著電腦科技與網路發展的進步，網路已經扮演成為我們生活中重要的一個角色。隨著網路的蓬勃發展，大量的病毒以及有害的攻擊在網路上不斷的傳播。防毒軟體系統被用來檢查檔案的內容以保護電腦不受有害的攻擊。字串比對在防毒軟體系統中是一個很重要的組成部分。一些有名的字串比對演算法，像是：AC、BM都有很高的搜尋效率，但是記憶體使用量很大。除此之外，防毒軟體也會採用一些正規表示法的特色來進行字串比對。
在這篇論文，我們研讀ClamAV的原始碼並提出一些方法已減少記憶體的使用量。在實驗的結果中，我們可以減少比原先69%的記憶體使用在ClamAV的字串比對中。此外，我們也將說明ClamAV的整體架構以及處理流程
關鍵字：防毒軟體系統；字串比對；ClamAV

As the advance of computer technology and network development, Internet becomes an important role in our lives. With the rapid evolution of Internet, more and more malicious attacks and viruses spread over the Internet every day. Therefore, antivirus system is used to inspect the files payload, and protect the computers by preventing the malicious attacks. Pattern matching is an important component of antivirus. Some of famous pattern matching algorithms, such as AC and BM which have high performance of searching process but the memory usage is large is used in antivirus. Besides, the features of regular expression are also used in antivirus.
In this thesis, we study the source code in ClamAV antivirus system, and propose some schemes to reduce the memory usage in ClamAV . In the experimental results, we can reduce 69% of memory usage in ClamAV pattern match algorithm comparing to original. We also show the whole structure and flow path of ClamAV implementation.
Keyword: Antivirus system; Pattern Matching; ClamAV;

[1] Snort. [Online]. https://www.snort.org/
[2] ClamAV. [Online]. https://www.clamav.net/
[3] Sailesh Kumar, Sarang Dharmapurikar, Fang Yu, Patrick Crowley, and Jonathan Turner, “Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection”, ACM SIGCOMM - Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
[4] Thinh Tran Ngoc, Tran Trung and Hieu Hiroshi Ishii, “Memory-efficient signature matching for ClamAV on FPGA”, 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)
[5] Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, and Yuesheng Zhu, “String Searching Engine for Virus Scanning”, IEEE TRANSACTIONS ON COMPUTERS, VOL. 60, NO. 11, NOVEMBER 2011
[6] Johnny Tsung Lin Ho and Guy G. F. Lemieux, “PERG-Rx: A Hardware Pattern-Matching Engine Supporting Limited Regular Expressions”, Proceedings of the ACM/SIGDA 17th International Symposium on Field Programmable Gate Arrays, FPGA 2009, Monterey, California, USA, February 22-24, 2009
[7] Nga Lam Or, Xing Wang, and Derek Pao, “MEMORY-Based Hardware Architectures to Detect ClamAV Virus Signatures with Restricted Regular Expression Features”, IEEE Transactions on Computers ( Volume: 65, Issue: 4, April 1 2016 )
[8] V. Aho and M. J. Corasick, “Efficient string matching: An aid to bibliography search” Communications of the ACM, vol. 18, no.6, pp.333-340, 1975.
[9] R. S. Boyer and J. S. Moore, “A fast string searching algorithm” Communications of the ACM, vol. 20, no 10, pp.762-772, Oct. 1977.
[10] Sun Wu, Udi Manber, “A fast algorithm For Multi-Pattern Searching,” Technical Report TR 94-17, University of Arizona at Tuscon, May 1994.
[11] Xing Wang, Nga Lam Or, Ziyan Lu and Derek Pao, “Hardware Accelerator to Detect Multi-Segment Virus Patterns”, The Computer Journal ( Volume: 58, Issue: 10, Oct. 2015 )