[Bro-Dev] [JIRA] (BIT-1143) Investigate replacing libmagic w/ signatures for file identificaiton

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Thu Mar 6 12:51:18 PST 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15707#comment-15707 ] 

Jon Siwek commented on BIT-1143:
--------------------------------

I also forgot to mention another improvement of the signature approach over libmagic is that a file is no longer limited to matching a single MIME type.  One can now programmatically get at the full list of signature matches along with a value indicating the "strength" of the match.

> Investigate replacing libmagic w/ signatures for file identificaiton
> --------------------------------------------------------------------
>
>                 Key: BIT-1143
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1143
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Jon Siwek
>            Assignee: Jon Siwek
>             Fix For: 2.3
>
>
> I think it makes sense to try to make the switch from libmagic to using Bro's own signature engine for file identification before the next release.  Don't want people getting used to magic file format for their own custom file identification rules.



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list