Browse code
updated documentation for 'Intermediates' TDB option (#5)
klin authored on 2017/02/03 02:40:08Showing 2 changed files
| ... | ... |
@@ -482,7 +482,12 @@ Subsig1;Subsig2;... |
| 482 | 482 |
\item \verb+FileSize:X-Y+: Required file size (range in bytes; 0.96) |
| 483 | 483 |
\item \verb+EntryPoint+: Entry point offset (range in bytes; 0.96) |
| 484 | 484 |
\item \verb+NumberOfSections+: Required number of sections in executable (range; 0.96) |
| 485 |
- \item \verb+Container:CL_TYPE_*+: File type of the container which stores the scanned file |
|
| 485 |
+ \item \verb+Container:CL_TYPE_*+: File type of the container which stores the scanned file. |
|
| 486 |
+ Specifying \verb+CL_TYPE_ANY+ matches on root objects only. |
|
| 487 |
+ \item \verb+Intermediates:CL_TYPE_*>CL_TYPE_*+: File types of intermediate containers which stores the scanned file. |
|
| 488 |
+ Specify 1-16 file types separated by '\verb+>+' in top-down order ('\verb+>+' separator not needed for single file type),
|
|
| 489 |
+ last type should be the immediate container for the malicious content. \verb+CL_TYPE_ANY+ can be used as a wildcard |
|
| 490 |
+ file type. (expr; 0.99.3) |
|
| 486 | 491 |
\item \verb+IconGroup1+: Icon group name 1 from .idb signature Required engine functionality (range; 0.96) |
| 487 | 492 |
\item \verb+IconGroup2+: Icon group name 2 from .idb signature Required engine functionality (range; 0.96) |
| 488 | 493 |
\end{itemize}
|