hi seth,

In http transaction, some of the executable files are transfer via this mime type -


I have appended it for watched_mime_types in http-identified-files.bro and it works fine.

Cheers ;]

You might want to check the description for those files. There are a lot of other files that are identified as octet-streams, or at least as far as I can remember when I was working on that script a while ago. :slight_smile: