Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base/frameworks/files
History
Jon Siwek 8dad5026fd File type detection changes and fix https.log {orig,resp}_fuids fields. 
- Removed "binary" and "octet-stream" mime type detections. They don't
  provide any more information than an uninitialized mime_type field
  which implicitly means no magic signature matches and so the media
  type is unknown to Bro.

- Slight change to "text/plain" signature.  It's still not the most
  accurate, which is reflected in its -20 strength value.

- The logic for adding file ids to {orig,resp}_fuids fields of
  the http.log incorrectly depended on the state of
  {orig,resp}_mime_types fields, so sometimes not all file ids
  associated w/ the session were logged.
2014-03-25 12:44:11 -05:00
..
magic File type detection changes and fix https.log {orig,resp}_fuids fields. 2014-03-25 12:44:11 -05:00
__load__.bro Replace libmagic w/ Bro signatures for file MIME type identification. 2014-03-04 11:12:06 -06:00
main.bro Various minor changes related to file mime type detection. 2014-03-06 11:41:10 -06:00
README Add README files for most Bro frameworks 2013-10-11 00:19:37 -05:00

README 

The file analysis framework provides an interface for driving the analysis
of files, possibly independent of any network protocol over which they're
transported.