Some changes to fix PE analyzer on master.

scripts/base/files/pe/main.bro

@@ -82,9 +82,9 @@ event file_state_remove(f: fa_file)
 		Log::write(LOG, f$pe);
 	}
 
-event file_new(f: fa_file)
+event file_mime_type(f: fa_file, mime_type: string)
 	{
-	if ( f?$mime_type && f$mime_type == /application\/x-dosexec.*/ ) 
+	if ( mime_type == /application\/x-dosexec.*/ ) 
 		{
 		Files::add_analyzer(f, Files::ANALYZER_PE);
 		}

src/file_analysis/analyzer/pe/Plugin.cc

@@ -1,29 +1,24 @@
+// See the file  in the main distribution directory for copyright.
+
 #include "plugin/Plugin.h"
-#include "file_analysis/Component.h"
 
 #include "PE.h"
 
-namespace plugin { namespace Bro_PE {
+namespace plugin {
+namespace Bro_PE {
 
 class Plugin : public plugin::Plugin {
-protected:
-	void InitPreScript()
+public:
+	plugin::Configuration Configure()
 		{
-		SetName("Bro::PE");
-		SetVersion(-1);
-		SetAPIVersion(BRO_PLUGIN_API_VERSION);
-		SetDynamicPlugin(false);
+		AddComponent(new ::file_analysis::Component("PE", ::file_analysis::PE::Instantiate));
 
-		SetDescription("Portable Executable analyzer");
-
-		AddComponent(new ::file_analysis::Component("PE",
-		        ::file_analysis::PE::Instantiate));
-
-		extern std::list<std::pair<const char*, int> > __bif_events_init();
-		AddBifInitFunction(&__bif_events_init);
+		plugin::Configuration config;
+		config.name = "Bro::PE";
+		config.description = "Portable Executable analyzer";
+		return config;
 		}
-};
+} plugin;
 
-Plugin __plugin;
-
-} }
+}
+}

src/types.bif

@@ -168,22 +168,6 @@ type PE::FileHeader: record;
 type PE::OptionalHeader: record;
 type PE::SectionHeader: record;
 
-module Log;
-
-enum Writer %{
-	WRITER_DEFAULT,
-	WRITER_NONE,
-	WRITER_ASCII,
-	WRITER_DATASERIES,
-	WRITER_SQLITE,
-	WRITER_ELASTICSEARCH,
-%}
-
-enum ID %{
-	Unknown,
-%}
-
-
 module Tunnel;
 enum Type %{
 	NONE,