[Clamav-devel] ClamAV Scanning Algorithm

2010-04-02 Thread Mohammed Al-Saleh
Hi, I am newbie to ClamAV and want to know what is the scanning algorithm currently used by ClamAV. I would appreciate it if somebody guides me to the best place (may be an article or source code file) that talks about that. I read somewhere that it uses aho-corasick algorithm; so is it still

[Clamav-devel] Emulation

2010-04-18 Thread Mohammed Al-Saleh
Hi, Does ClamAV do code emulation to detect viruses/worms? Thanks, ~Moe ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net

[Clamav-devel] Question

2010-04-24 Thread Mohammed Al-Saleh
Does ClamAV use Aho-Corasick algorithm to match files against static signatures and Boyer-Moore against signatures that have *'s and ??'s ? Thanks much, ~Moe ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our

[Clamav-devel] Bug?

2010-05-14 Thread Mohammed Al-Saleh
Is this a bug in ClamAV (filtering.c)? case CLI_MATCH_NIBBLE_LOW: spec-start = (p 0xf); spec-end = 0xf0 | spec-start; spec-step = 0x10; Should not the step be 1 here? Thanks, ~Moe ___

[Clamav-devel] Virus DB Repo

2010-05-17 Thread Mohammed Al-Saleh
Hi, Is the virus database updated through a repository (for example svn or cvs)? I would like to see how virus database changes over time. Thanks, ~Moe ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla:

Re: [Clamav-devel] Question

2010-05-18 Thread Mohammed Al-Saleh
Hi Edwin, On Apr 27, 2010, at 7:19 AM, Török Edwin wrote: On 04/26/2010 10:20 PM, Mohammed Al-Saleh wrote: Hi Edwin, Thanks for your reply. I need to know the cases where ClamAV has performance bottlenecks or issues. The best way to do that is by measuring it. Read the last part

Re: [Clamav-devel] Boyer-Moore

2010-05-22 Thread Mohammed Al-Saleh
of Boyer-Moore (BMEXT) is implemented in ClamAV. The only difference lies in the use of Extended Bad Character Rule instead of the BCR used in original B-M algorithm. I searched the Internet for a paper related to BMEXT but found none. On Thu, May 20, 2010 at 12:00 AM, Mohammed Al-Saleh moealsa

[Clamav-devel] daily.cvd vs main.cvd

2010-05-27 Thread Mohammed Al-Saleh
Hi, I first thought that the daily signatures are added to the main ones every while ( and thus removed from the daily.cvd). After checking, it does not seem to work as I thought, :). Can any body tell me how the two files are related (or they are not at all)? When files are added to daily.cvd

Re: [Clamav-devel] daily.cvd vs main.cvd

2010-05-27 Thread Mohammed Al-Saleh
On Thu, May 27, 2010 at 9:51 AM, Mohammed Al-Saleh moealsa...@gmail.comwrote: Hi, I first thought that the daily signatures are added to the main ones every while ( and thus removed from the daily.cvd). After checking, it does not seem to work as I thought, :). Can any body tell me how

[Clamav-devel] File Type Filtering

2010-08-16 Thread Mohammed Al-Saleh
Hi, Can somebody please explain to me how ClamAV does file type filtering? here is exactly what I need in details. My understanding is that ClamAV's first scanning step is doing file type filtering to decide which root (out the 8 used ones) will be used to scan. My question is that if the file