mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 03:58:20 +00:00
1a5ce65e3d
The previous "fix" caused significant performance degradation without the signature ever having a chance to trigger. Moving it to policy seems the best compromise, the alternative being outright removing it.
10 lines
401 B
Standard ML
10 lines
401 B
Standard ML
# ISO 9660 disk image: First 16 sectors (2k) are arbitrary data.
|
|
# The following sector is a volume descriptor with magic string "CD001"
|
|
# at offset 1: 16 * 2048 + 1 = 32769.
|
|
#
|
|
# However, we do not use exact offset matching /^.{32769}CD001/ as this
|
|
# results in major performance degradation.
|
|
signature file-iso9660 {
|
|
file-mime "application/x-iso9660-image", 99
|
|
file-magic /.*CD001/
|
|
}
|