FileAnalysis: add custom libmagic database.

- It's derived from the magic database of libmagic 5.14, but with most everything not related to mime types removed. - The custom database is always used by default for mime detection, but the more verbose file type detection will fall back on the default libmagic installation's database. The result is: mime type strings are now guaranteed to be consistent across platforms, but the verbose file type descriptions are not. - The custom database gets installed in $prefix/share/bro/magic, and should even be extensible if files with new patterns are added inside the directory. - The search path for the mime magic database can be controlled via BROMAGIC environment variable. - Remove mime_desc field from ftp.log. - Stop using the mime/file type canonifier with unit tests. - libmagic >= 5.04 is now a requirement.
2025-10-15 13:08:20 +00:00 · 2013-04-12 11:58:19 -05:00 · 2013-04-12 11:58:19 -05:00 · 037d582b0e
commit 037d582b0e
parent b8c98b8bf7
106 changed files with 2951 additions and 174 deletions
--- a/magic/database
+++ b/magic/database
@ -0,0 +1,47 @@
+# See COPYING file in this directory for original libmagic copyright.
+#------------------------------------------------------------------------------
+# $File: database,v 1.32 2013/02/06 14:18:52 christos Exp $
+# database:  file(1) magic for various databases
+#
+# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
+#
+#
+# GDBM magic numbers
+#  Will be maintained as part of the GDBM distribution in the future.
+#  <downsj@teeny.org>
+0	belong	0x13579ace	GNU dbm 1.x or ndbm database, big endian
+!:mime	application/x-gdbm
+0	lelong	0x13579ace	GNU dbm 1.x or ndbm database, little endian
+!:mime	application/x-gdbm
+0	string	GDBM		GNU dbm 2.x database
+!:mime	application/x-gdbm
+#
+# Berkeley DB
+#
+# Ian Darwin's file /etc/magic files: big/little-endian version.
+#
+# Hash 1.85/1.86 databases store metadata in network byte order.
+# Btree 1.85/1.86 databases store the metadata in host byte order.
+# Hash and Btree 2.X and later databases store the metadata in host byte order.
+
+0	long	0x00061561	Berkeley DB
+!:mime	application/x-dbm
+
+# MS Access database
+4	string	Standard\ Jet\ DB	Microsoft Access Database
+!:mime	application/x-msaccess
+4	string	Standard\ ACE\ DB	Microsoft Access Database
+!:mime	application/x-msaccess
+
+# Tokyo Cabinet magic data
+# http://tokyocabinet.sourceforge.net/index.html
+0	string		ToKyO\ CaBiNeT\n	Tokyo Cabinet
+>14	string		x			\b (%s)
+>32	byte		0			\b, Hash
+!:mime	application/x-tokyocabinet-hash
+>32	byte		1			\b, B+ tree
+!:mime	application/x-tokyocabinet-btree
+>32	byte		2			\b, Fixed-length
+!:mime	application/x-tokyocabinet-fixed
+>32	byte		3			\b, Table
+!:mime	application/x-tokyocabinet-table