Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 11:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base
History
Jon Siwek 8dad5026fd File type detection changes and fix https.log {orig,resp}_fuids fields. 
- Removed "binary" and "octet-stream" mime type detections. They don't
  provide any more information than an uninitialized mime_type field
  which implicitly means no magic signature matches and so the media
  type is unknown to Bro.

- Slight change to "text/plain" signature.  It's still not the most
  accurate, which is reflected in its -20 strength value.

- The logic for adding file ids to {orig,resp}_fuids fields of
  the http.log incorrectly depended on the state of
  {orig,resp}_mime_types fields, so sometimes not all file ids
  associated w/ the session were logged.
2014-03-25 12:44:11 -05:00
..
files Minor unified2 script documentation fix. 2014-02-03 16:55:23 -06:00
frameworks File type detection changes and fix https.log {orig,resp}_fuids fields. 2014-03-25 12:44:11 -05:00
misc Add script to detect filtered TCP traces, addresses BIT-1119. 2014-01-31 17:04:58 -06:00
protocols File type detection changes and fix https.log {orig,resp}_fuids fields. 2014-03-25 12:44:11 -05:00
utils Return the Dir module to file name tracking instead of inode tracking. 2013-10-29 11:09:55 -04:00
init-bare.bro Merge branch 'master' into topic/jsiwek/file-signatures 2014-03-24 14:35:37 -05:00
init-default.bro Replace libmagic w/ Bro signatures for file MIME type identification. 2014-03-04 11:12:06 -06:00