[Bro] extract smtp objects

erik clark philosnef at gmail.com
Tue Nov 1 07:33:48 PDT 2016


How difficult would this be to do?

On Tue, Nov 1, 2016 at 10:31 AM, Seth Hall <seth at icir.org> wrote:

>
> > On Oct 28, 2016, at 11:25 AM, erik clark <philosnef at gmail.com> wrote:
> >
> > Sorry for the clutter. I did this a different way with extract from file
> analyzer. I will just script some glue with conn.log, smtp.log, and fuid. I
> had originally wanted to scrap the data out of the raw smtp message (and
> would still prefer to do that) with other tools entirely, so if someone has
> a way to do that, that would be fantastic. :)
>
> You are hinting towards a design change that I've wanted to see for quite
> a while where the MIME analyzer would turn into a file analyzer and the
> MIME content carried over SMTP would be fed into the MIME file analyzer.
> This would have the nice side effect of making it simple to extract the
> full MIME message through the normal file extraction channels.
>
> Unfortunately this design change hasn't happened yet and isn't slated for
> the near term.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161101/370453f2/attachment.html 


More information about the Bro mailing list