Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
907
Using Application Layer Preprocessors
Decoding IMAP Traffic
Chapter 23
Selecting IMAP Preprocessor Options
L
ICENSE
: Protection
The following list describes the IMAP preprocessor options you can modify.
Note that decoding, or extraction when the MIME email attachment does not
Note that decoding, or extraction when the MIME email attachment does not
require decoding, includes multiple attachments when present, and large
attachments that span multiple packets.
Note also that when the values for the Base64 Decoding Depth, 7-Bit/8-Bit/Binary
Note also that when the values for the Base64 Decoding Depth, 7-Bit/8-Bit/Binary
Decoding Depth, Quoted-Printable Decoding Depth, or Unix-to-Unix Decoding Depth
options are different in an intrusion policy associated with the default action of an
access control policy and intrusion policies associated with access control rules,
the highest value is used. See
on page 465, and
on page 556 for more
information.
If no preprocessor rule is mentioned, the option is not associated with a
If no preprocessor rule is mentioned, the option is not associated with a
preprocessor rule.
Ports
Specifies the ports to inspect for IMAP traffic. You can specify an integer
from 0 to 65535. Separate multiple port numbers with commas.
IMPORTANT!
Any port you add to the IMAP port list should also be added to
the TCP client reassembly list for each TCP policy. For information on
configuring TCP reassembly ports, see
Base64 Decoding Depth
Specifies the maximum number of bytes to extract and decode from each
Base64 encoded MIME email attachment. You can specify from 1 to 65535
bytes, or specify 0 to decode all the Base64 data. Specify -1 to ignore Base64
data.
Note that positive values not divisible by 4 are rounded up to the next multiple
Note that positive values not divisible by 4 are rounded up to the next multiple
of 4 except for the values 65533, 65534, and 65535, which are rounded down
to 65532.
When Base64 decoding is enabled, you can enable rule 141:4 to generate an
When Base64 decoding is enabled, you can enable rule 141:4 to generate an
event when decoding fails; decoding could fail, for example, because of
incorrect encoding or corrupted data.