Thanks for your reply.
I am very interesting in the virus engien. I want to know the whole
algorithm of scaning and trying to optimize the "int cli_scanpe(cli_ctx
*ctx, icon_groupset *iconset)" function.
I have read the readdb.c and pe.c file, I think the soff variable restore
the length of the PE sections in the database. Am I right?
And I want to know why not using the binary search instead of following
code? Maybe it can speed up scanning?
for(j = 0; j < md5_sect->soff_len && md5_sect->soff[j] <=
exe_sections[i].rsz; j++) {2010/6/30 Török Edwin <[email protected]> > On Wed, 30 Jun 2010 11:45:15 +0800 > candy <[email protected]> wrote: > > > Hi all~ > > Thank you for solving my problem before. I still have some other > > questions when analysing the codes of ClamAV. Could anybody help me > > again? What does the member variable uint32_t *soff stands for? > > Have a look at readdb.c, and pe.c. > > > Why > > sort the elements which the soff point to? Is the qsort function in > > the code implement the quick sort algorithm? > > See qsort.c. > > What are you trying to do with soff? > > Best regards, > --Edwin > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
