Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!nstn.ns.ca!news.cs.indiana.edu!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: CHESS@YKTVMV.BITNET (David.M.Chess)
Newsgroups: comp.virus
Subject: Re: Tequila virus (PC)
Message-ID: <0006.9105232038.AA03593@ubu.cert.sei.cmu.edu>
Date: 23 May 91 14:56:12 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 16
Approved: krvw@sei.cmu.edu

>From:    microsoft!c-rossgr@uunet.uu.net
>
>Sorry: I don't count "wild card" strings as a search pattern.  There's
>too much chance for false positives.  But, true, if you don't mind the
>occasional false positive, I guess you could state that a search
>string was available for Tequilaa.

A string with wildcards isn't necessarily more prone to false
positives than one without, as long as there are enough additional
fixed bytes in the one with wildcards to make up for the extra degrees
of freedom added by the wildcards.  I think?  Any sort of
less-than-virus-length scan string is somewhat prone to false alarms,
but ones with wildcards, if properly chosen, aren't necessarily any
worse than ones without...

DC