I've read ClamAV's Boyer-Moore implementation.
It does not seem to me that it uses Boyer-Moore algorithm at all.
The first step in adding BM patterns is the hashing step where you make
linked lists of patterns based on the hashing 3 characters from the pattern.
When scanning a buffer, specific linked lists will be matched against the
buffer based on the hashed results of buffer, again. When reaching a pattern
that could be the match, ClamAV does a very sequential string matching.
Check this code from matcher-bm.c
found = 1;
for(j = 0; j p-length + p-prefix_length off length; j++,
off++) {
if(bp[j] != pt[j]) {
found = 0;
break;
}
}
Some body correct me if I am mistaken or add something I am missing.
Thanks,
~Moe
On Wed, May 19, 2010 at 12:47 PM, Vishrut Sharma v.vish...@gmail.comwrote:
An extended version of Boyer-Moore (BMEXT) is implemented in ClamAV. The
only difference lies in the use of Extended Bad Character Rule instead of
the BCR used in original B-M algorithm. I searched the Internet for a paper
related to BMEXT but found none.
On Thu, May 20, 2010 at 12:00 AM, Mohammed Al-Saleh moealsa...@gmail.com
wrote:
Hi,
Can you please point me to a paper or any other source that could help in
understanding the Boyer-Moore implementation in ClamAV?
Is it very different from the original Boyer-Moore algorithm?
Any help is really appreciated.
Thanks much,
~Moe
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
--
Vishrut Sharma
Member of ACM, SDN,
MSDNAA, NSR
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
