[Bro] About bro signature reg exp

[Marchisio Claudio]

I’m studying about bro-script and bro-signature

In my signature file

-------------------------------------------------
signature protosig_malware {
    ip-proto == tcp
    payload /(?m)^Cache?m/
    tcp-state originator, responder 
    eval ProtoSig::match
}
-------------------------------------------------

But signature payload not support pcre ( I know that bro using flex-reg exp)
So I want to use multiline search in bro-signature like pcre 
How to available this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180801/f5ebeea5/attachment.html