Advanced file parameters

From SpybotWiki
Revision as of 10:34, 22 February 2008 by CCRDude (talk | contribs) (New page: ==Description== ''Advanced file parameters'' are parameters used in certain file-related commands to scan file contents. You usually specify a comma separated list of para...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Description

Advanced file parameters are parameters used in certain file-related commands to scan file contents. You usually specify a comma separated list of parameters which then gets combined in an optimized AND operation, from left to right, stopping when a condition does not match. This leads to a few useful things:

  1. Put easy tests in front, to avoid heavy cost tests executed when not necessary.
    • Parameters to check the environment (regarding flow control) belong to the very beginning since they're cheapest.
    • Basic attributes and cashed operations (like file hashes) are usually quite cheap.
  2. Add heavy cost and active flow control parameters to the end.
    • Add parameters to set the environment to the very end to have them set only when the file was identified by all previous parameters.
    • Parameters for Binary anywhere matching are probably the most costly operations.

The field used for advanced file parameters can often also be used for advanced build parameters, check the actual command for details.

Examples

filesize=10,md5=1234567890ABCDEFFEDCBA0987654321

As soon as spaces appear, you need to put quotes around that parameter:

filesize=10,"field[ver]=CompanyName|Malware Inc."

Keep in mind that in the bigger context of the parameter list of the actual command, you need to escape quotes by doubling them:

File:"Example","<$WINDIR>\Malware.exe","filesize=10,""field[ver]=CompanyName|Malware Inc."""