#include <Kevin Lin.h> // created 13/04/2016 19:33
> Please refer to the bug report at:
> https://bugzilla.clamav.net/show_bug.cgi?id=11552
> for the patch to resolve the issue.
Wow, thanks for the quick solution :)
I've just tried the patch on my laptop and seems working fine, I do some
tests and I will push on production server (I think is pretty safe to
use it on production).
Some example, using files posted before and a simple rule for combining
string and regex match:
rule Header_combined // test_combined.yara
{
strings:
$match_string = "pass"
$match_regex = /pass/
condition:
$match_regex and $match_string
}
Before patch:
$ clamscan --no-summary -d test_body.yara -z test.eml
test.eml: YARA.Body_string.UNOFFICIAL FOUND
test.eml: YARA.Body_Regex.UNOFFICIAL FOUND
$ clamscan --no-summary -d test_header.yara -z test.eml
test.eml: YARA.Header_string.UNOFFICIAL FOUND
$ clamscan --no-summary -d test_combined.yara -z test.eml
test.eml: OK
After patch:
$ clamscan --no-summary -d test_body.yara -z test.eml
test.eml: YARA.Body_string.UNOFFICIAL FOUND
test.eml: YARA.Body_Regex.UNOFFICIAL FOUND
$ clamscan --no-summary -d test_header.yara -z test.eml
test.eml: YARA.Header_string.UNOFFICIAL FOUND
test.eml: YARA.Header_Regex.UNOFFICIAL FOUND
$ clamscan --no-summary -d test_combined.yara -z test.eml
test.eml: YARA.Header_combined.UNOFFICIAL FOUND
So, I confirm that is solved!
Thanks!
k.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
