[Bro-Dev] #897: File extraction oddities
Bro Tracker
bro at tracker.bro-ids.org
Fri Oct 12 07:23:51 PDT 2012
#897: File extraction oddities
------------------------+---------------------
Reporter: sconzo | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
The HTTP file extraction appears to not work correctly if files are also
MD5 sum'd. The filename gets written to disk but the file is empty.
However, other files that are not configured to be MD5'd get persisted to
disk correctly.
Example:
When,
redef HTTP::extract_file_types += /.*\/.*/;
is defined in a .bro script bro extracts all files, except for the windows
exes that were MD5'd
----
When,
redef HTTP::extract_file_types += /.*\/.*/;
redef HTTP::generate_md5 = /NO_FILE_TYPE_EVER/;
is defined in a .bro script bro extracts all files including windows exes,
but no files are MD5'd.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/897>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list