git-svn: trunk@2709
Tomasz Kojm authored on 2007/02/12 23:00:27... | ... |
@@ -144,11 +144,11 @@ MalwareName:TargetType:Offset:HexSignature[:MinEngineFunctionalityLevel:[Max]] |
144 | 144 |
\item \verb#EP+n# = entry point plus n bytes (\verb#EP+0# if you |
145 | 145 |
want to anchor to \verb+EP+) |
146 | 146 |
\item \verb#EP-n# = entry point minus n bytes |
147 |
- \item \verb#Sx+n# = start of section's \verb+x+ (counted from 0) |
|
147 |
+ \item \verb#Sx+n# = start of section \verb+x+'s (counted from 0) |
|
148 | 148 |
data plus \verb+n+ bytes |
149 |
- \item \verb#Sx+n# = start of section's \verb+x+ data minus \verb+n+ bytes |
|
149 |
+ \item \verb#Sx-n# = start of section \verb+x+'s data minus \verb+n+ bytes |
|
150 | 150 |
\item \verb#SL+n# = start of last section plus \verb+n+ bytes |
151 |
- \item \verb#SL-n# = start of last section minux \verb+n+ bytes |
|
151 |
+ \item \verb#SL-n# = start of last section minus \verb+n+ bytes |
|
152 | 152 |
\end{itemize} |
153 | 153 |
All signatures in the extended format must be placed in \verb+*.ndb+ files. |
154 | 154 |
|
... | ... |
@@ -204,8 +204,8 @@ virname:encrypted:filename:normal size:csize:crc32:cmethod:fileno:max depth |
204 | 204 |
\end{itemize} |
205 | 205 |
Important rules of the naming convention: |
206 | 206 |
\begin{itemize} |
207 |
- \item always use a -zippwd postfix in the malware name for signatures of type zmd, |
|
208 |
- \item always use a -rarpwd postfix in the malware name for signatures |
|
207 |
+ \item always use a -zippwd suffix in the malware name for signatures of type zmd, |
|
208 |
+ \item always use a -rarpwd suffix in the malware name for signatures |
|
209 | 209 |
of type rmd, |
210 | 210 |
\item only use alphanumeric characters, dash (-), dot (.), underscores |
211 | 211 |
(\_) in malware names, never use space, apostrophe or quote mark. |