[clamav-users] Am I allowed to use yara rules?
Thomas Barth
tbarth at txbweb.de
Mon Sep 2 20:02:06 UTC 2019
Hello,
today I got informed that I should not use the yara rules. They have
major issues with clamav 1.0.1, ie memory leaks and complete failure of
clamav.
ls -al /var/lib/clamav/*.yar*
-rw-r--r-- 1 clamav clamav 465 Sep 2 17:50
/var/lib/clamav/CVE-2010-0805.yar
-rw-r--r-- 1 clamav clamav 823 Sep 2 17:50
/var/lib/clamav/CVE-2010-0887.yar
-rw-r--r-- 1 clamav clamav 442 Sep 2 17:50
/var/lib/clamav/CVE-2010-1297.yar
-rw-r--r-- 1 clamav clamav 341 Sep 2 17:50
/var/lib/clamav/CVE-2013-0074.yar
-rw-r--r-- 1 clamav clamav 903 Sep 2 17:50
/var/lib/clamav/CVE-2013-0422.yar
-rw-r--r-- 1 clamav clamav 775 Sep 2 17:50
/var/lib/clamav/CVE-2015-5119.yar
-rw-r--r-- 1 clamav clamav 10889 Aug 12 19:55
/var/lib/clamav/EK_Angler.yar
-rw-r--r-- 1 clamav clamav 14659 Aug 12 19:55
/var/lib/clamav/EK_Blackhole.yar
-rw-r--r-- 1 clamav clamav 3401 Aug 12 19:55
/var/lib/clamav/EK_BleedingLife.yar
-rw-r--r-- 1 clamav clamav 1349 Aug 12 19:55
/var/lib/clamav/EK_Crimepack.yar
-rw-r--r-- 1 clamav clamav 4688 Aug 12 19:55
/var/lib/clamav/EK_Eleonore.yar
-rw-r--r-- 1 clamav clamav 8268 Aug 12 19:55
/var/lib/clamav/EK_Fragus.yar
-rw-r--r-- 1 clamav clamav 16842 Aug 12 19:55
/var/lib/clamav/EK_Phoenix.yar
-rw-r--r-- 1 clamav clamav 1860 Aug 12 19:55
/var/lib/clamav/EK_Sakura.yar
-rw-r--r-- 1 clamav clamav 8488 Aug 12 19:55
/var/lib/clamav/EK_ZeroAcces.yar
-rw-r--r-- 1 clamav clamav 1435 Aug 12 19:55
/var/lib/clamav/EK_Zerox88.yar
-rw-r--r-- 1 clamav clamav 800 Aug 12 19:55
/var/lib/clamav/EK_Zeus.yar
-rw-r--r-- 1 clamav clamav 1462 Jul 1 2015
/var/lib/clamav/Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav 1233 Feb 22 2016
/var/lib/clamav/Sanesecurity_spam.yara
My question is where I can download a bunch of infected e-mails of all
types to test clamav and see if it really crashes.
More information about the clamav-users
mailing list