test-all-policy: Do not load iso-9660.zeek

Changing the default_file_bof_buffer_size has subtle impact on MIME type detection and changed the zeek-testing baseline. Do not load this new script via test-all-policy to avoid this. The new test was mainly an aid to understand what is actually going on. In short, if default_file_bof_buffer_size is larger than the file MIME detection only runs when the buffer is full, or when the file is removed. When a file transfer happens over multiple HTTP connections, only some or one of the http.log entries will have a proper response MIME type. PCAP extracted from 2009-M57-day11-18.trace.gz.
2025-10-02 06:38:20 +00:00 · 2024-02-26 16:35:34 +01:00 · 2024-02-26 16:35:34 +01:00 · e11c20e1eb
commit e11c20e1eb
parent 1a5ce65e3d
6 changed files with 38 additions and 1 deletions
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@ -72,7 +72,7 @@
@load frameworks/notice/extend-email/hostnames.zeek
@load files/x509/disable-certificate-events-known-certs.zeek
@load frameworks/packet-filter/shunt.zeek
-@load frameworks/signatures/iso-9660.zeek
+# @load frameworks/signatures/iso-9660.zeek
@load frameworks/software/version-changes.zeek
@load frameworks/software/vulnerable.zeek
 # @load frameworks/spicy/record-spicy-batch.zeek
--- a/scripts/zeekygen/load.zeek
+++ b/scripts/zeekygen/load.zeek
@ -10,6 +10,7 @@
@load frameworks/management/node/__load__.zeek
@load frameworks/management/node/main.zeek
@load frameworks/files/extract-all-files.zeek
+@load frameworks/signatures/iso-9660.zeek
@load policy/misc/dump-events.zeek
@load policy/protocols/conn/speculative-service.zeek