On Thu, 27 Nov 2003 07:33:47 GMT Tomasz Klim <[EMAIL PROTECTED]> wrote:
> MY idea is not using an existing Aho-Corasick engine, but create
Sorry but this is a completely missed idea. Signature matching is the
most realiable virus scanning method and other methods may only be
used optionally.
> second one, based on fuzzy-logic (www.google.com: ATree,
> William Ward Armstrong, Dendronic Decisions Limited). I suggest
> to use some of his ideas to implement antiviral html parser.
I don't know ATree but (as a mathematician) I think it will be very hard
(and almost unrealistic) to train it to detect suspected HTML/email
data.
> Second: in my opinion, using libpcre in not a very wise idea:
I agree, it will be too expensive (and slow) to keep a seperate
automaton for every regular expression.
> 1. it's slow, at least slower, that posix regex
Please don't compare libpcre with regex !
> 2. it's unstable/insecure, just like the whole exim mta
> (well, it's not a piece of shit, like some other solutions
> I've seen, but on the other hand, it's not so great)
Please prove it ;-) : do you know some RE and text that will cause
libpcre to crash ?
> 3. using regular expressions itself is a bad idea IMHO,
> search for File::Scan Perl module...
No, it isn't. We need regular expressions to detect polymorphic viruses.
Best regards,
Tomasz Kojm
--
oo ..... [EMAIL PROTECTED] www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Nov 28 00:05:01 CET 2003
pgp00000.pgp
Description: PGP signature
