[Bro-Dev] SMTP Entities MD5 Hash Defaults

Seth Hall seth at icir.org
Fri Jul 20 12:22:51 PDT 2012

On Jul 20, 2012, at 11:16 AM, Vlad Grigorescu wrote:

> Currently, SMTP entities will calculate MD5 hashes for the following
> filetypes by default: application/x-dosexec, application/x-executable

Would you be up for just writing a script that does it for now?  Maybe also a script that checks SMTP hashes with the malware hash registry like we're doing for HTTP?

I'm not crazy about doing much work on the pre-2.2 because once the file analysis framework is integrated everything will be different and much better anyway.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list