[Bro-Dev] [JIRA] (BIT-1143) Investigate replacing libmagic w/ signatures for file identificaiton
liamrandall (JIRA)
jira at bro-tracker.atlassian.net
Thu Feb 20 11:59:38 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15571#comment-15571 ]
liamrandall commented on BIT-1143:
----------------------------------
There is a really long tail of traffic here on normal networks; especially w/ new analyzers coming online. I can not speak to the accuracy of the detection of some of the more obscure types, but I can pretty easily test by doing live extractions on some production networks.
> Investigate replacing libmagic w/ signatures for file identificaiton
> --------------------------------------------------------------------
>
> Key: BIT-1143
> URL: https://bro-tracker.atlassian.net/browse/BIT-1143
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
> Assignee: Jon Siwek
> Fix For: 2.3
>
>
> I think it makes sense to try to make the switch from libmagic to using Bro's own signature engine for file identification before the next release. Don't want people getting used to magic file format for their own custom file identification rules.
--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)
More information about the bro-dev
mailing list