.ndb questions
TargetType is confusing and very unclear.
Type 2 What exactly is type 2. I first read this ad thought
it was OLE executables but further reading indicates it might also
include Excel, Word VB and other Microsoft files. True? Are they
normalized?
Type 3 What exactly is normaized HTML? What happens to non
ascii/Latin encodings? UTF? Line terminators (\r,\r\n,\n)? PHP,
Javascript and html escapes and html entities? Does this type get
applied to Mail? Does this type get applied to Mail when there are no
HTML MIME sections? What other files is it applied to?
Type 4 signatures appear not to operate on any file that
doesn't look like an 2821 document. Is this true? Are the internal
encoding (such as QP or B64) decoded before applying signatures? In
QP are =\r\n removed? For 8-bit mail what is done for the non-ascii
encodings? Upper/lower case? Line terminators (\r,\r\n,\n)? Should
UTF be considered? If type 4 is for only 2821 mail format, is Type 7
for all "text and script files including mail?
Type 5 I assume are binary files such as jpg, png, tiff, swf mov, etc?
Type 7 What does normalized mean? What happens for characters
above 127 or for UTF? Line terminators (\r,\r\n,\n)? Does this type
get applied to Mail as well? What other files is it applied to?
Clamdocs specify clam having special processing for Office,
RTF and PDF as well as HTML yet there are no "normalized" nor
non-"normalized"types for these file formats.
I assume that signatures of these types are applied to both
uncompressed and compressed versions of the file.
Wildcards
Would be nice to have a wildcard that allowed a range of
matching like regex *{6,8}
Would be nice to be able to have wildcards to match ascii
numbers and ascci letters.
Thanks for any and all clarifications and insights.
For clamav/sourcefire folks, if any answer to above is no, could you
consider adding in the future?
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
