Cisco Cisco FirePOWER Appliance 8390
25-54
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding IMAP Traffic
Quoted-Printable Decoding Depth
Specifies the maximum number of bytes to extract and decode from each quoted-printable (QP)
encoded MIME email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all
QP encoded data in the packet. Specify -1 to ignore QP encoded data.
encoded MIME email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all
QP encoded data in the packet. Specify -1 to ignore QP encoded data.
When quoted-printable decoding is enabled, you can enable rule 141:6 to generate an event when
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
Unix-to-Unix Decoding Depth
Specifies the maximum number of bytes to extract and decode from each Unix-to-Unix encoded
(uuencoded) email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all
uuencoded data in the packet. Specify -1 to ignore uuencoded data.
(uuencoded) email attachment. You can specify from 1 to 65535 bytes, or specify 0 to decode all
uuencoded data in the packet. Specify -1 to ignore uuencoded data.
When Unix-to-Unix decoding is enabled, you can enable rule 141:7 to generate an event when
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
decoding fails; decoding could fail, for example, because of incorrect encoding or corrupted data.
Configuring the IMAP Preprocessor
License:
Protection
Use the following procedure to configure the IMAP preprocessor. For additional information on IMAP
preprocessor configuration options, see
preprocessor configuration options, see
.
To configure the IMAP preprocessor:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
IMAP Configuration
under Application Layer Preprocessors
is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The IMAP Configuration page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See
policy layer that contains the configuration. See
for more
information.
Step 5
Specify the
Ports
where IMAP traffic should be decoded. Separate multiple port numbers with commas.