/decoders/50_trend_decoder.xml
XML | 17 lines | 5 code | 5 blank | 7 comment | 0 complexity | beaf831f2f631e467f7a356fb5d16eff MD5 | raw file
1 2 3 4 5<!-- Trend Micro OSCE (Office Scan) decoder. 6 - 20090716<;>948<;>TROJ_Generic.DIT<;>25<;>3<;>0<;>C:\Documents and Settings\Administrator\Desktop\HyperSnap 6.02.01_EN\HprSnap6Man.chm<;> 7 - 20090716<;>950<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\DCS_VM-ICRC-WFBS6\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;> 8 - 20090716<;>951<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;> 9 - Date<;>Time<;>Virus name<;>Scan result<;>Scan type<;>Seen<;>Filename<;> 10 - We are only extracting the scan result right now. 11 --> 12<decoder name="trend-osce"> 13 <prematch>^20\d\d\d\d\d\d\<;></prematch> 14 <regex offset="after_prematch">^\d+\<;>\S+\<;>(\d+)\<;</regex> 15 <order>id</order> 16</decoder> 17