Actions
Feature #7816
open
EL
EL
Add alternative to file magic
Feature #7816:
Add alternative to file magic
Effort:
medium
Difficulty:
medium
Label:
Description
File magic is suffering from multiple issues:
- not predictable: the magic depends of the version
- slow: computing magic on all files for logging is killing performance
Rust has a crate tree magic mini (https://docs.rs/tree_magic_mini/latest/tree_magic_mini/) licensed under MIT if the database file is not embedded. This is really faster than magic and mime type are really more reproducible. Having the mime type as an alternative for magic is thus interesting.
EL Updated by Eric Leblond 9 months ago
- Status changed from In Review to In Progress
EL Updated by Eric Leblond 9 months ago
- Status changed from In Progress to In Review
JF Updated by Juliana Fajardini Reichow 9 months ago
PR for review: https://github.com/OISF/suricata/pull/13620
JF Updated by Juliana Fajardini Reichow 9 months ago
- Target version changed from TBD to 9.0.0-beta1
JI Updated by Jason Ish 2 months ago
Some other Rust crates trying to do more or less the same thing:
- https://github.com/mmalecot/file-format
- https://github.com/Asuan/mimetype-detector
- https://github.com/bojand/infer
Actions