[Bro] file identification modification
erik clark
philosnef at gmail.com
Fri Oct 21 06:03:20 PDT 2016
Hmm. So I modified the msoffice.sig with this
/\x21\x42\x44\x4E/
but the sig doesnt fire. However when I do
/!BDN/
it does. What gives? :) Also, whats the number after the mimetype
association mean? My mimetype is
application/outlook, 5
Thanks!
On Thu, Oct 20, 2016 at 10:13 AM, Seth Hall <seth at icir.org> wrote:
>
> > On Oct 19, 2016, at 7:22 AM, erik clark <philosnef at gmail.com> wrote:
> >
> > Actually, I do not see file-ident.sig anywhere in the source tree, or my
> deployment tree. Where is this kept? Thanks!
>
> This was broken out a couple of releases ago. There are a bunch of file
> signature files in base/frameworks/files/magic/
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161021/9e4ad9b0/attachment.html
More information about the Bro
mailing list