base/files/extract/main.zeek¶
- FileExtract¶
- Namespace
FileExtract
- Imports
Summary¶
Runtime Options¶
The default max size for extracted files (they won’t exceed this number of bytes). |
Redefinable Options¶
The prefix where files are extracted to. |
Redefinitions¶
|
|
Functions¶
Sets the maximum allowed extracted file size. |
Detailed Interface¶
Runtime Options¶
- FileExtract::default_limit¶
- Type
- Attributes
- Default
0
- Redefinition
from policy/tuning/defaults/extracted_file_limits.zeek
=
:104857600
The default max size for extracted files (they won’t exceed this number of bytes). A value of zero means unlimited.
Redefinable Options¶
- FileExtract::prefix¶
-
The prefix where files are extracted to.
Functions¶
- FileExtract::set_limit¶
- Type
function
(f:fa_file
, args:Files::AnalyzerArgs
, n:count
) :bool
Sets the maximum allowed extracted file size.
- Parameters
f – A file that’s being extracted.
args – Arguments that identify a file extraction analyzer.
n – Allowed number of bytes to be extracted.
- Returns
false if a file extraction analyzer wasn’t active for the file, else true.