Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

GH-1589: Avoid extracting IP-like strings from SMTP headers

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-08-10 11:53:10 -07:00 committed by Tim Wojtulewicz
parent f8e87d3814
commit 569552b320
5 changed files with 43 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/smtp/main.zeek
View file

@ -109,7 +109,7 @@ event zeek_init() &priority=5
function find_address_in_smtp_header(header: string): string
{
local ips = extract_ip_addresses(header);
local ips = extract_ip_addresses(header, T);
# If there are more than one IP address found, return the second.
if ( |ips| > 1 )
return ips[1];