polonus
1
polonus
3
Hi jefferson santiag,
It is not that straight forward an answer: http://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/
and this message link from Kyle Creyts: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2012-March/001429.html
The application used on the website has many vulnerabilities to be abused: http://seclists.org/fulldisclosure/2012/May/94
So establishiong the true nature of the content-type: application/x-msdownload is not that easy,
site may now be clean but certainly had issues in the past or may still have,
polonus