Snort 2.9.1 improves protocol handling
The improved SIP preprocessor can identify call channels and detect anomalies in SIP communications. The POP3 and IMAP preprocessors are able to decode email attachments in Base64, Quoted Printable and uuencoded formats and the SMTP preprocessor is now able to handle the latter two formats. An experimental IP Reputation preprocessor allows Snort to blacklist or whitelist packets based on their IP address.
The link for this article located at H Security is no longer available.