Scan engine

New versions of Clam AntiVirus use a mutation of the Aho-Corasick pattern matching algorithm. The algorithm is based a finite state pattern matching automaton [1] and it's a generalization of the famous Knuth-Morris-Pratt algorithm. Please take a look at the matcher.h for data type definitions. The automaton is represented by a trie. It is a rooted tree with some specific properties [2]. Every node of the trie represents some state of the automaton. In our implementation, the node is defined as follows:

	struct cl_node {
	    short int islast;
	    struct cli_patt *list;
	    int maxpatlen;
	    struct node *next[NUM_CHILDS], *trans[NUM_CHILDS], *fail;
	};

[To be continued...]