[clamav-users] FilenameRegex and backreferences
Al Varnell
alvarnell at mac.com
Thu Jul 6 10:41:38 UTC 2017
Have you used this Regular Expressions Tutorial?
<http://www.regular-expressions.info/tutorial.html>
-Al-
On Thu, Jul 06, 2017 at 03:31 AM, kionez wrote:
>
> Hi all,
>
> I wonder how I can use a backreference FilenameRegex in signatures
> based on container metadata. I read the manual (signatures.pdf), peeked
> into other rules (Sanesecurity) and some RTFM for OpenBSD regex without
> success.
>
> I would like to intercept some recurrent pattern in filenames, for
> example (i want to match testtest.txt):
>
> TEST.TestFilename.001:CL_TYPE_ZIP:*:(test)\1.txt:*:*:*:*:*:*
>
> And, more "reallity-wise", i want to match filename inside a directory,
> where dir and file name are the same: PATTERN/PATTERN.exe with something
> like:
>
> TEST.TestFilename.002:CL_TYPE_ZIP:*:([a-z]{8,12})/\1\.exe:*:*:*:*:*:*
>
> But i can't find a way to make it work as expected.. there is someone
> who can help me? :)
>
> Thanks in advance,
>
> k.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170706/01520bb8/attachment.bin>
More information about the clamav-users
mailing list