CLSID matching

[hermit921]

Back to my original question.  Does this expression match anywhere in the 
file name or match only as the end of the file name?  The comments say one 
thing but I read it as the other.

hermit921


At 10:29 AM 3/2/2006, Julian Field wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Agreed, but my simple one is faster and close enough. I've never had a
>report of a false alarm. If it ain't broke (or anyone is reporting it as
>broke) then I see no point in fixing it :-)
>
>Rick Cooper wrote:
> >> I was looking in the filenames file at the CLSID line.  Doesn't this match
> >> any file name containing that 25 character string in {}, not just 
> ending in
> >> that string?
> >>
> >> hermit921
> >>
> >>
> >> # Deny filenames ending with CLSID's
> >> deny \{[a-hA-H0-9-]{25,}\}   Filename trying to hide its real
> >> type                         Files
> >> containing  CLSID's are trying to hide their real type
> >>
> >
> > Not to beat a dead horse, but I was thinking after that last post and 
> if you
> > want to get technically correct a CLSID is a string of five groups of Hex
> > number groups in the format of 8-4-4-12 such as
> > {00020812-0000-0000-C000-000000000046} for the microsoft excel application.
> > So a properly formatted CLSID detection regex would be:
> >
> > deny
> > 
> \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{
> > 12}\}$
> >
> > or I guess you could shorten it to: deny
> > \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$
> >
>- --
>Julian Field