#include <Steve basford.h> // created 27/07/2016 10:28 [cut]
> I seem to remember hitting that issue. I wrote something similar in 13/04 [1] (and here's the patch result [2]) but this request is "different". I want (if it is possibile, obiuvsly ;) ) to run yara on entire message, using rules which match both headers and body. With clamav patched I can run my rules and detect unwanted message matching regexp on both header and body part. But lately those spammers starts to encode their body part in base64, making my rules useless, because my regex match "decoded" strings (i.e.: plain words). Clamav run yara\pcre on original message (header+body encoded) and then run rules on every decoded part but without header. I admit that is a strange question, but maybe someone has a trick which helps me:) k. 1: http://lists.clamav.net/pipermail/clamav-users/2016-April/002782.html 2: https://bugzilla.clamav.net/show_bug.cgi?id=11552 _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
