IMAP Inspector Overview
Type |
Inspector (service) |
Usage |
Inspect |
Instance Type |
Multiton |
Other Inspectors Required |
|
Enabled |
|
Internet Message Application Protocol (IMAP) enables email clients to retrieve messages from a remote IMAP3 server. An IMAP3 server uses TCP port 143 for insecure sessions or TCP port 993 for IMAP over SSL/TLS.
The imap
inspector detects IMAP traffic and analyzes IMAP commands and responses.
The imap
inspector can identify the command, header, and body sections of IMAP messages,
and extract and decode multi-purpose internet mail extensions (MIME) attachments.
MIME attachments may include multiple attachments and large attachments that span multiple packets.
The imap
inspector identifies and adds IMAP traffic to the Snort allow list.
When enabled, intrusion rules generate events on anomalous IMAP traffic.