From 497f35164b6689012c5f448a35f47b3b8aa514a4 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Sun, 21 Apr 2019 09:40:28 +0200
Subject: [PATCH] detect-filename: avoid multiple inspections of buf

If the filename inspection function is returning nomatch this will
trigger iterative inspections with same content (aka filename) being
inspected. To avoid this we change the return as the buffer inspection
has not to be inspected anymore.
---
 src/detect-filename.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 1ffb55d5f2..41c695fc2c 100644
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -418,7 +418,7 @@ static int DetectEngineInspectFilename(
     if (r == 1)
         return DETECT_ENGINE_INSPECT_SIG_MATCH;
     else
-        return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+        return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILESTORE;
 }
 
 typedef struct PrefilterMpmFilename {