[Bro] file identification modification
philosnef at gmail.com
Tue Oct 18 12:16:47 PDT 2016
I see that:
lets me create magic byte signatures for filetypes I have an interest in.
This seems to be specific to http.
My problem is that I want to detect files sent via smtp. Right now,
files.log does NOT have filenames for things I am sending as attachments,
such as mytext.ext. When I send this as attachment, there is no filename
*.ext... As such, I would like to attach this to the file analyzer so that
I can get notices for files that have the magic byte headers I am concerned
with. Is there an easy way to do this for smtp and ftp?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro