FileAnalysis: replace script-layer FTP file analysis.

The notable difference here is that ftp.log now logs by default the PORT, PASV, EPRT, EPSV commands as well as a separate line for ftp-data channels in which file extraction was requested. This difference isn't a direct result of now doing the file extraction through the file analysis framework, it's just because I noticed even the old way of tracking extracted-file name didn't work right and this was the way I came up with so that a locally extracted file can be associated with a data channel and then that data channel associated with a control channel.
2025-10-14 12:38:20 +00:00 · 2013-03-27 12:59:38 -05:00 · 2013-03-27 12:59:38 -05:00 · 7e895a3a2f
commit 7e895a3a2f
parent 621fe51c82
13 changed files with 227 additions and 67 deletions
--- a/scripts/base/protocols/smtp/entities.bro
+++ b/scripts/base/protocols/smtp/entities.bro
@ -43,9 +43,6 @@ export {
 	};

 	redef record State += {
-		## Store a count of the number of files that have been transferred in
-		## a conversation to create unique file names on disk.
-		num_extracted_files:  count   &default=0;
 		## Track the number of MIME encoded files transferred during a session.
 		mime_level:           count   &default=0;
 	};