Hi all,
I wonder how I can use a backreference FilenameRegex in signatures
based on container metadata. I read the manual (signatures.pdf), peeked
into other rules (Sanesecurity) and some RTFM for OpenBSD regex without
success.
I would like to intercept some recurrent pattern in filenames, for
example (i want to match testtest.txt):
TEST.TestFilename.001:CL_TYPE_ZIP:*:(test)\1.txt:*:*:*:*:*:*
And, more "reallity-wise", i want to match filename inside a directory,
where dir and file name are the same: PATTERN/PATTERN.exe with something
like:
TEST.TestFilename.002:CL_TYPE_ZIP:*:([a-z]{8,12})/\1\.exe:*:*:*:*:*:*
But i can't find a way to make it work as expected.. there is someone
who can help me? :)
Thanks in advance,
k.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
