mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
037d582b0e
- It's derived from the magic database of libmagic 5.14, but with most everything not related to mime types removed. - The custom database is always used by default for mime detection, but the more verbose file type detection will fall back on the default libmagic installation's database. The result is: mime type strings are now guaranteed to be consistent across platforms, but the verbose file type descriptions are not. - The custom database gets installed in $prefix/share/bro/magic, and should even be extensible if files with new patterns are added inside the directory. - The search path for the mime magic database can be controlled via BROMAGIC environment variable. - Remove mime_desc field from ftp.log. - Stop using the mime/file type canonifier with unit tests. - libmagic >= 5.04 is now a requirement.
43 lines
1.5 KiB
Text
43 lines
1.5 KiB
Text
# See COPYING file in this directory for original libmagic copyright.
|
|
#------------------------------------------------------------------------------
|
|
# elf: file(1) magic for ELF executables
|
|
#
|
|
# We have to check the byte order flag to see what byte order all the
|
|
# other stuff in the header is in.
|
|
#
|
|
# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
|
|
#
|
|
# Created by: unknown
|
|
# Modified by (1): Daniel Quinlan <quinlan@yggdrasil.com>
|
|
# Modified by (2): Peter Tobias <tobias@server.et-inf.fho-emden.de> (core support)
|
|
# Modified by (3): Christian 'Dr. Disk' Hechelmann <drdisk@ds9.au.s.shuttle.de> (fix of core support)
|
|
# Modified by (4): <gerardo.cacciari@gmail.com> (VMS Itanium)
|
|
# Modified by (5): Matthias Urlichs <smurf@debian.org> (Listing of many architectures)
|
|
0 string \177ELF ELF
|
|
>4 byte 0 invalid class
|
|
>4 byte 1 32-bit
|
|
>4 byte 2 64-bit
|
|
>5 byte 0 invalid byte order
|
|
>5 byte 1 LSB
|
|
>>16 leshort 0 no file type,
|
|
!:strength *2
|
|
!:mime application/octet-stream
|
|
>>16 leshort 1 relocatable,
|
|
!:mime application/x-object
|
|
>>16 leshort 2 executable,
|
|
!:mime application/x-executable
|
|
>>16 leshort 3 shared object,
|
|
!:mime application/x-sharedlib
|
|
>>16 leshort 4 core file
|
|
!:mime application/x-coredump
|
|
>5 byte 2 MSB
|
|
>>16 beshort 0 no file type,
|
|
!:mime application/octet-stream
|
|
>>16 beshort 1 relocatable,
|
|
!:mime application/x-object
|
|
>>16 beshort 2 executable,
|
|
!:mime application/x-executable
|
|
>>16 beshort 3 shared object,
|
|
!:mime application/x-sharedlib
|
|
>>16 beshort 4 core file,
|
|
!:mime application/x-coredump
|