Rule structure

Every signature contains one or more rules written in ANSI Tool Command Language (TCL) syntax. Each rule contains mandatory and optional sections, with one section per line. Optional sections vary according to the operating system and the class of the rule. Each section defines a rule category and its value. One section always identifies the class of the rule, which defines the rule’s overall behavior.

The basic structure of a rule is:

Rule {

SectionA value

SectionB value

SectionC value

...

}

 

Do not include white space from blanks, tabbing, or indenting at the beginning or end of a line.

All section names and values are case sensitive.

A rule to prevent a request to the web server that has “subject” in the HTTP request query has this format:

Rule {

Class Isapi

Id 4001

level 4

query { Include “*subject*” }

method { Include “GET” }

time { Include “*” }

application { Include “*”}

user_name { Include “*” }

directives -c -d isapi:request

}

See Windows custom signatures for an explanation of the various sections and values.

Copyright © 2006 McAfee, Inc. All Rights Reserved.