[Bro-Dev] [JIRA] (BIT-1143) Investigate replacing libmagic w/ signatures for file identificaiton

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Mon Mar 24 08:47:39 PDT 2014

    [ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15900#comment-15900 ] 

Jon Siwek commented on BIT-1143:

Seth do you have any feedback in these areas:

* Notice anything missing from script-layer support of file-type detection?  The only difference should be all matches are available instead of just one, so I don't expect any issue, but asking just in case.
* Notice any problems with the file-magic signature grammar?
* Are the default set of file-magic rules adequate or is there something that definitely needs work before merging (opposed to making iterative improvements later on) ?

If no problems, I'll set this to a merge request.

> Investigate replacing libmagic w/ signatures for file identificaiton
> --------------------------------------------------------------------
>                 Key: BIT-1143
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1143
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Jon Siwek
>            Assignee: Seth Hall
>             Fix For: 2.3
> I think it makes sense to try to make the switch from libmagic to using Bro's own signature engine for file identification before the next release.  Don't want people getting used to magic file format for their own custom file identification rules.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list