Feature #7816: Add alternative to file magic - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7816

open

Add alternative to file magic

Added by Eric Leblond about 4 hours ago. Updated about 4 hours ago.

Status:

In Progress

Priority:

Normal

Assignee:

Eric Leblond

Target version:

TBD

Effort:

medium

Difficulty:

medium

Label:

Description

File magic is suffering from multiple issues:
- not predictable: the magic depends of the version
- slow: computing magic on all files for logging is killing performance

Rust has a crate tree magic mini (https://docs.rs/tree_magic_mini/latest/tree_magic_mini/) licensed under MIT if the database file is not embedded. This is really faster than magic and mime type are really more reproducible. Having the mime type as an alternative for magic is thus interesting.

History
Property changes

Actions

Copy link

Updated by Eric Leblond about 4 hours ago

Status changed from In Review to In Progress

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7816

Add alternative to file magic

Updated by Eric Leblond about 4 hours ago