diff --git a/scripts/base/frameworks/files/magic/general.sig b/scripts/base/frameworks/files/magic/general.sig
index f0e41018f6..c9a3df1f60 100644
--- a/scripts/base/frameworks/files/magic/general.sig
+++ b/scripts/base/frameworks/files/magic/general.sig
@@ -297,8 +297,17 @@ signature file-windows-minidump {
     file-magic /^MDMP/
 }
 
-# ISO 9660 disk image
+# ISO 9660 disk image: First 16 sectors (2k) are arbitrary data.
+# The following sector is a volume descriptor with magic string "CD001"
+# at offset 1: 16 * 2048  + 1 = 32769
 signature file-iso9660 {
         file-mime "application/x-iso9660-image", 99
-        file-magic /CD001/
+        file-magic /^.{32769}CD001/
+}
+
+# ISO 9660 disk image, magic string match in next volume descriptor.
+# 17 * 2048  + 1 = 34817
+signature file-iso9660-2 {
+        file-mime "application/x-iso9660-image", 99
+        file-magic /^.{34817}CD001/
 }
diff --git a/testing/btest/Baseline/scripts.base.files.mime.iso-9660/files.log.cut b/testing/btest/Baseline/scripts.base.files.mime.iso-9660/files.log.cut
new file mode 100644
index 0000000000..62fb889149
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.files.mime.iso-9660/files.log.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+fuid	source	mime_type	filename
+FbxMVx2s9vO46GnVh2	HTTP	application/x-iso9660-image	myiso.iso
diff --git a/testing/btest/Traces/http/iso-download.pcap.gz b/testing/btest/Traces/http/iso-download.pcap.gz
new file mode 100644
index 0000000000..69f6494614
Binary files /dev/null and b/testing/btest/Traces/http/iso-download.pcap.gz differ
diff --git a/testing/btest/scripts/base/files/mime/iso-9660.zeek b/testing/btest/scripts/base/files/mime/iso-9660.zeek
new file mode 100644
index 0000000000..2d047f0364
--- /dev/null
+++ b/testing/btest/scripts/base/files/mime/iso-9660.zeek
@@ -0,0 +1,16 @@
+# @TEST-DOC: Test ISO 9660 mime detection works with increased default_file_bof_buffer_size.
+#
+# @TEST-EXEC: zcat <$TRACES/http/iso-download.pcap.gz | zeek -b -r - %INPUT
+# @TEST-EXEC: zeek-cut -m fuid source mime_type filename < files.log > files.log.cut
+# @TEST-EXEC: btest-diff files.log.cut
+
+@load base/protocols/http
+@load base/frameworks/files
+
+redef default_file_bof_buffer_size = 40000;
+
+event file_over_new_connection(f: fa_file, c: connection, is_orig: bool)
+	{
+	if ( f$source == "HTTP" )
+		f$info$filename = split_string(c$http$uri, /\//)[-1];
+	}