[clamav-users] Strange problem with custom Yara rule
Kevin Lin
klin at sourcefire.com
Wed Apr 13 17:32:48 UTC 2016
ClamAV, in order to optimize the AC algorithm execution, runs the
filetype signatures alongside the malware detection signatures. ClamAV
is set to immediately return after AC execution if a filetype
signature detection occurs. This unfortunately causes the engine to
skip PCRE signature execution.
On Wed, Apr 13, 2016 at 1:00 PM, Steven Morgan <smorgan at sourcefire.com>
wrote:
> Hi,
>
> Thanks for the example. I've opened bug
> https://bugzilla.clamav.net/show_bug.cgi?id=11552 to track.
>
> Thanks again,
> Steve
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list