mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
037d582b0e
- It's derived from the magic database of libmagic 5.14, but with most everything not related to mime types removed. - The custom database is always used by default for mime detection, but the more verbose file type detection will fall back on the default libmagic installation's database. The result is: mime type strings are now guaranteed to be consistent across platforms, but the verbose file type descriptions are not. - The custom database gets installed in $prefix/share/bro/magic, and should even be extensible if files with new patterns are added inside the directory. - The search path for the mime magic database can be controlled via BROMAGIC environment variable. - Remove mime_desc field from ftp.log. - Stop using the mime/file type canonifier with unit tests. - libmagic >= 5.04 is now a requirement.
12 lines
697 B
Text
12 lines
697 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path smtp_entities
|
|
#open 2013-03-26-20-43-14
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt
|
|
#types time string addr port addr port count string count string string string string
|
|
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 text/plain - smtp-entity-cwR7l6Zctxb-0.dat (empty)
|
|
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 text/html - - (empty)
|
|
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 text/plain - smtp-entity-Ltd7QO7jEv3-1.dat (empty)
|
|
#close 2013-03-26-20-43-14
|