Hello,
I’m trying to use bro 2.2 on Mac (10.9.2) with macports
but when I try to parse a pcap, I got magic errors:
$ bro -r
/opt/local/share/bro/magic/animation, 193: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 195: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 197: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 199: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 201: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 203: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 205: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 208: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/archive, 45: Warning: Current entry does not yet have a description for adding a MIME type
/opt/local/share/bro/magic/cafebabe, 19: Warning: Current entry does not yet have a description for adding a MIME type
internal error: can’t load magic file /opt/local/share/bro/magic: could not find any valid magic files!
<<<
Those files are from bro, while macports’ libmagic (5.18) has /opt/local/share/misc/magic.mgc
same if I do
MAGIC=/opt/local/share/misc/magic.mgc bro -r
as suggested on http://comments.gmane.org/gmane.comp.security.detection.bro/6225
Improvement with https://bro-tracker.atlassian.net/browse/BIT-1143.
I gave a try to github head and it works as expected, probably because of above change.
So is a fix is expected for 2.2 or 2.3 is sufficiently near release?
Thanks
Julien