mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-05-18 21:40:17 -04:00
3dc50c83ae
I was unaware that while Yara rule regex strings may-or-may-not escape '/' characters in the regex string, Clam logical sigs MUST escape them. The Yara rule parser automatically removes the unnecessary '/': https://github.com/Cisco-Talos/clamav/blob/clamav-0.105.1/libclamav/yara_lexer.l#L509-L514 That's a good feature, we don't want to remove that. But the Clam logical sigs don't have an equivalent feature. So I changed the LDB version of the regex '/' + ':' test to include the escape '\/' character. This commit also adds some new tests to make sure we don't break support for LDB sigs with multiple PCRE subsignatures in the future, and to test that the offset feature and the case-insensitive feature work for PCRE subsignatures.