[clamav-users] Minor bug or working as intended?
G.W. Haywood
clamav at jubileegroup.co.uk
Wed Mar 2 16:56:11 UTC 2022
Hi there,
On Wed, 2 Mar 2022, Kris Deugau wrote:
> Micah Snyder (micasnyd) via clamav-users wrote:
>>
>> ... some examples from my short time spent brainstorming
>> this a few months back.
>>
>> // example logical signature
> [snip]
>
> TBH that looks almost identical to the Yara rule syntax at a quick look.
Very similar, but I don't know if you could refer to one rule from
another rule? I use that feature all the time with Yara. Very handy,
but in fact the 64 string-per-Yara-rule limit imposed by ClamAV makes
it essential.
> Hard to say whether it would be better to spend time spinning up yet
> another signature format, or fixing edge cases in one that's already
> present and in use.
Exactly how I feel, it's hard to say. I'm torn between cutting/losses
and babies/bathwater. But if there's a plug-in Yara engine library of
some description that's anything like up to date and can be shoehorned
in easily it has to be worth a shot. Something like this
https://rustrepo.com/repo/Hugal31-yara-rust-rust-security-tools
given that Rust is where it's going?
Earler today for this thread I was looking at some history. FWIW for
the past year I've averaged about 1.25 Yara rule edits per day.
Perhaps we should take this to the dev list.
--
73,
Ged.
More information about the clamav-users
mailing list