[Bro-Dev] [JIRA] (BIT-1143) Investigate replacing libmagic w/ signatures for file identificaiton
Bernhard Amann (JIRA)
jira at bro-tracker.atlassian.net
Thu Feb 20 11:07:38 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15570#comment-15570 ]
Bernhard Amann commented on BIT-1143:
-------------------------------------
Just to chime in - in my experience, the more obscure mime types in libmagic are not always that helpful. Everytime I have gotten a really obscure result, it has been a misidentification...
> Investigate replacing libmagic w/ signatures for file identificaiton
> --------------------------------------------------------------------
>
> Key: BIT-1143
> URL: https://bro-tracker.atlassian.net/browse/BIT-1143
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
> Assignee: Jon Siwek
> Fix For: 2.3
>
>
> I think it makes sense to try to make the switch from libmagic to using Bro's own signature engine for file identification before the next release. Don't want people getting used to magic file format for their own custom file identification rules.
--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)
More information about the bro-dev
mailing list