You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DROID sets a default max bytes to scan for identification, which defaults to 64k and can be set to -1 for unlimited scanning.
However, it is not currently easy to tune DROID for the best identification/speed trade off, or to know which signatures tend to perform badly.
Returning the bytes scanned per identification would make both problems trivial.
It might not be necessary to alter the underlying profile database (as that carries a lot of GUI and filtering baggage as well). It could be a command line option only that appends that value to the CSV output, if a flag was specified. Since the use case would be advanced profiling of a corpus or signature development.
The text was updated successfully, but these errors were encountered:
Another piece of information which would be useful to support signature development is an average count per signature of how many bytes they scanned when they failed to identify something. As for weakly specified signatures with wildcard scanning, these costs may dominate, rather than the times they actually found something.
That might be something added to the sigtool, rather than the main DROID engine. Reports the bytes read to match and bytes read on match failure, for each signature used.
DROID sets a default max bytes to scan for identification, which defaults to 64k and can be set to -1 for unlimited scanning.
However, it is not currently easy to tune DROID for the best identification/speed trade off, or to know which signatures tend to perform badly.
Returning the bytes scanned per identification would make both problems trivial.
It might not be necessary to alter the underlying profile database (as that carries a lot of GUI and filtering baggage as well). It could be a command line option only that appends that value to the CSV output, if a flag was specified. Since the use case would be advanced profiling of a corpus or signature development.
The text was updated successfully, but these errors were encountered: