THE SPLOIT DETAILS
======================
Before I begin, this vulnerability is not specific to Snort alone. There are many IDS systems that are still using fixed strings to identify "bad" traffic. However, many others are doing the right thing and are stripping out white spaces and backspaces *before* applying their rule set.

PLATFORM
=====================
RedHat 8.0 with all the latest patches
Snort 1.9.1

WHAT I DID
======================
Telnet to SMTP server and added one additional space to the MAIL FROM command. (I wont post the actual command as security pros here know exactly what commands I'm using).

WHAT SNORT DID
======================
When adding the extra white space, snort was more than happy to allow the traffic through. Now, I know that myself and others have reported this to the snort developers a *long* time ago but the fix would require a ton of development work.

Snort is a very good freeware tool but now that commercial IDS companies have started shipping whitespace and backspace aware IDS systems, I'd certainly invest a few bucks in one.

Hope this helps out!