On Wed, 30 Jun 2010 15:37:07 +0800
candy <outstandingca...@gmail.com> wrote:
> Thanks for your reply.
> I am very interesting in the virus engien. I want to know the whole
> algorithm of scaning and trying to optimize the "int
> cli_scanpe(cli_ctx *ctx, icon_groupset *iconset)" function.
> I have read the readdb.c and pe.c file, I think the soff variable
> restore the length of the PE sections in the database. Am I right?
No, it is actually the section size, I don't know why it was called
soff.
> And I want to know why not using the binary search instead of
> following code? Maybe it can speed up scanning?
> for(j = 0; j < md5_sect->soff_len && md5_sect->soff[j] <=
> exe_sections[i].rsz; j++) {
You could, but it would complicate the code. How much faster is it if
you are using binary search here?
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
