File Extraction Question

Might be nothing, but having the extra &redef at the end seems strange to me.


Good catch, copy-paste from another script. Made the change, still no dice.

Played with it a bit more and

redef HTTP::generate_md5 = /NO_FILE_TYPE_EVER/;

added to a .bro file fixes the problem. I no longer get md5 sums, but
all executables are successfully extracted into the extraction

Is this anticipated behavior? Or should I get my cake and eat it too? :slight_smile:

Thanks again.

I have no clue why this happening. Also, you shouldn't need that whole list you defined in your earlier email. You should be to get away with only defining /application\/x-dosexec/

If I had to guess, it could be something to do with the first line you defined…
redef HTTP::extract_file_types = /application\/x-dosexec/ &redef;

Adding the attribute there doesn't even make sense and honestly that should be a parse-time error since using the &redef attribute in that situation would never make sense. I'll file a ticket.

File extraction should work like you want with this line:
redef HTTP::extract_file_types += /application\/x-dosexec/;

All of this will be changing for 2.2 also and will become much more flexible.


No parsing error was generated, broctl check && broctl install &&
broctl restart completed successfully.

I was/am a bit lost as well. You gave me another thing to check. Got
rid of everything and only did the following:

redef HTTP::extract_file_types += /.*\/.*/;

Extracts all files, except for the windows exes that were MD5'd

----- then ----

redef HTTP::extract_file_types += /.*\/.*/;
redef HTTP::generate_md5 = /NO_FILE_TYPE_EVER/;

Extracts all files (including all windows exes) and none are MD5'd

Looking forward to the change in 2.2.

Weird, this doesn't make any sense. I've always felt a bit uncomfortable with the structure of the scripts that implement that functionality, but I never would have foreseen a problem like this.

Could you file this as a ticket in our tracker?