[Community-sigs] How to maintain human readable signature database?

Rafael Ferreira raf at uvasoftware.com
Sat Mar 26 19:28:17 EDT 2016 

Possible sure (for the simplest rules) but not everything YARA does is supported in clamav yet. 


> On Mar 26, 2016, at 3:11 PM, Do <do1 at yandex.ru> wrote:
> 
> Hello Rafael,
> 
> Is it possible to convert YARA rules into ClamAV ones?
> For use in earlier clamav versions, such as 0.98.
> 
> Also, I wonder if somebody successfuly used using template engines or macro
> processors like jinja2 or even m4 for rule development.
> 
> 27.03.2016, 00:17, "Rafael Ferreira" <raf at uvasoftware.com <mailto:raf at uvasoftware.com>>:
>> Clamav (as of 0.99) supports YARA rules (see https://plusvic.github.io/yara/ <https://plusvic.github.io/yara/><https://plusvic.github.io/yara/ <https://plusvic.github.io/yara/>>) which are, objectively, more human friendly.
>> 
>>>  On Mar 26, 2016, at 2:14 PM, Do <do1 at yandex.ru> wrote:
>>> 
>>>  Hello,
>>> 
>>>  Current signatures format is machine readable hex string dump sort of like
>>>  machine code.
>>> 
>>>  How developers maintain signature database, in a way so it's will be possible to
>>>  add comments, write some strings in text instead of pure hex, so it all become
>>>  bit more human readable, structured, and self-documented?
>>>  What are suggestions on that?
>>> 
>>>  Best regards,
>>>  _______________________________________________
>>>  Community-sigs mailing list
>>>  Community-sigs at lists.clamav.net
>>>  http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>> 
>>>  http://www.clamav.net/contact.html#ml
>> 
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net <mailto:Community-sigs at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs <http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs>
>> 
>> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net <mailto:Community-sigs at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs <http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs>
> 
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>

More information about the Community-sigs mailing list