smb-eicar-file: check files array

Add a check for the files array to make sure it exists
and has a filename.

Only applicable to v6.0.0+.

diff --git a/tests/smb-eicar-file/test.yaml b/tests/smb-eicar-file/test.yaml
index 54b53cc40b808589e26c2a2efbdb4a89cc1215fc..ad7a26e07fe793d670486218c34338723508dbf1 100644 (file)
--- a/tests/smb-eicar-file/test.yaml
+++ b/tests/smb-eicar-file/test.yaml
@@ -13,3 +13,12 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+
+  # Check for something in the files array, which is an array of
+  # fileinfo objects.
+  - filter:
+      min-version: 6.0.0
+      count: 1
+      match:
+        event_type: alert
+        files[0].filename: "\\eicar"