Dennis, We don't have an on-line rule testing utility. If I see one anywhere, I'll let you know.
Line feeds and other white space can be compressed in yara rules. Referencing other rules within a condition is one of the yara features that is not supported in ClamAV 0.99 beta1. We are looking at how to include it in a future release. On Wed, Jun 10, 2015 at 10:50 AM, Dennis Peterson <denni...@inetnw.com> wrote: > That is a pretty nice addition, Joel. Naturally somebody is going to ask > if there is an on-line rule testing utility anywhere so that might as well > be me :). I'm particularly interested in knowing if the linefeeds between > the keyword rule and the closing brace in the rules can be left out so the > sig files can be somewhat compressed. > > Bonus points if a condition can be @rule and @rule2 not @rule3 so that > rules can be re-used as in a library. > > dp > > On 6/3/15 12:02 PM, Joel Esler (jesler) wrote: > >> ClamAV 0.99b Meets YARA! >> The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 >> has some important new features to improve malware detection. >> >> >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
