[Bro] File Extraction Question

Mike Sconzo sconzo at visiblerisk.com
Thu Oct 11 17:38:56 PDT 2012


Played with it a bit more and

redef HTTP::generate_md5 = /NO_FILE_TYPE_EVER/;

added to a .bro file fixes the problem. I no longer get md5 sums, but
all executables are successfully extracted into the extraction
directory.

Is this anticipated behavior? Or should I get my cake and eat it too? :)

Thanks again.

On Thu, Oct 11, 2012 at 4:57 PM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> Good catch, copy-paste from another script. Made the change, still no dice.
>
> On Thu, Oct 11, 2012 at 4:23 PM, Vlad Grigorescu <vladg at cmu.edu> wrote:
>> Might be nothing, but having the extra &redef at the end seems strange to me.
>>
>>   --Vlad
>>
>> On Oct 11, 2012, at 5:10 PM, Mike Sconzo <sconzo at visiblerisk.com>
>>  wrote:
>>
>>>  redef HTTP::extract_file_types = /application\/x-dosexec/ &redef;
>>
>
>
>
> --
> cat ~/.bash_history > documentation.txt



-- 
cat ~/.bash_history > documentation.txt



More information about the Bro mailing list