> Great information! Is there an easy way to remove the old flex parsers, or is
> it a manual/scripted process?
Its a manual process for now unfortunately.
> In regards to the packers lua parser, you indicate it replaces the existing
> packers parser. Does this include all of the malware_packers_X parsers
The 'packers' flex parser file actually contains all of the individual malware_packers_X parsers. The 'packers' lua parser replaces all of them.
Any word on the availability of some of these parsers unencrypted, for demonstration purposes? It would be useful for custom parser creation.
Is there any update to table? we're trying to apply the LUA parser but don't know which one to apply.
1. Can LUA parser and Flex parser be applied at same time?
2. Some Flex parsers don't have replacement LUA parser, like OS and browser parser, when will it be available?
Sorry for the late reply.
1. Yes, they can be enabled at the same time. But if a flex and a lua parser that parses the same thing are both enabled, then the decoder will be doing more work and registering duplicate meta.
2. Those two parsers really just tried to match bits of user-agent headers and make inferences based on that. Instead HTTP_lua simply registers the entire user-agent header.