Detect-It-Easy/db_custom/example.0.sg

// Detect It Easy: detection rule file

// URL_TO_REFERENCE
meta("DETECTION_TYPE_TEXT", "DETECTION_NAME_TEXT");

function detect() {

    if (false) {

        sVersion = "DETECTION_VERSION_INFO_TEXT";

        sOptions = "DETECTION_OPTIONS_INFO_TEXT";

        bDetected = true; // IS_DETECTED_BOOLEAN

    }

    return result();
}

/*
 Tips for writing detection scripts:
  * If you want to detect a specific file format, use full-file signature search as a last resort (after checking magic values or if you just want to get the version when bDetected is already true)
  * Avoid using _setResult instead of init(). But you can use it as an addition to the main detection.
  * sVersion, sOptions, bDetected, sLang, sLangVersion, etc. are already declared with default values. You don't need to reset them at the start of the file.
  * Try to follow the code style from the main "db" directory files.
  * If you want to forcibly stop script execution, just use "return;"
  * Try to keep detection logic as simple and readable as possible. Avoid overcomplicating checks if a simple signature or magic value check is enough.
  * Use early returns to reduce nesting and improve code clarity.
  * Comment any non-obvious logic or magic values, especially if they are based on reverse engineering or undocumented behavior.
  * If your detection is based on version or build info, try to extract and display it in sVersion for user clarity.
  * Avoid hardcoding offsets unless absolutely necessary; use named constants or helper functions for maintainability.
  * Test your rule on both positive and negative samples to avoid false positives.
  * If your rule is generic and may match multiple products, add extra checks to minimize misdetection.
  * Add a number before the .sg extension to indicate the script index (its execution priority).
*/