Pull request #4582: file: malware and file events when action changed from block...

Merge in SNORT/snort3 from ~MSONEJA/snort3:block_cloud_lookup_eventing to master

Squashed commit of the following:

commit 629d79ba2528b6fa776a2a0cad960e03e5bc37b1
Author: msoneja <msoneja@cisco.com>
Date:   Wed Jan 22 15:33:57 2025 +0000

    file: malware and file events when action changed from block malware to cloud malware lookup event

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index edc56a46092c2085b8a272798e830e5efe5447e3..1146c2bacacc410cfadae0f9acd8625b59291397 100644 (file)
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -366,7 +366,10 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
         return false;
     case FILE_VERDICT_LOG:
         if (resume)
+        {
+            file_ctx->log_file_event(flow, policy);
             policy->log_file_action(flow, file_ctx, FILE_RESUME_LOG);
+        }
         return false;
     case FILE_VERDICT_BLOCK:
         // can't block session inside a session