[clamav-users] ClamAV(R) blog: ClamAV 0.99b Meets YARA!
Dennis Peterson
dennispe at inetnw.com
Thu Jun 11 06:28:40 UTC 2015
Thanks, Steven - there's a lot to like already. Nice job on the grammar.
dp
On 6/10/15 12:55 PM, Steven Morgan wrote:
> Dennis,
>
> We don't have an on-line rule testing utility. If I see one anywhere, I'll
> let you know.
>
> Line feeds and other white space can be compressed in yara rules.
>
> Referencing other rules within a condition is one of the yara features that
> is not supported in ClamAV 0.99 beta1. We are looking at how to include it
> in a future release.
>
> On Wed, Jun 10, 2015 at 10:50 AM, Dennis Peterson <dennispe at inetnw.com>
> wrote:
>
>> That is a pretty nice addition, Joel. Naturally somebody is going to ask
>> if there is an on-line rule testing utility anywhere so that might as well
>> be me :). I'm particularly interested in knowing if the linefeeds between
>> the keyword rule and the closing brace in the rules can be left out so the
>> sig files can be somewhat compressed.
>>
>> Bonus points if a condition can be @rule and @rule2 not @rule3 so that
>> rules can be re-used as in a library.
>>
>> dp
>>
>> On 6/3/15 12:02 PM, Joel Esler (jesler) wrote:
>>
>>> ClamAV 0.99b Meets YARA!
>>> The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99
>>> has some important new features to improve malware detection.
>>>
>>>
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list