AWriting Custom Signatures

This section describes the structure of custom signatures and provides information on how to write custom signatures for the various client platforms. Topics include:

„Rule Structure

„Windows Custom Signatures

„Solaris Custom Signatures

„Linux Custom Signatures

Rule Structure

Every signature contains one or more rules written in ANSI Tool Command Language (TCL) syntax. Each rule contains mandatory and optional sections, with one section per line. Optional sections vary according to the operating system and the class of the rule. Each section defines a rule category and its value. One section always identifies the class of the rule, which defines the rule’s overall behavior.

The basic structure of a rule is the following:

Rule {

SectionA value

SectionB value

SectionC value

...

}

Be sure to review the rules for writing strings and escape sequences in TCL before attempting to write custom rules. A quick review of any standard reference on TCL should ensure that you enter proper values correctly.

164

Page 164
Image 164
McAfee 6.1 manual Writing Custom Signatures, Rule Structure, Basic structure of a rule is the following, 164