[Bro] File Extraction Question
Seth Hall
seth at icir.org
Fri Oct 12 06:40:47 PDT 2012
On Oct 11, 2012, at 11:47 PM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> redef HTTP::extract_file_types += /.*\/.*/;
>
> Extracts all files, except for the windows exes that were MD5'd
Weird, this doesn't make any sense. I've always felt a bit uncomfortable with the structure of the scripts that implement that functionality, but I never would have foreseen a problem like this.
Could you file this as a ticket in our tracker? http://tracker.bro-ids.org/
Thanks!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list