zeek/testing/btest/scripts/base/protocols/smtp/mime.test

# Checks logging of mime types and md5 calculation.  Mime type in the log
# is normalized to prevent sensitivity to libmagic version.

# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
# @TEST-EXEC: btest-diff smtp_entities.log

@load base/protocols/smtp

redef SMTP::generate_md5=/text\/plain/;

event bro_init()
	{
	Log::remove_default_filter(SMTP::ENTITIES_LOG);
	Log::add_filter(SMTP::ENTITIES_LOG, [$name="normalized-mime-types",
									  $pred=function(rec: SMTP::EntityInfo): bool
		{
		if ( rec?$mime_type )
			rec$mime_type = "FAKE_MIME";
		return T;
		}
	]);
	}