hi seth,
In http transaction, some of the executable files are transfer via this mime type -
application/octet-stream
I have appended it for watched_mime_types in http-identified-files.bro and it works fine.
Cheers ;]
hi seth,
In http transaction, some of the executable files are transfer via this mime type -
application/octet-stream
I have appended it for watched_mime_types in http-identified-files.bro and it works fine.
Cheers ;]
You might want to check the description for those files. There are a lot of other files that are identified as octet-streams, or at least as far as I can remember when I was working on that script a while ago.
.Seth