dcode/Attempt at File Extraction Policy

## Attempt at File Extraction Policy
global ext_map: table[string] of string = {
    ["application/x-dosexec"] = "exe",
    ["text/plain"] = "txt",
    ["image/jpeg"] = "jpg",
    ["image/png"] = "png",
    ["text/html"] = "html",
} &default ="";

event file_new(f: fa_file)
    {

    local ext = "";
    if ( f?$mime_type )
        ext = ext_map[f$mime_type];

    local fname = fmt("%s-%s.%s", f$source, f$id, ext);

    # Extract any outbound file
    for ( c in f?$conns )
        if ( c?$conn?$local_orig )
            Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);


    # Extract any inbound file that hits on interesting types
    if ( f?$mime_type !in ext_map )
        return;

    Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);


    }
	global ext_map: table[string] of string = {
	["application/x-dosexec"] = "exe",
	["text/plain"] = "txt",
	["image/jpeg"] = "jpg",
	["image/png"] = "png",
	["text/html"] = "html",
	} &default ="";

	event file_new(f: fa_file)
	{

	local ext = "";
	if ( f?$mime_type )
	ext = ext_map[f$mime_type];

	local fname = fmt("%s-%s.%s", f$source, f$id, ext);

	# Extract any outbound file
	for ( c in f?$conns )
	if ( c?$conn?$local_orig )
	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);


	# Extract any inbound file that hits on interesting types
	if ( f?$mime_type !in ext_map )
	return;

	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);


	}