base/files/extract/main.zeek
- FileExtract
- Namespace:
FileExtract
- Imports:
Summary
Runtime Options
The default max size for extracted files (they won’t exceed this number of bytes). |
|
This setting configures if the file extract limit is inclusive of missing bytes. |
Redefinable Options
The prefix where files are extracted to. |
Redefinitions
|
|
Functions
Sets the maximum allowed extracted file size. |
Detailed Interface
Runtime Options
- FileExtract::default_limit
-
The default max size for extracted files (they won’t exceed this number of bytes). A value of zero means unlimited. Defaults to 100MB.
- FileExtract::default_limit_includes_missing
-
This setting configures if the file extract limit is inclusive of missing bytes. By default, missing bytes do count towards the limit. Setting this option to false changes this behavior so that missing bytes no longer count towards these limits. Files with missing bytes are created as sparse files on disk. Their apparent size can exceed this file size limit.
Redefinable Options
- FileExtract::prefix
-
The prefix where files are extracted to.
Functions
- FileExtract::set_limit
- Type:
function
(f:fa_file
, args:Files::AnalyzerArgs
, n:count
) :bool
Sets the maximum allowed extracted file size.
- Parameters:
f – A file that’s being extracted.
args – Arguments that identify a file extraction analyzer.
n – Allowed number of bytes to be extracted.
- Returns:
false if a file extraction analyzer wasn’t active for the file, else true.