Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
909
Using Application Layer Preprocessors
Decoding IMAP Traffic
Chapter 23
3. Click Advanced Settings in the navigation panel on the left.
The Advanced Settings page appears.
4. You have two choices, depending on whether IMAP Configuration under
Application Layer Preprocessors is enabled:
•
If the configuration is enabled, click Edit.
•
If the configuration is disabled, click Enabled, then click Edit.
The IMAP Configuration page appears.
A message at the bottom of the page identifies the intrusion policy layer that
page 818 for more information.
5. Specify the Ports where IMAP traffic should be decoded. Separate multiple
port numbers with commas.
IMPORTANT!
Any port you add to the IMAP port list should also be added to
the TCP client reassembly list for each TCP policy. For information on
configuring TCP reassembly ports, see
6. Specify the maximum bytes of data to extract and decode from any
combination of the following email attachment types:
•
Base64 Decoding Depth
•
7-Bit/8-Bit/Binary Decoding Depth (includes various multipart content
types such as plain text, jpeg images, mp3 files, and so on)
•
Quoted-Printable Decoding Depth
•
Unix-to-Unix Decoding Depth
For each type, you can specify from 1 to 65535 bytes, or specify 0 to extract
and, when necessary, decode all data in the packet. Specify -1 to ignore data
for an attachment type.
You can use the
You can use the
file_data
rule keyword in intrusion rules to inspect the
attachment data. See
more information.