properly
Key: BIT-1507
URL: https://bro-tracker.atlassian.net/browse/BIT-1507
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.4
Environment: All
Reporter: Jan Grashoefer
Priority: Low
Some time ago someone in #bro asked for matching mail addresses using the intel-framework. We realized, that the [seen-script|https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/smtp.bro] seems to contain a bug: Using {code}split_string_n(mail_address, /<.+>/, T, 1){code} to extract a mail address misses the last character and does not respect the possibility of multiple addresses.
I will add a pcap later.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-005#70107)
More information about the bro-dev
mailing list