Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/policy/frameworks/signatures/iso-9660.sig
Arne Welzel f4ed1e05fc signatures/iso-9660: Add \x01 suffix to CD001 
As discussed with Tim, that should make it a bit more robust against
false positives.
2024-02-26 21:00:01 +01:00

10 lines
405 B
Standard ML
Raw Blame History

# ISO 9660 disk image: First 16 sectors (2k) are arbitrary data.
# The following sector is a volume descriptor with magic string "CD001"
# at offset 1: 16 * 2048 + 1 = 32769.
#
# However, we do not use exact offset matching /^.{32769}CD001/ as this
# results in major performance degradation.
signature file-iso9660 {
file-mime "application/x-iso9660-image", 99
file-magic /.*CD001\x01/
}
Reference in a new issue View git blame Copy permalink