Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extracted file magic is not correct in many cases #47

Open
larsborn opened this issue Nov 23, 2019 · 2 comments
Open

Extracted file magic is not correct in many cases #47

larsborn opened this issue Nov 23, 2019 · 2 comments
Labels
bug Something isn't working enhancement New feature or request

Comments

@larsborn
Copy link

The field containing the file magic seems to not be correct in a lot of cases. Examples for probably corrupt ftype values:

compiled
very
assembler
exported
troff
a
RFC
PC
MSVC
MS
Little-endian
Windows
ms-windows
Embedded
,
current
executable
structured
64-bit
old
locale
amd
byte-swapped
disk
"compact
big
little
frozen

We also have the problem of multiple "different" values that are actually the same: Like

Composite
Word
CDFV2

or similar examples.

Let's collect some ideas and solutions in this issue!

@silascutler
Copy link
Contributor

silascutler commented Apr 14, 2020

Agreed. This is a problem with the magic lib, a better solution is needed

@silascutler silascutler added bug Something isn't working enhancement New feature or request labels Apr 14, 2020
@larsborn
Copy link
Author

if there are no other takers, I'd volunteer to come up with something. Probably a combination of regexes on lib magic output and YARA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants