Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

More file analysis updates.

Browse source 
- Recorrected the module name to Files.

  - Added Files::analyzer_name to get a more readable name for a
    file analyzer.

  - Improved and just overall better handled multipart mime
    transfers in HTTP and SMTP.  HTTP now has orig_fuids and resp_fuids
    log fields since multiple "files" can be transferred with
    multipart mime in a single request/response pair.  SMTP has
    an fuids field which has file unique IDs for all parts
    transferred. FTP and IRC have a log field named fuid added
    because only a single file can be transferred per irc and ftp
    log line.
This commit is contained in:
Seth Hall 2013-07-09 11:50:54 -04:00
parent 58d133e764
commit cdf6b7864e
18 changed files with 257 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/file_analysis/file_analysis.bif
View file

@ -42,6 +42,12 @@ function Files::__stop%(file_id: string%): bool
return new Val(result, TYPE_BOOL);
%}
## :bro:see:`Files::analyzer_name`.
function Files::__analyzer_name%(tag: Files::Tag%) : string
%{
return new StringVal(file_mgr->GetAnalyzerName(tag->InternalInt()));
%}
module GLOBAL;
## For use within a :bro:see:`get_file_handle` handler to set a unique