[Oisf-devel] [COMMIT] OISF branch, master, updated. 9878eca0860e3b59a48030f2a894fb51e13c4eae

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Thu Dec 1 17:19:35 UTC 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  9878eca0860e3b59a48030f2a894fb51e13c4eae (commit)
      from  ddfa5c49c6c7559e6f02ee463e90d884ea11cce8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9878eca0860e3b59a48030f2a894fb51e13c4eae
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Dec 1 18:08:15 2011 +0100

    file handling: expand filestore keyword
    
    Filestore keyword by default (... filestore; ... ) marks only the file in the
    same direction as the rule match for storing. This makes sense when inspecting
    individual files (filemagic, filename, etc) but not so much when looking at
    suspicious file requests, where the actual file is in the response.
    
    The filestore keyword now takes 2 optional options:
    
    filestore:<direction>,<scope>;
    
    By default the direction is "same as rule match", and scope is "currently
    inspected file".
    
    For direction the following values are possible: "request" and "to_server",
    "response" and "to_client", "both".
    
    For scope the following values are possible: "tx" for all files in the current
    HTTP/1.1 transation, "ssn" and "flow" for all files in the session/flow.
    
    For the above case, where a suspious request should lead to a response file
    download, this would work:
    
    alert http ... content:"/suspicious/"; http_uri; filestore:response; ...

-----------------------------------------------------------------------

Summary of changes:
 src/app-layer-htp-file.c |   12 +++-
 src/app-layer-htp.h      |   18 +++--
 src/detect-engine-file.c |   24 +++++-
 src/detect-filestore.c   |  212 +++++++++++++++++++++++++++++++++++++++++++++-
 src/detect-filestore.h   |   14 +++
 src/util-file.c          |   31 +++++++-
 src/util-file.h          |    4 +
 7 files changed, 301 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list