Is some way to specify nonprintables characters in the field “content”?
He would be interesting also to be able to specify wildcards.
For example a chain as TESTx03x??x??SAMPLE could mean:
the word TEST
an ASCII 3 (x03)
two places for any value (x??x??) (2 wildcards)
and word SAMPLE
With these alternatives, it would be a very powerful tool
to write rules to mark packages, for example of virus, p2p, etc.