Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
3
Replies

SERVICE.SMTP Match/Trigger

g.schaarup
Level 1
Level 1

‎04-11-2005 02:54 PM - edited ‎03-10-2019 01:23 AM

If I setup a customer signature by using SERVICE.SMTP and only change the:

RegexString to f.ex.:

tst.tester@testing.com

and StateName to the value:

Mailheader

I dont see any events (the signature is enabled, and a test with the STRING.TCP works fine).

How do a configure the SERVICE.SMTP to trigger when it sees a mailheader containing tst.tester@testing.com ??

Thanks

Sensor:

OS Version 2.4.18-5smpbigphysx

Platform: IDS-4235

IDS-sig-4.1-4-S155

IDSMC:

CiscoWorks Common Services with SP2 2.2

IDS Management Center 2.0

Security Monitor 2.0

Labels:
0 Helpful
3 Replies 3

mcerha
Level 3
Level 3

‎04-12-2005 01:10 AM

There is a known bug in the SERVICE.SMTP engine with the handling of regexes. Unfortunately, I cannot find the specific DDTS Id for the issue. Under 4.x, it is currently not possible to add new signatures to this engine. You will have to use STRING.TCP engine as you noted. This issue has been resolved in the 5.0 version of the sensor.

0 Helpful

g.schaarup
Level 1
Level 1
In response to mcerha

‎04-12-2005 05:00 AM

Could the known bug be CSCee24687 ?

"Cannot store more signatures in the SMTP engine. Custom Sig fails."

Will this bug be solved in future release for version 4.0 ?

0 Helpful

mcerha
Level 3
Level 3
In response to g.schaarup

‎04-12-2005 05:21 AM

That looks like the bug indeed. I don't have any idea if this bug is scheduled to be fixed in 4.x though as no firm commitment on the next 4.x service pack has been made to my knowledge.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card