[clamav-users] ClamAV(R) blog: ClamAV 0.99b Meets YARA!
Steve Basford
steveb_clamav at sanesecurity.com
Thu Jun 11 16:40:34 UTC 2015
On 11 June 2015 16:37:09 Steven Morgan <smorgan at sourcefire.com> wrote:
> Steve
>
> Here is a quick demo for your question. The file names in this test are the
> same as the file content:
>
> rule basford
> {
> strings:
> $match1 = "bbb"
> $ignore1 = "nnnnn"
> $ignore2 = "zbcz"
> condition:
> $match1 and not ($ignore1 or $ignore2)
> }
>
> smorgan at ubuntu:~/work/yara$ clamscan -d simple/basford.yar sample/
Awesome stuff... drool...
thanks for the confimation
Sorry for the rubbish phone edit :)
More information about the clamav-users
mailing list