[Oisf-devel] extracted to filestore may not always be original file
Victor Julien
victor at inliniac.net
Fri Oct 12 14:52:09 UTC 2012
On 10/11/2012 11:35 PM, Kyle Creyts wrote:
> Has anyone else noticed that some percentage of the time[1] when a
> rule with filestore in it triggers, a file will be either not be
> written to filestore (bug1), or may be written in a jumbled and
> sometimes incomplete fashion (bug2)?
>
> (bug2)
> In the other case (logs, files, and input pcap attached) it outputs 1
> binary for every binary that triggered the filestore rules, but some
> small percent of these binaries may be missing chunks, may have extra
> chunks, or may be written in a jumbled order. This is something I have
> been able to reliably reproduce, and have attached extensive debug
> logs for.
Bug confirmed, thanks.
Check https://redmine.openinfosecfoundation.org/issues/601, it contains
a patch too. Will test it some more before pushing it out.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list