Uploaded image for project: 'Bro Issue Tracker'
  1. BIT-1507

Intel framework does not match mail addresses properly

    Details

    • Type: Problem
    • Status: Closed
    • Priority: Low
    • Resolution: Merged
    • Affects Version/s: 2.4
    • Fix Version/s: 2.5
    • Component/s: Bro
    • Labels:
    • Environment:

      All

    • Sprint:

      Description

      Some time ago someone in #bro asked for matching mail addresses using the intel-framework. We realized, that the seen-script seems to contain a bug: Using

      split_string_n(mail_address, /<.+>/, T, 1)

      to extract a mail address misses the last character and does not respect the possibility of multiple addresses.

      I will add a pcap later.

        Attachments

          Activity

            People

            • Assignee:
              seth Seth Hall
              Reporter:
              JGras Jan Grashoefer
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: