[Bro] [bro] smtp log strangeness

Jan Grashöfer jan.grashoefer at gmail.com
Fri Mar 25 09:49:36 PDT 2016


Hi,

> Why am I getting all of this extra info in these fields?

The subject headers seem to look that strange to support other encodings
than ASCII (see
https://en.wikipedia.org/wiki/Unicode_and_email#Unicode_support_in_message_header).
The from header seems to include the display-name (see
https://tools.ietf.org/html/rfc5322#section-3.4). As Bro logs the
content of the headers without further processing, you are getting this
extra info.

Regards,
Jan


More information about the Bro mailing list