[Bro-Dev] [JIRA] (BIT-1051) smtp-url-extraction.bro misses/truncates urls between data chunks

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Thu Nov 7 07:30:31 PST 2013


     [ https://bro-tracker.atlassian.net/browse/BIT-1051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1051:
---------------------------

    Resolution: Won't Fix
        Status: Closed  (was: Open)

We aren't going to "fix" the current functionality, but we will be replacing it with a better mechanism.

> smtp-url-extraction.bro misses/truncates urls between data chunks
> -----------------------------------------------------------------
>
>                 Key: BIT-1051
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1051
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Brian Little
>            Priority: Low
>
> Files::add_analyzer(f, Files::ANALYZER_DATA_EVENT, [$stream_event=intel_mime_data]);
> event intel_mime_data(f: fa_file, data: string) {}
> I think the file analysis framework sends the data through to the intel_mime_data event in sections (appears that way from adding print debugging). The cutting point between the data sections can fall in the middle of an url, causing the regex to miss the url, or truncate it.
> What would be the recommended way around for this? (and other usage of file analysis framework)



--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)


More information about the bro-dev mailing list