Project

General

Profile

Actions
Copy link

Feature #597

closed
PM VJ

case insensitive fileext match

Feature #597: case insensitive fileext match

Added by Peter Manev over 13 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.0rc1
Effort:
Difficulty:
Label:

Description

alert http any any -> any any (msg:"File magic on GIF"; fileext:"GIF";sid:666; rev:1;)
- would not alert on a http downloaded file with
extension *.gif BUT it would on **.GIF (notice the upper case)

It would be beneficial if it could be made case insensitive - have the nocase keyword apply to it as well.

thanks

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 2.0rc2

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
 #2

  • Target version changed from 2.0rc2 to 2.0beta2

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
 #3

  • Target version changed from 2.0beta2 to 2.0rc1

VJ Updated by Victor Julien about 12 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Merged https://github.com/inliniac/suricata/pull/820 to address this.

What it does it is change the matching of fileext:"exe"; to case insensitive unconditionally. This isn't ideal, but I would prefer overhauling the fileext and filename keywords completely to act like file_data.

VJ Updated by Victor Julien about 12 years ago Actions
Copy link
 #5

Actions
Copy link

Also available in: PDF Atom