This page doesn't give out a lot of informations, but there are more in README files in the CVS.
You can also download the slides of my presentation at FOSDEM 2003.

The idea is to have an API frontend that give you the ability to load plugins. Each plugin can provide one or more algorithms. Each algorithm can be instantiated to one or more search objects. Then you add patterns to the object (patterns can include \0 (!), and can be case sensitive or not, include jokers, ..). Then you compile it. The search object will then be able to search simultaneously every patterns (even of heterogeneous types) in a given buffer. One of the interests is the use of states to summarize a past search. States are trivially implemented for automata based algorithms, and are not so hard to implement for other algorithms (if n is the longest pattern, just keep the n-1 last bytes in the state for the next search). This give you the ability to match patterns that overlap on 2 buffers without having to worry about that (TCP reassembly for IDSes is greatly simplified : no need to move paylods to adjacents zones, no need to keep a paylod in memory waiting for the next. Benefits for AV that work on flux could be great too).

This API is also implemented for linux kernels. For each algorithm, a wrapper is automatically generated for it to be compiled with the kernel. The API and the algorithms can also be compiled as LKM.

It will be included in Prelude Hybrid IDS, but could also be used in antivirus softwares.

If you want to use it or contribute at it, adding algorithms, if you want to contribute algorithms that you want me to implement, etc... don't hesitate to contact me.

For the moment, it's fully functionnal. You can get this from this tarball : libqsearch-0.8.tar.gz (GPG sig) (the CVS is down for now)