Improves shockwave flash file signatures.

- This moves the signatures out of the libmagic imported signatures and into our own general.sig. - Expand the detection to LZMA compressed flash files.
2025-10-16 21:48:21 +00:00 · 2014-10-06 11:13:13 -04:00 · 2014-10-06 11:13:13 -04:00 · 80656d5294
commit 80656d5294
parent b3ff415120
2 changed files with 5 additions and 13 deletions
--- a/scripts/base/frameworks/files/magic/general.sig
+++ b/scripts/base/frameworks/files/magic/general.sig
@ -9,3 +9,8 @@ signature file-tar {
    file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/
    file-mime "application/x-tar", 150
 }
+
+signature file-swf {
+	file-magic /(F|C|Z)WS/
+	file-mime "application/x-shockwave-flash", 60
+}
--- a/scripts/base/frameworks/files/magic/libmagic.sig
+++ b/scripts/base/frameworks/files/magic/libmagic.sig
@ -2769,19 +2769,6 @@ signature file-magic-auto408 {
 	file-magic /(.{512})(\xec\xa5\xc1)/
 }

-# >0  string,=FWS (len=3), ["Macromedia Flash data,"], swap_endian=0
-# >>3  byte&,x, ["version %d"], swap_endian=0
-signature file-magic-auto409 {
-	file-mime "application/x-shockwave-flash", 1
-	file-magic /(FWS)(.{1})/
-}
-
-# >0  string,=CWS (len=3), ["Macromedia Flash data (compressed),"], swap_endian=0
-signature file-magic-auto410 {
-	file-mime "application/x-shockwave-flash", 60
-	file-magic /(CWS)/
-}
-
 # >0  regex/20,=^\.[A-Za-z0-9][A-Za-z0-9][ \t] (len=29), ["troff or preprocessor input text"], swap_endian=0
 signature file-magic-auto411 {
 	file-mime "text/troff", 59