Hi I have a basic question. Most body-based signatures are hex based(lets focus on fixed string signatures alone for simplicity), whereas some of the files are hex(EXE) or character-based(HTML).
In the code I see unsigned chars used predominantly to represent patterns and file contents. At the very core, do the string matching algorithms, mainly extended Boyer Moore, I would like to understand how the datatypes gets manipulated. 1) Do the character based files get translated to hex to compare with body based signatures? 2) Does the signature get treated as a string of chars? If yes, Does a toy signature "fe" gets treated as two chars(8 bits each) for "f" and "e" (or) Does the code read the signature "fe" and maps into one character based on the ASCII table (for example)? Thank you.. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
