Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

signatures: Move ISO 9660 signature to policy

Browse source 
The previous "fix" caused significant performance degradation without
the signature ever having a chance to trigger. Moving it to policy
seems the best compromise, the alternative being outright removing it.
This commit is contained in:
Arne Welzel 2024-02-26 13:32:27 +01:00
parent f96600391a
commit 1a5ce65e3d
6 changed files with 28 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

15
scripts/base/frameworks/files/magic/general.sig
View file

@ -296,18 +296,3 @@ signature file-windows-minidump {
file-mime "application/x-windows-minidump", 50
file-magic /^MDMP/
}
# ISO 9660 disk image: First 16 sectors (2k) are arbitrary data.
# The following sector is a volume descriptor with magic string "CD001"
# at offset 1: 16 * 2048 + 1 = 32769
signature file-iso9660 {
file-mime "application/x-iso9660-image", 99
file-magic /^.{32769}CD001/
}
# ISO 9660 disk image, magic string match in next volume descriptor.
# 17 * 2048 + 1 = 34817
signature file-iso9660-2 {
file-mime "application/x-iso9660-image", 99
file-magic /^.{34817}CD001/
}