I am trying to define a snort rule that will detect the word "spam" in the subject field of an email. So far I have tried
alert tcp any any -> any 25 (content:"Spam" nocase; msg:"Email traffic logged!";)
But this is not filtering out only the emails that I want. ANy help would be much appreciated. Thanks.
April 5, 2005 9:32 AM
April 5, 2005 1:54 PM