> > MY idea is not using an existing Aho-Corasick engine, but create > > Sorry but this is a completely missed idea. Signature matching is the > most realiable virus scanning method and other methods may only be > used optionally.
I didn't say: leave the Aho-Corasick engine. I said about TWO engines: one for all files, and the second for html files. > > second one, based on fuzzy-logic (www.google.com: ATree, > > William Ward Armstrong, Dendronic Decisions Limited). I suggest > > to use some of his ideas to implement antiviral html parser. > > I don't know ATree but (as a mathematician) I think it will be very hard > (and almost unrealistic) to train it to detect suspected HTML/email > data. May it be. But result would be worth of. > > Second: in my opinion, using libpcre in not a very wise idea: > > I agree, it will be too expensive (and slow) to keep a seperate > automaton for every regular expression. I think, that you don't really need full regular expression support. I think, that could be implemented simpler and faster, than libpcre. It would be just harder for you. Nothing else. But results will be nicer. > > 1. it's slow, at least slower, that posix regex > > Please don't compare libpcre with regex ! Why? It's true. Look at 'ngrep' sniffer. It has optional regex/libpcre support to match payloads. Try to benchmark it. Look at its stability with regex and with libpcre... > > 2. it's unstable/insecure, just like the whole exim mta > > (well, it's not a piece of shit, like some other solutions > > I've seen, but on the other hand, it's not so great) > > Please prove it ;-) : do you know some RE and text that will cause > libpcre to crash ? As a commercial company, we will NOT provide any patches for anyone. This is my general rule. I can make an exception for you (we both know, why), but... Second, libpcre is complicated, and even saying nothing of rules, we just don't have time to investigate, where exactly are the bugs. Third. Hmm, let's say that I have an working example. Do you really think that I will EVER send it to anyone? Please... > > 3. using regular expressions itself is a bad idea IMHO, > > search for File::Scan Perl module... > > No, it isn't. We need regular expressions to detect polymorphic viruses. It is. You can implement simpler solution on your own. See above. ---------- Tomasz Klim, [EMAIL PROTECTED] http://www.euroneto.pl Phone: +48 61 8433535 Fax: +48 61 8434455 Euronet Sp. z o.o., Dabrowskiego 81/85, 60-529 Poznan, Poland ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-devel
