Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 01-26-2015, 02:26
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 331
Rept. Given: 25
Rept. Rcvd 108 Times in 53 Posts
Thanks Given: 49
Thanks Rcvd at 566 Times in 225 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by mr.exodia View Post
After some reading it appears to be using Aho-Corasick or the Booyer-more string search algorithms, which is nice indeed. It is very unfortunate that the signature search is so tightly integrated with the codebase, otherwise I would have added it to the tests...
There are a handful of regex scans inside of it as well.

As for saying that stuff in this thread is not real signature scanning, I'm not sure why you would think that. Everything posted here are all valid methods of scanning for signatures regardless of what kind of software it is used within.
Reply With Quote
  #17  
Old 02-03-2015, 01:00
sh3dow sh3dow is online now
Family
 
Join Date: Oct 2014
Posts: 103
Rept. Given: 97
Rept. Rcvd 77 Times in 22 Posts
Thanks Given: 276
Thanks Rcvd at 123 Times in 45 Posts
sh3dow Reputation: 77
if antivirus have good algorithms why not see Norton Antivirus 2006 source code
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 04:14.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )