Hi all!
I'm just wondering; Is it possible to extract files based solely on their magic number using Bro 2.2
In Bro 2.1, it was possible to extract files just by comparing the magic number
with the first X bytes. I used the script provided here, with great success:
http://scrapbook.zscaler.com/2012/05/bro-script-to-extract-artifacts-from.html
However, in Bro 2.2, thigs seem to have changed. Most examples and docs now only
seem to use the MIME-type to determine if a file will be extracted or not, e.g. here:
http://www.bro.org/sphinx-git/frameworks/file-analysis.html
I also see that there har been included some sort of "magic number database"(/bro/share/bro/magic/), but I find little
documentation on what its role is in regards of file extraction, as well as the formatting that is being used.
Have I missed something essential here?
If anyone could help me better understand how file extraction works now in Bro 2.2, it is most appreciated! 
Best regards,
Marius P. Haugen.