Extracted file magic is not correct in many cases

[larsborn]

The field containing the file magic seems to not be correct in a lot of cases. Examples for probably corrupt ftype values:

compiled
very
assembler
exported
troff
a
RFC
PC
MSVC
MS
Little-endian
Windows
ms-windows
Embedded
,
current
executable
structured
64-bit
old
locale
amd
byte-swapped
disk
"compact
big
little
frozen

We also have the problem of multiple "different" values that are actually the same: Like

Composite
Word
CDFV2

or similar examples.

Let's collect some ideas and solutions in this issue!

[silascutler]

Agreed. This is a problem with the magic lib, a better solution is needed

[larsborn]

if there are no other takers, I'd volunteer to come up with something. Probably a combination of regexes on lib magic output and YARA.