From: Manav Soneja (msoneja) <msoneja@cisco.com>
Date: Fri, 24 Jan 2025 05:23:15 +0000 (+0000)
Subject: Pull request #4582: file: malware and file events when action changed from block... 
X-Git-Tag: 3.6.3.0~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36c21b6448194b9c57c86e27c3d03e7a3d4161e7;p=thirdparty%2Fsnort3.git

Pull request #4582: file: malware and file events when action changed from block malware to cloud malware lookup event

Merge in SNORT/snort3 from ~MSONEJA/snort3:block_cloud_lookup_eventing to master

Squashed commit of the following:

commit 629d79ba2528b6fa776a2a0cad960e03e5bc37b1
Author: msoneja <msoneja@cisco.com>
Date:   Wed Jan 22 15:33:57 2025 +0000

    file: malware and file events when action changed from block malware to cloud malware lookup event
---

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index edc56a460..1146c2bac 100644
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -366,7 +366,10 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
         return false;
     case FILE_VERDICT_LOG:
         if (resume)
+        {
+            file_ctx->log_file_event(flow, policy);
             policy->log_file_action(flow, file_ctx, FILE_RESUME_LOG);
+        }
         return false;
     case FILE_VERDICT_BLOCK:
         // can't block session inside a session