Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: integrate w/ SMTP analyzer.

Browse source 
More generally w/ MIME_Mail messages, which POP3 analyzer also uses.
This commit is contained in:
Jon Siwek 2013-03-18 11:30:59 -05:00
parent 31590fbb9b
commit 550c3c477d
3 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/smtp/__load__.bro
View file

@ -1,3 +1,4 @@
@load ./main
@load ./entities
@load ./entities-excerpt
@load ./entities-excerpt
@load ./file-analysis

18
scripts/base/protocols/smtp/file-analysis.bro Normal file
View file

@ -0,0 +1,18 @@
@load ./main
@load ./entities
@load base/utils/conn-ids
@load base/frameworks/file-analysis/main
module SMTP;
function get_file_handle(c: connection, is_orig: bool): string
{
if ( ! c?$smtp ) return "";
return fmt("%s smtp(%s, %s)", c$start_time, c$smtp$trans_depth,
c$smtp_state$mime_level);
}
redef FileAnalysis::handle_callbacks += {
[ANALYZER_SMTP] = get_file_handle,
};