Cisco Cisco Firepower Management Center 4000

Page of 1844
 
25-54
FireSIGHT System User Guide
 
Chapter 25      Using Application Layer Preprocessors 
  Decoding IMAP Traffic
Quoted-Printable Decoding Depth
Specifies the maximum number of bytes to extract and decode from each quoted-printable (QP) 
encoded MIME email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all 
QP encoded data in the packet. Specify -1 to ignore QP encoded data.
When quoted-printable decoding is enabled, you can enable rule 141:6 to generate an event when 
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
Unix-to-Unix Decoding Depth
Specifies the maximum number of bytes to extract and decode from each Unix-to-Unix encoded 
(uuencoded) email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all 
uuencoded data in the packet. Specify -1 to ignore uuencoded data.
When Unix-to-Unix decoding is enabled, you can enable rule 141:7 to generate an event when 
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
Configuring the IMAP Preprocessor
License: 
Protection
Use the following procedure to configure the IMAP preprocessor. For additional information on IMAP 
preprocessor configuration options, see 
To configure the IMAP preprocessor:
Access: 
Admin/Intrusion Admin
Step 1
Select 
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click 
OK
 to discard those changes and continue. See 
 for information on saving unsaved changes in another 
policy.
The Policy Information page appears.
Step 3
Click 
Advanced Settings
 in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether 
IMAP Configuration
 under Application Layer Preprocessors 
is enabled:
  •
If the configuration is enabled, click 
Edit
.
  •
If the configuration is disabled, click 
Enabled
, then click 
Edit
.
The IMAP Configuration page appears. A message at the bottom of the page identifies the intrusion 
policy layer that contains the configuration. See 
 for more 
information.
Step 5
Specify the 
Ports
 where IMAP traffic should be decoded. Separate multiple port numbers with commas.