How to write my own detection rules?

If you decide to create detection rules on your own, you should visit our Wiki,                          which offers an overview and descriptions to the available rules and file parameters.                    You should also visit our OpenSBI forum .


FAQ Category: Open SBI, Spybot 2, Spybot Tools

How to use Scripting?

The script editor allows you to create complex malware detection patterns using our OpenSBI syntax and the Pascal language. A most simple script that you also implement using a simple .sbi file as well would be this:

begin sbiFile(‘<$FILE_DATA>’,’\Malware.txt’,’filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548′); end.

Now imagine you want some user input or custom calculation, because malware is individual to your system.

var sName, sFilename: String;
begin
    InputQuery(‘Username’, ‘Please enter’, sName);
    sFilename := ‘C:\Users\’ + sName + ‘\test.txt’;
    sbiFile(‘test’, sFilename, ‘filesize=10’);
    ShowMessage(‘Did look for ‘ + sFilename);
end.

This demonstrates interaction with the user. In reality, you could of course just use the proper path template for scanning all users directories (see the OpenSBI Wiki). Also, the use of scripting will be more in complex calculations and conditions than user interaction.


FAQ Category: Open SBI, Spybot 2