Thanks, Steven - there's a lot to like already. Nice job on the grammar.
dp
On 6/10/15 12:55 PM, Steven Morgan wrote:
Dennis,
We don't have an on-line rule testing utility. If I see one anywhere, I'll
let you know.
Line feeds and other white space can be compressed in yara rules.
Referencing other rules within a condition is one of the yara features that
is not supported in ClamAV 0.99 beta1. We are looking at how to include it
in a future release.
On Wed, Jun 10, 2015 at 10:50 AM, Dennis Peterson <denni...@inetnw.com>
wrote:
That is a pretty nice addition, Joel. Naturally somebody is going to ask
if there is an on-line rule testing utility anywhere so that might as well
be me :). I'm particularly interested in knowing if the linefeeds between
the keyword rule and the closing brace in the rules can be left out so the
sig files can be somewhat compressed.
Bonus points if a condition can be @rule and @rule2 not @rule3 so that
rules can be re-used as in a library.
dp
On 6/3/15 12:02 PM, Joel Esler (jesler) wrote:
ClamAV 0.99b Meets YARA!
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99
has some important new features to improve malware detection.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
