[ https://bro-tracker.atlassian.net/browse/BIT-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15573#comment-15573 ]
Robin Sommer commented on BIT-1143: ----------------------------------- I was thinking better control over the matching, but I guess there's not really that much to gain in addition. Can this be (semi-)automated, i.e., converting the magic mime db into Bro regular expressions? Also, we should investigate performance: Bro's signature engine doesn't have a reputation for being the fastest in the world. :) Hard to predict how it performs compared to libmagic; but then I also don't know if it mattered much if the file type detection got slower. One more caveat, something I actually didn't think about so far: the signature engine has some depenedencies on connection state, not sure if using files as the analysis units goes without pain. Agreed. So if we can basically keep detecting all the MIME types we currently find, without hurting performance in a significant way, I'm fine fully switching. > Investigate replacing libmagic w/ signatures for file identificaiton > -------------------------------------------------------------------- > > Key: BIT-1143 > URL: https://bro-tracker.atlassian.net/browse/BIT-1143 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Jon Siwek > Fix For: 2.3 > > > I think it makes sense to try to make the switch from libmagic to using Bro's > own signature engine for file identification before the next release. Don't > want people getting used to magic file format for their own custom file > identification rules. -- This message was sent by Atlassian JIRA (v6.2-OD-09-036#6252) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev