SMTP - PARSE_ERROR (File extraction bypass)

Hello team,

it looks like that suricata is unable to successfully parse emails using the encoding trick from the following site:

and therefore bypassing the file extraction feature.

email.status: PARSE_ERROR

I can’t share a corresponding pcap but you can reproduce it with the link above.

I’m running on suricata 6.0.8.

Thanks in advance,

Thank you for your report.
I think for any further analysis, we’ll need a pcap. If you cannot share the pcap publicly, you can share it with us on a private channel (email to: or if not the same pcap some other one that behaves the same way?
Thanks a lot! Sorry for the trouble.