[Bro] file identification modification
erik clark
philosnef at gmail.com
Wed Oct 19 04:22:50 PDT 2016
Actually, I do not see file-ident.sig anywhere in the source tree, or my
deployment tree. Where is this kept? Thanks!
On Tue, Oct 18, 2016 at 3:16 PM, erik clark <philosnef at gmail.com> wrote:
> I see that:
>
> scripts/base/protocols/http/file-ident.sig
>
> lets me create magic byte signatures for filetypes I have an interest in.
> This seems to be specific to http.
>
> My problem is that I want to detect files sent via smtp. Right now,
> files.log does NOT have filenames for things I am sending as attachments,
> such as mytext.ext. When I send this as attachment, there is no filename
> *.ext... As such, I would like to attach this to the file analyzer so that
> I can get notices for files that have the magic byte headers I am concerned
> with. Is there an easy way to do this for smtp and ftp?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161019/bac2065f/attachment.html
More information about the Bro
mailing list