Whoops, I take that back. The code used in ClamAV appears more similar to the "BSD library." Comments state:
* This code is derived from OpenBSD's libc/regex, original license follows: * * Copyright (c) 1992, 1993, 1994 Henry Spencer. * Copyright (c) 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Henry Spencer. * So, I can't say for sure what is the POSIX support without additional research. Best bet is to follow Steve Basford's sanesecurity example to get you going. I don't see any .cdb in the official ClamAV virus database. Steve On Thu, Feb 18, 2016 at 6:13 PM, Steven Morgan <smor...@sourcefire.com> wrote: > Please see https://garyhouston.github.io/regex/. > > Looks like ClamAV uses what is called the "old library." I don't think > this is POSIX compliant with regard to regular expressions. > > Hope this helps, > Steve > > On Thu, Feb 18, 2016 at 3:12 PM, Mehmet Avcioglu <meh...@activecom.net> > wrote: > >> >> > On Feb 18, 2016, at 8:14 PM, Steven Morgan <smor...@sourcefire.com> >> wrote: >> > >> > cdb signatures use a regex library known as "Henry Spencer's regular >> > expressions." Googling documentation for that should give what you want. >> >> Thank you for the information. I searched out for that and found >> documentation, but am not able to get the desired outcome. Henry Spencer’s >> regular expressions are supposed to be POSIX compliment and "\s" is valid >> for space but I cannot get it to work. >> >> For example I am able to use "^New.Doc.*" to match for "New Doc.xls" but >> "^New\sDoc.*" or "^New Doc.*" does not. >> >> Thanks >> >> -- >> Mehmet Avcioglu >> meh...@activecom.net >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
