Bug #5778
open
ftp fileinfo and extraction seem not to trigger when it should
Added by Peter Manev almost 3 years ago.
Updated about 1 month ago.
Description
I have tested current master and latest stable 6.0.9.
Please see the attached pcap TLPW.
I may be wrong , but i don't see a reason why we should , the very least have some ftp fileinfo events.
Wireshark also does not extract the files - just for info.
I thought this is better to be logged and investigated rather, hence opening the issue.
Files
In my previous message
why we should
should read
why we should not
Please be careful if you extract files - the pcap should contain malware.
I found another pcap with ftp-data where the file extraction is working, but not properly. It's octet-stream/data instead of zip. Not sure if it's expected or if we could do better on this protocol.
- Status changed from New to Feedback
I may be wrong , but i don't see a reason why we should , the very least have some ftp fileinfo events.
We need to see the FTP flow to know that this is ftp-data
What did you expect ?
Also available in: Atom
PDF