Hello,
I am doing my Msc thesis work in pattern matching, and I am using
ClamAV's signature database.
I've got a question about two specific wildcards that are stated in
the signatures.pdf file (titled "Creating Signatures for ClamAV").
According to the document, the wildcard "{n}" states that n bytes can
be matched. Also, the wildcard "??" states that any one byte can be
matched. I have found some "{1}" wildcards in the database. I assume
that by saying "match n bytes", the meaning is that we can match any n
bytes. If that is the case, what is the difference between "??" and
"{1}" ? Or am I wrong, and {n} means "match the previous byte, n
times"?
Thank you for your time.
Best regards,
-Alexandre Dias
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
I am doing my Msc thesis work in pattern matching, and I am using
ClamAV's signature database.
I've got a question about two specific wildcards that are stated in
the signatures.pdf file (titled "Creating Signatures for ClamAV").
According to the document, the wildcard "{n}" states that n bytes can
be matched. Also, the wildcard "??" states that any one byte can be
matched. I have found some "{1}" wildcards in the database. I assume
that by saying "match n bytes", the meaning is that we can match any n
bytes. If that is the case, what is the difference between "??" and
"{1}" ? Or am I wrong, and {n} means "match the previous byte, n
times"?
Thank you for your time.
Best regards,
-Alexandre Dias
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net