[clamav-users] Sig writing advice - complex matching in a PDF
G.W. Haywood
clamav at jubileegroup.co.uk
Fri Jun 18 22:34:07 UTC 2021
Hi there,
On Fri, 18 Jun 2021, Kris Deugau wrote:
> I want to match a string I've extracted from one of the files left by
> clamscan --leave-temps, but ONLY if the outermost file being scanned is a
> PDF.
>
> The string on its own is just generic enough I don't want to rely on it
> alone, so I want to limit matching to PDF files. ...
Could you let me have the PDF and the things you've tried privately,
so I can take a look at them? Coincidentally I've been scratching my
head this week over Yara rules and I've just sent reports on half a
dozen different oddities to Micah.
--
73,
Ged.
More information about the clamav-users
mailing list