[clamav-users] clamav 0.99 beta yara
Steven Morgan
smorgan at sourcefire.com
Thu Jun 25 19:20:03 UTC 2015
Steve,
Thanks. We'll look into additional command line/clamd.conf options to
select or exclude signature types. This might be best done if/when Cisco
ships yara signatures, since currently users are responsible for the
content and locations of database directories regarding yara and these can
easily be managed using the --database/DatabaseDir parameters.
We have not yet given much consideration to useful configuration and
runtime parameters for yara, so if anyone has any other ideas/use cases for
yara signatures, please add in.
Thanks,
Steve
On Thu, Jun 25, 2015 at 6:35 AM, Steve Basford <
steveb_clamav at sanesecurity.com> wrote:
> Just a few more question to think about...
>
>
> 3) Clamscan --official-db-only=yes
>
> Will that only apply to ndb's or to Yara too... or do we need
> --official-yara-only=yes?
>
> 4) Clamscan --yara-signatures=no
>
> Will there be an option like the above to disable Yara sigs
>
> 5) Will there be an option to *only* use Yara sigs,
> eg. --only-yara-dbs=yes and ignore ndb's
>
> So, options in both clamd.conf and clamscan... just to give people
> flexability?
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list