Browse code
added subsig options documentation
Kevin Lin authored on 2015/02/14 07:30:39Showing 1 changed files
| ... | ... |
@@ -585,6 +585,15 @@ Firefox.boundElements;Target:0;0&1&2;6576656e742e626f756e64456c6 |
| 585 | 585 |
22?window\.close\s*\x28/si |
| 586 | 586 |
\end{verbatim}
|
| 587 | 587 |
|
| 588 |
+ \subsection{Subsignature Options}
|
|
| 589 |
+ ClamAV (clamav-0.99) supports a number of additional subsignature options |
|
| 590 |
+ for logical signatures. This is done by specifying a single '/' followed |
|
| 591 |
+ by a number of characters representing the option. |
|
| 592 |
+ \begin{itemize}
|
|
| 593 |
+ \item \verb+i+\\ |
|
| 594 |
+ Match subsignature as case-insensitive. (ex. ..;42434445/i;..) |
|
| 595 |
+ \end{itemize}
|
|
| 596 |
+ |
|
| 588 | 597 |
\subsection{Icon signatures for PE files}
|
| 589 | 598 |
ClamAV 0.96 includes an approximate/fuzzy icon matcher to help |
| 590 | 599 |
detecting malicious executables disguising themselves as innocent |