[Bro] File Extraction Question

Seth Hall seth at icir.org
Fri Oct 12 06:40:47 PDT 2012

On Oct 11, 2012, at 11:47 PM, Mike Sconzo <sconzo at visiblerisk.com> wrote:

> redef HTTP::extract_file_types += /.*\/.*/;
> Extracts all files, except for the windows exes that were MD5'd

Weird, this doesn't make any sense.  I've always felt a bit uncomfortable with the structure of the scripts that implement that functionality, but I never would have foreseen a problem like this.  

Could you file this as a ticket in our tracker?  http://tracker.bro-ids.org/


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list