[
https://bro-tracker.atlassian.net/browse/BIT-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19980#comment-19980
]
Jon Siwek commented on BIT-849:
-------------------------------
To me, it seems like these reporter warnings should just be made weirds instead.
> SMTP analyzer and reporter warnings
> -----------------------------------
>
> Key: BIT-849
> URL: https://bro-tracker.atlassian.net/browse/BIT-849
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Seth Hall
> Assignee: Jon Siwek
> Labels: analyzer
> Fix For: 2.4
>
>
> There are some warnings in the SMTP analyzer (ultimately from using the MIME
> analyzer) that go to reporter but they are wildly unhelpful in reporter.log.
> Here's an example line from reporter.log:
> {noformat}
> 1342043855.564338 Reporter::WARNING nested mail transaction (empty)
> -
> {noformat}
> Doing protocol violations on the smtp analyzer wouldn't quite be the right
> thing either because the dpd framework might remove the smtp analyzer from
> the connection. Part of the problem may stem from the fact that MIME
> analyzer isn't a true analyzer (doesn't descend from Analyzer). There is
> some obvious analyzer restructuring that needs to happen here but that can
> wait for the larger analyzer work that is coming up.
> Does anyone have thoughts about what we could do with this message now to
> make it more useful?
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
