[Bro-Dev] SMTP Entities MD5 Hash Defaults
Seth Hall
seth at icir.org
Fri Jul 20 12:22:51 PDT 2012
On Jul 20, 2012, at 11:16 AM, Vlad Grigorescu wrote:
> Currently, SMTP entities will calculate MD5 hashes for the following
> filetypes by default: application/x-dosexec, application/x-executable
�
Would you be up for just writing a script that does it for now? Maybe also a script that checks SMTP hashes with the malware hash registry like we're doing for HTTP?
I'm not crazy about doing much work on the pre-2.2 because once the file analysis framework is integrated everything will be different and much better anyway.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list