Suricata FileMagic

fransua · April 28, 2023, 8:23am

Hello
I am doing some investigation about how Suricata works with FileMagic.
Here is a shell script : set-redir.sh

On my linux :
file set-redir.sh

POSIX shell script, Unicode text, UTF-8 text executable

With Suricata libmagic
file -m /var/lib/lxc/suricata/rootfs_ro/usr/share/misc/suricata.mgc set-redir.sh

UTF-8 Unicode text

But when I export the file type mapping :

file -l -m /var/lib/lxc/suricata/rootfs_ro/usr/share/misc/suricata.mgc | awk '/Binary patterns/{flag=1; next} /Text patterns/{flag=1; next} flag{print substr($0,index($0,$4))}' | sort | uniq > /tmp/magic-formats-all.txt

There is no UTF-8 Unicode text

What could be the explanation ?

Andreas_Herz · May 7, 2023, 10:00am

What version are you using, how do you run it and how does the config look like?
Could be a config issue.

Topic		Replies	Views
Windows 10 -2016 File Hash calculation Help file-extraction , windows	7	721	April 17, 2021
Suricata 6.X On CentOS 7 In FIPS Mode Help	9	1125	May 26, 2021
Compiling Suricata-7.0.0-rc1 with Napatech Enabled Help	4	272	May 7, 2023
Suricata 6.0.4: /usr/bin/ld: error adding symbols: file in wrong format Developers	2	1456	February 6, 2022
Windows build instructions Developers windows	4	1341	June 25, 2021

Suricata FileMagic

Related Topics