Because of its accuracy, pattern matching is considered an important technique in anti-virus/worm applications. Among some famous pattern matching algorithms, the Aho-Corasick (AC) can match multiple patterns simultaneously and guarantee deterministic performance under all circumstances. However, the AC algorithm was developed for strings while virus/worm signatures could be specified by simple regular expressions. In this paper, we enhance the AC algorithm to systematically construct a signature matching system which can indicate the ending position in a finite input string for the occurrence of virus/worm signatures that are specified by strings or simple regular expressions. The regular expressions studied are those adopted in ClamAV for signature specification. Our proposed signature matching system consists of a pre-filter and a verification module. The purpose of pre-filter is to quickly exclude the parts of input string which obviously do not contain signatures and find the starting positions of suspicious sub-strings which may result in match of some signatures. The verification module is an extension of the AC algorithm that consists of multiple levels of goto graphs. Goto graphs in the same level are connected by a novel fork function. Those in different levels could be traversed concurrently. Experimental results show that, compared with ClamAV implementation and its enhancement and the extended finite automaton (XFA), our proposed system yields better throughput performance with acceptable memory requirement.