On Sun, 19 Dec 2010 10:31:43 -0800 Bill Landry <[email protected]> wrote: > I've been doing some testing with some of the new signature wildcards, > in particular: > > • (B) > Match word boundary (including file boundaries). > • (L) > Match CR, CRLF or file boundaries. > > I've found that both of these wildcards work when used singularly in any > of the following combinations: > > SpamDomain.example_com:4:*:(B)6578616d706c652e636f6d(B) > SpamDomain.example_com:4:*:(L)6578616d706c652e636f6d(L) > SpamDomain.example_com:4:*:(B)6578616d706c652e636f6d(L) > SpamDomain.example_com:4:*:(L)6578616d706c652e636f6d(B) > > However, I would like to combine them on both sides of the hex > signature, but none of the following combinations work without causing > errors: > > SpamDomain.example_com:4:*:(B|L)6578616d706c652e636f6d(B|L) > SpamDomain.example_com:4:*:(B)(L)6578616d706c652e636f6d(B)(L) > SpamDomain.example_com:4:*:((B)|(L))6578616d706c652e636f6d((B)|(L)) > > Is there a way to combine these two wildcards into a single hex > signature so that it can detect any of the following combinations in an > email message:
Hi Bill, the word boundary (B) also acts as a line marker (L), so there's no need for using both of them at the same time. Regards, -- oo ..... Tomasz Kojm <[email protected]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Dec 20 11:00:52 CET 2010 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
