pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/testing/btest/scripts/base/frameworks/file-analysis/bifs/enable-disable.zeek
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

31 lines
755 B
Plaintext
Raw Blame History

# @TEST-EXEC: zeek -C -b -r $TRACES/pe/pe.trace %INPUT >out
# @TEST-EXEC: zeek -C -b -r $TRACES/pe/pe.trace %INPUT disable_it=T >>out
# @TEST-EXEC: btest-diff out
@load base/protocols/ftp
option disable_it = F;
event zeek_init()
{
local pe_mime_types: set[string] = { "application/x-dosexec" };
Files::register_for_mime_types(Files::ANALYZER_PE, pe_mime_types);
print Files::analyzer_enabled(Files::ANALYZER_PE);
Files::enable_analyzer(Files::ANALYZER_PE);
print Files::analyzer_enabled(Files::ANALYZER_PE);
if ( disable_it )
{
Files::disable_analyzer(Files::ANALYZER_PE);
print Files::analyzer_enabled(Files::ANALYZER_PE);
}
}
event pe_dos_header(f: fa_file, h: PE::DOSHeader)
{
print "got pe_dos_header event";
terminate();
}
Reference in New Issue View Git Blame Copy Permalink