[Bro] bug in smtp analyzer?

Seth Hall seth at icir.org
Thu Oct 20 07:14:38 PDT 2016


> On Oct 19, 2016, at 8:14 AM, erik clark <philosnef at gmail.com> wrote:
> 
> In 2.4.1, it seems that there is no c$smtp$cc field in the smtp analyzer, but there is in 2.5. I noticed in 2.4.1, processing cc fields is haphazard at best, and is totally unreliable. Is this really only fixed in 2.5 with the addition of the cc processor for the smtp analyzer?

https://github.com/bro/bro/blob/master/NEWS#L228

That was an oversight in previous version of Bro.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list