On 2010-05-12 20:53, Mohammed Al-Saleh wrote:
> Hi,
>
> I have two questions. Thanks in advance for answers.
> 1- MAXSOPATLEN constant was commented in more than one location to contain
> the value 32 but in the actual implementation its value is 8. So, was it
> implemented first as 32 then changed to 8? if yes, can you please tell me
> why? Does this mean that we only have 8 states for the filtering step?
>
Yes it was changed to 8 because it is sufficient, you'll find that most
of the subsignatures are very short (2-4 bytes) which makes it that much
harder to prefilter (since these 2-4 byte sequence generate a lot of
false matches).
commit 2c04b207e01eed2bdcdc5fca596476b25aa7b7cd
Author: Török Edvin <ed...@clamav.net>
Date: Sat Nov 29 10:07:33 2008 +0000
8 bits are sufficient, we only care if it is longer than 4
characters or not.
TODO: maybe we can use the rest of 24 states for something else?
git-svn-id:
file:///var/lib/svn/clamav-devel/branches/prefilter...@4491
77e5149b-7576-45b1-b177-96237e5ba77b
> 2- if we count the number of signatures in the 10 roots (root[0] through
> root[9]) for both AC and BM, the total would around 100,000 signatures. So,
> would the remaining number of signatures (759261 - (~100,000) ) be the md5
> and such signatures?
Yeah .hdb and .mdb make up the majority of signatures.
Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
