Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99b Meets YARA!

Steve Basford Thu, 11 Jun 2015 09:41:58 -0700


On 11 June 2015 16:37:09 Steven Morgan <smor...@sourcefire.com> wrote:

Steve

Here is a quick demo for your question. The file names in this test are the
same as the file content:

 rule basford
{
 strings:
  $match1 = "bbb"
  $ignore1 = "nnnnn"
  $ignore2 = "zbcz"
 condition:
  $match1 and not ($ignore1 or $ignore2)
}

smorgan@ubuntu:~/work/yara$ clamscan -d simple/basford.yar sample/


Awesome stuff... drool...

thanks for the confimation

Sorry for the rubbish phone edit :)



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99b Meets YARA!

Reply via email to