Difference between revisions of "SBI file format"
m (→Description) |
m (→Example: added block header comments) |
||
Line 13: | Line 13: | ||
:: IAmSpyware|This is just an invented bot | :: IAmSpyware|This is just an invented bot | ||
+ | // {Cat:Test}{Cnt:1} | ||
+ | // {Det:myname,2008-02-17} | ||
File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10" | File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10" | ||
File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5" | File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5" | ||
:: SecondProduct | :: SecondProduct | ||
+ | // {Cat:Test}{Cnt:0} | ||
+ | // {Det:myname,2008-02-17} | ||
NoOp:"setenv=silly:example" | NoOp:"setenv=silly:example" | ||
Revision as of 08:29, 28 May 2008
SBI files are detection databases than can be used to tell Spybot - Search & Destroy where and how to look for malware.
This document describes the OpenSBI format, which is a plain text format that can be used by anyone.
Usage
Inside the Spybot - Search & Destroy program files folder, you'll find a subfolder named Includes. This folder contains the standard detection databases distributed by Safer Networking Ltd., but you can also create your own files in here. Every file here will be shown inside the application on the Filesets page (you may have to switch to Advanced Mode to see this).
Example
// info: This is an example fileset // info|Deutsch: Dies ist ein Beispiel-Datensatz // date: 2008-02-17 (1.5) :: IAmSpyware|This is just an invented bot // {Cat:Test}{Cnt:1} // {Det:myname,2008-02-17} File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10" File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5" :: SecondProduct // {Cat:Test}{Cnt:0} // {Det:myname,2008-02-17} NoOp:"setenv=silly:example"
Description
The first thing you'll notice in the example above are the comment lines; every line beginning with two dashes are comment lines, and may appear everywhere in the file. These are the only lines that you can freely use, along with empty lines as fillers to make the text easier to read. There are a few special comment lines:
- First comment in every file should be of the info type above, which is the information shown inside the application on the Filesets page.
- These are localizable as shown in the second line, where Deutsch is the localized name of the German language.
- Specifiying a date, in yyyy-mm-dd format, optionally with a minimum Spybot-S&D version in brackets behind it, is also recommended.
- ...
Each product is started with two colons followed by a space, then the product name, which may, but should not, contain spaces. An upright line can be used to add an optional description shown on the Ignore Products page inside the application.
All other lines are intepreted as SBI Commands, defining what exactly is to be detected.