[Clamav-devel] Yara language version, ClamAV documentation.
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Jun 15 19:31:01 UTC 2021
Hi Ged,
Sorry I was on vacation the past few days.
Bugzilla tickets are also private by default, though we're switching to use Github Issues soon, which are public-only.
Can you please send me a private mail about it? I'd like to give it a try.
-Micah
> -----Original Message-----
> From: clamav-devel <clamav-devel-bounces at lists.clamav.net> On Behalf Of
> G.W. Haywood
> Sent: Thursday, June 10, 2021 3:51 AM
> To: clamav-devel at lists.clamav.net
> Subject: Re: [Clamav-devel] Yara language version, ClamAV documentation.
>
> Hi there,
>
> On Mon, 24 May 2021, G.W. Haywood wrote:
>
> > ...
> > I'm not sure if the 'word boundary' atoms (\b, \B) are supported or
> > not - I don't even know how to find out, except perhaps at the risk of
> > crashing clamd. I *think* I managed to do that with bad Yara rule. :(
> > ...
>
> Now I'm sure.
>
> Micah, would you prefer me to send you a private mail about it, or post it on
> Bugzilla? I'm reluctant to publish it because a crash might be exploitable,
> although with this one it would most likely be hard work.
>
> A separate issue, I'm also seeing a problem with the syntax '.{,n}'.
>
> A rule containing the following works fine, it matches my test sample:
>
> 8<----------------------------------------------------------------------
> ...
> $unsubscribe = /reply.{0,30}no/ ascii nocase
> ...
> condition:
> 6 of them
> 8<----------------------------------------------------------------------
>
> In the same rule, the following doesn't match the same test sample:
>
> $unsubscribe = /reply.{,30}no/ ascii nocase
>
> The docs are very clear that the syntax is legal. It took a while to nail that
> down...
>
> --
>
> 73,
> Ged.
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-
> Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-devel
mailing list