clamav中ac算法分析(根据signature构建ac字典树-cli_ac_addpatt)
本文对clamav的ac算法载入signature构建字典树的过程进行分析,本文基于如下ndb特征码进行分析:
File
test1.ndb test_ndb_sig1:0: 13,15:6f6f6f{1-2}6e6e6b6b6b ooo{1-2}nnkkk
test2.ndb test_ndb_sig2:0:0:6f6f6f{1-2}6d6d6b6b6b ooo{1-2}mmkkk
test3.ndb test_ndb_partsig:0:3,5:6f6f6e{1-2}6b6b6b oon{1-2}kkk
test.ndb test_ndb_partsig:0:3,5:6f6f6f{4-6}6b6b6b ooo{4-6}kkk
完整内容请点击如下链接:
点击打开链接
摘要:
Clamavfuncation call flow(AC scan).1
The function cli_ac_addpatt.2
Data structures.2
Test case.4
the loading:4
add signature(pre processing for regular expression) - AC.5
add pattern to AC tire.6
