search

krmaxwell / maltrieve

A tool to retrieve malware directly from the source for security researchers.
GNU General Public License v3.0
562 stars 184 forks source link

Filter downloads by mime #60

Closed kevthehermit closed 9 years ago

kevthehermit commented 9 years ago

Allows filters in the config file to stop storing files of specific mime types

Use Case: Maltrieve gets lots of HTML pages that i don't want in my viper instance.

add to maltrieve.cfg

mime_block = text/html, text/plain

Anything matching the mime by magic bytes is logged but not stored or processed any further.

2014-09-28 11:23:01 140329684920064 text/html in ignore list for http://shwmf.net/efckt/
krmaxwell commented 9 years ago

Ah, that's an interesting use case! I'd really like to specify a "white list" of types I care most about too - only save PE32s or PDFs or whatever.