[Bro-Dev] [JIRA] (BIT-1143) Investigate replacing libmagic w/ signatures for file identificaiton
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Wed Feb 19 10:59:37 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15567#comment-15567 ]
Seth Hall commented on BIT-1143:
--------------------------------
I actually don't like that the verbose descriptions are in there and we don't really use them anyway. The fact that it's handwritten bytestream parsing code written in C that isn't code we even wrote bothers me a quite a bit actually.
I'm fine getting rid of it from the file analyzer and I don't think anyone would even notice.
> Investigate replacing libmagic w/ signatures for file identificaiton
> --------------------------------------------------------------------
>
> Key: BIT-1143
> URL: https://bro-tracker.atlassian.net/browse/BIT-1143
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
> Assignee: Jon Siwek
> Fix For: 2.3
>
>
> I think it makes sense to try to make the switch from libmagic to using Bro's own signature engine for file identification before the next release. Don't want people getting used to magic file format for their own custom file identification rules.
--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)
More information about the bro-dev
mailing list