[Bro] file identification modification
erik clark
philosnef at gmail.com
Fri Oct 21 06:04:13 PDT 2016
Sorry, thats /^... and /^!...
On Fri, Oct 21, 2016 at 9:03 AM, erik clark <philosnef at gmail.com> wrote:
> Hmm. So I modified the msoffice.sig with this
>
> /\x21\x42\x44\x4E/
>
> but the sig doesnt fire. However when I do
>
> /!BDN/
>
> it does. What gives? :) Also, whats the number after the mimetype
> association mean? My mimetype is
>
> application/outlook, 5
>
> Thanks!
>
> On Thu, Oct 20, 2016 at 10:13 AM, Seth Hall <seth at icir.org> wrote:
>
>>
>> > On Oct 19, 2016, at 7:22 AM, erik clark <philosnef at gmail.com> wrote:
>> >
>> > Actually, I do not see file-ident.sig anywhere in the source tree, or
>> my deployment tree. Where is this kept? Thanks!
>>
>> This was broken out a couple of releases ago. There are a bunch of file
>> signature files in base/frameworks/files/magic/
>>
>> .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161021/28712899/attachment.html
More information about the Bro
mailing list