That is a pretty nice addition, Joel. Naturally somebody is going to ask if
there is an on-line rule testing utility anywhere so that might as well be me
:). I'm particularly interested in knowing if the linefeeds between the keyword
rule and the closing brace in the rules can be left out so the sig files can be
somewhat compressed.
Bonus points if a condition can be @rule and @rule2 not @rule3 so that rules can
be re-used as in a library.
dp
On 6/3/15 12:02 PM, Joel Esler (jesler) wrote:
ClamAV 0.99b Meets YARA!
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 has
some important new features to improve malware detection.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
