Describe the bug

ScanPngEof extracts files embedded after EOF from PNG files. It attaches the entire contents of the file to the event, and does not send the extracted file to the coordinator.

Steps to reproduce

./strelka-oneshot -f ../../../python/strelka/tests/fixtures/test_pe_overlay.png
cat strelka-oneshot.log | jq -rc '[.file.depth, .file.flavors.mime[0]] | @csv'

0,"image/png"
1,"application/x-empty"

Expected behavior

./strelka-oneshot -f ../../../python/strelka/tests/fixtures/test_pe_overlay.png 
cat strelka-oneshot.log | jq -rc '[.file.depth, .file.flavors.mime[0]] | @csv'

0,"image/png"
1,"application/x-dosexec"

Screenshots

N/A

Release

• Release: 0.22.12.08

Additional context

The extracted file should likely NOT be attached to the event, since the design philosophy of Strelka is for lightweight, metadata-only events.