[Bro] bug in smtp analyzer?
seth at icir.org
Thu Oct 20 07:14:38 PDT 2016
> On Oct 19, 2016, at 8:14 AM, erik clark <philosnef at gmail.com> wrote:
> In 2.4.1, it seems that there is no c$smtp$cc field in the smtp analyzer, but there is in 2.5. I noticed in 2.4.1, processing cc fields is haphazard at best, and is totally unreliable. Is this really only fixed in 2.5 with the addition of the cc processor for the smtp analyzer?
That was an oversight in previous version of Bro.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro