[Clamav-devel] Question about wildcards ?? and {n} in signatures

Hello,

I am doing my Msc thesis work in pattern matching, and I am using
ClamAV's signature database.

I've got a question about two specific wildcards that are stated in
the signatures.pdf file (titled "Creating Signatures for ClamAV").

According to the document, the wildcard "{n}" states that n bytes can
be matched. Also, the wildcard "??" states that any one byte can be
matched. I have found some "{1}" wildcards in the database. I assume
that by saying "match n bytes", the meaning is that we can match any n
bytes. If that is the case, what is the difference between "??" and
"{1}" ? Or am I wrong, and {n} means "match the previous byte, n
times"?

Thank you for your time.

Best regards,

-Alexandre Dias
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

• This message: [ Message body ]
• Next message: Tomasz Kojm: "Re: [Clamav-devel] Question about wildcards ?? and {n} in signatures"
• Next in thread: Tomasz Kojm: "Re: [Clamav-devel] Question about wildcards ?? and {n} in signatures"
• Reply: Tomasz Kojm: "Re: [Clamav-devel] Question about wildcards ?? and {n} in signatures"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]