[Oisf-devel] magic-file inconsistency in suricata.yaml file and the code
Victor Julien
victor at inliniac.net
Thu Jun 12 09:56:18 UTC 2014
On 06/12/2014 11:16 AM, Mahendra Ladhe wrote:
> Hi,
> From suricata.yaml file
>
> # Magic file. The extension .mgc is added to the value here.
> #magic-file: /usr/share/file/magic
> magic-file: /usr/share/file/magic
>
> But in files
> src/util-magic.c
> detect-filemagic.c
>
> there's code
> (void)ConfGet("magic-file", &filename);
> if (filename != NULL) {
> SCLogInfo("using magic-file %s", filename);
>
> if ( (fd = fopen(filename, "r")) == NULL) {
> SCLogWarning(SC_ERR_FOPEN, "Error opening file: \"%s\": %s",
> filename, strerror(errno));
> goto error;
> }
> fclose(fd);
> }
>
> if (magic_load(t->ctx, filename) != 0) {
> SCLogError(SC_ERR_MAGIC_LOAD, "magic_load failed: %s",
> magic_error(t->ctx));
> goto error;
> }
>
> which uses the magic file name as is without adding the .mgc extension.
> So either the suricata.yaml file needs to be corrected or code needs to
> be modified.
> This was causing "magic_load failed" error for me. Only when I added
> .mgc extension to magic-file field in suricata.yaml file, the error went
> away.
What OS are you using? It seems that on some (most?) OS' the .mgc is
automagically added.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list