...
|
...
|
@@ -482,7 +482,12 @@ Subsig1;Subsig2;...
|
482
|
482
|
\item \verb+FileSize:X-Y+: Required file size (range in bytes; 0.96)
|
483
|
483
|
\item \verb+EntryPoint+: Entry point offset (range in bytes; 0.96)
|
484
|
484
|
\item \verb+NumberOfSections+: Required number of sections in executable (range; 0.96)
|
485
|
|
- \item \verb+Container:CL_TYPE_*+: File type of the container which stores the scanned file
|
|
485
|
+ \item \verb+Container:CL_TYPE_*+: File type of the container which stores the scanned file.
|
|
486
|
+ Specifying \verb+CL_TYPE_ANY+ matches on root objects only.
|
|
487
|
+ \item \verb+Intermediates:CL_TYPE_*>CL_TYPE_*+: File types of intermediate containers which stores the scanned file.
|
|
488
|
+ Specify 1-16 file types separated by '\verb+>+' in top-down order ('\verb+>+' separator not needed for single file type),
|
|
489
|
+ last type should be the immediate container for the malicious content. \verb+CL_TYPE_ANY+ can be used as a wildcard
|
|
490
|
+ file type. (expr; 0.99.3)
|
486
|
491
|
\item \verb+IconGroup1+: Icon group name 1 from .idb signature Required engine functionality (range; 0.96)
|
487
|
492
|
\item \verb+IconGroup2+: Icon group name 2 from .idb signature Required engine functionality (range; 0.96)
|
488
|
493
|
\end{itemize}
|