I have read the source code of clamav 0.90 and found a bug in it's matching
algorithm.
To test it, I have made one sample file and two pattern files as follows:
sample file:
a.sam:
111 222 222 333
a.db:
pat_a=313131*323232{-5}333333
b.db:
313131{-100}323232{-5}333333
I scaned the sample file by these two patten files respectively, the pattern
"b.db" detected the sample file, but the pattern "a.db" missed.
I think the sample file should be detected too by the pattern files "a.db".
To fix it, i modify the line 483 in matcher-ac.c to
if (pt->maxdist) mdata->maxshift[pt->sigid - 1] = mdata->partoff[pt->sigid -
1][j] + pt->maxdist - curroff;
Can anyone tell me this modification is right or not ?
alex
[EMAIL PROTECTED]
2007-03-05
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
