[Bro] http-ext-identified-files

Aashish Sharma init.conf at gmail.com
Wed May 11 10:00:56 PDT 2011


>
> Hello:
>
> HTTP_WatchedMIMEType is declared in
> bro/share/bro/http-identified-files.bro.
>
> I think you can make the code work by doing the following changes in the
> http-ext-identified-files.bro
>
> 1) Load http-identified-files
> 2) change "const" to "redef" for the following variables:
> watched_mime_types, ignored_urls, mime_types_extensions, ignored_signatures
> 3) Comment out declaration of HTTP_IncorrectFileType from
> http-ext-identified-files.bro
>
>
> + @load http-identified-files
>
> -       redef enum Notice += {
> -               # This notice is thrown when the file extension doesn't
> -               # seem to match the file contents.
> -               HTTP_IncorrectFileType,
> -       };
>
> -       const watched_mime_types = /application\/x-dosexec/
> +       redef watched_mime_types = /application\/x-dosexec/
>
>
> -       const ignored_urls =
> /^http:\/\/(au\.|www\.)?download\.windowsupdate\.com\/msdownload\/update/
> &redef;
> +       redef ignored_urls =
> /^http:\/\/(au\.|www\.)?download\.windowsupdate\.com\/msdownload\/update/ ;
>
>
> -       redef mime_types_extensions: table[string] of pattern = {
> +       const mime_types_extensions: table[string] of pattern = {
>
>
> - const ignored_signatures += /^matchfile-/ &redef;
> + redef ignored_signatures += /^matchfile-/;
>
> Aashish
>
> On May 11, 2011, at 6:18 AM, Seth Hall wrote:
>
> > Sorry for not reply earlier.  I started a response to your email and
> never finished it. :)
> >
> > On Apr 1, 2011, at 2:20 PM, Will wrote:
> >
> >> 1. The old way of flagging via 'HTTP_WatchedMIMEType' appears to have
> gone away
> >
> > Hm, I wonder why I removed that?  There will be a solution for this
> problem in the next release.
> >
> > Did you end up figuring out what was wrong with this?
> >
> >  .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro-ids.org/
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110511/f7ddd9b9/attachment.html 


More information about the Bro mailing list