Brian O'Berry created BIT-1238:
----------------------------------
Summary: High false-positive for application/x-tar signature
Key: BIT-1238
URL: https://bro-tracker.atlassian.net/browse/BIT-1238
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3
Reporter: Brian O'Berry
The following signature in base/frameworks/files/magic/general.sig frequently
triggers on text files in our environment, and includes a strength value higher
than GNU and POSIX tar signatures in libmagic.sig.
{code}
signature file-tar {
file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/
file-mime "application/x-tar", 150
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-04-006#64001)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
