From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Fri, 7 Feb 2020 21:54:01 +0000 (+0000)
Subject: Merge pull request #1993 in SNORT/snort3 from ~PGUPTE/snort3:flic to master
X-Git-Tag: 3.0.0-268~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=326efc170f6bfa0436b83c82b3cfbf2263e411e7;p=thirdparty%2Fsnort3.git

Merge pull request #1993 in SNORT/snort3 from ~PGUPTE/snort3:flic to master

Squashed commit of the following:

commit 82bdd3a425074d76e5a4655f6f11b97685976df7
Author: Payal Gupte <pgupte@cisco.com>
Date:   Fri Feb 7 15:49:34 2020 -0500

    file-magic: Added missing file magic pattern for FLIC
---

diff --git a/lua/file_magic.lua b/lua/file_magic.lua
index 47c629087..74432aa17 100644
--- a/lua/file_magic.lua
+++ b/lua/file_magic.lua
@@ -14,7 +14,10 @@ file_magic =
     { type = 'ISO', id = 12, category = 'System files', msg = 'Disc Image file based on ISO-9660 standard (iso)c', rev = 1, magic = { { content = '| 43 44 30 30 31 |', offset = 36865, }, }, },
     { type = 'S3M', id = 13, category = 'Multimedia', msg = 'S3M audio module format', rev = 1, group = 'audio', magic = { { content = '| 53 43 52 4d |', offset = 44, }, }, },
     { type = 'FLIC', id = 14, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|11 AF|', offset = 4, }, { content = '|40 01|', offset = 8, }, { content = '|c8 00|', offset = 10, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
-    { type = 'FLIC', id = 15, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|12 AF|', offset = 4, }, { content = '|40 01|', offset = 8, }, { content = '|c8 00|', offset = 10, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
+    { type = 'FLIC', id = 15, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|12 AF|', offset = 4, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
+    { type = 'FLIC', id = 16, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|44 AF|', offset = 4, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
+    { type = 'FLIC', id = 17, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|30 AF|', offset = 4, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
+    { type = 'FLIC', id = 18, category = 'Multimedia', msg = 'FLIC Animation file', rev = 2, magic = { { content = '|31 AF|', offset = 4, }, { content = '|00 00|', offset = 20, }, { content = '|00 00 00 00 00 00 00 00|', offset = 42, }, }, },
     { type = 'MSEXE', id = 21, category = 'Executables,Dynamic Analysis Capable,Local Malware Analysis Capable', msg = 'Windows/DOS executable file ', rev = 1, magic = { { content = '| 4D 5A|', offset = 0, }, }, },
     { type = 'PDF', id = 22, category = 'PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable', msg = 'PDF file ', rev = 1, magic = { { content = '| 25 50 44 46|', offset = 0, }, }, },
     { type = 'RTF', id = 23, category = 'Office Documents,Dynamic Analysis Capable', msg = 'Rich text format word processing file ', rev = 2, magic = { { content = '| 7B 5C 72 74|', offset = 0, }, }, },