Suricata

I coded a new transformation, and want to know if there is interest to merge this into Suricata.

One of the problems this new transformation helps with: detecting obfuscated code.

Like this downloaded code: cm^d.exe /k power^shell.exe -Encodedcommand AAAAAAAAAAAAAAAAAAAA

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Dropbytes file.data cm^d.exe test"; flow:established,to_client; file.data; dropbytes:"^"; content:"cmd.exe"; sid:1;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Dropbytes file.data power^shell test"; flow:established,to_client; file.data; dropbytes:"^"; content:"powershell"; sid:2
;)

Character ^ can be used to bypass detection of Windows commands, by adding this character at arbitrary places in the command.
Transformation dropbytes:"^"; removes this ^ character.

This transformation can also help with UNICODE detection, quick & dirty solution: remove al NUL bytes. dropbytes:"|00|";