[clamav-users] Strange problem with custom Yara rule
Kevin Lin
klin at sourcefire.com
Wed Apr 13 17:33:46 UTC 2016
Please refer to the bug report at:
https://bugzilla.clamav.net/show_bug.cgi?id=11552
for the patch to resolve the issue.
On Wed, Apr 13, 2016 at 1:32 PM, Kevin Lin <klin at sourcefire.com> wrote:
> ClamAV, in order to optimize the AC algorithm execution, runs the filetype signatures alongside the malware detection signatures. ClamAV is set to immediately return after AC execution if a filetype signature detection occurs. This unfortunately causes the engine to skip PCRE signature execution.
>
>
> On Wed, Apr 13, 2016 at 1:00 PM, Steven Morgan <smorgan at sourcefire.com>
> wrote:
>
>> Hi,
>>
>> Thanks for the example. I've opened bug
>> https://bugzilla.clamav.net/show_bug.cgi?id=11552 to track.
>>
>> Thanks again,
>> Steve
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
More information about the clamav-users
mailing list