Re: [clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"

Steven Morgan Thu, 11 Aug 2016 08:09:04 -0700

filename does not appear as a yara keyword:

http://yara.readthedocs.io/en/latest/writingrules.html


Is it a new keyword not yet in a released version of yara? Did you mean
filesize?

On Thu, Aug 11, 2016 at 5:21 AM, Axb <axb.li...@gmail.com> wrote:

> Guys,
>
> clamscan --database=test.yar blah.html
> LibClamAV Error: yyerror(): test.yar line 6 undefined identifier
> "filename"
> LibClamAV Error: cli_loadyara: failed to parse rules file test.yar, error
> count 1
> test.yar: OK
> blah.html: OK
>
> test.yar
> rule TEST_BLAH_FILENAME
> {
>     strings:
>         $BLAH = "blah"
>          condition:
>          $BLAH and filename == "blah.html"
> }
>
> Am I missing something? or is filename unsupported by ClamAV's YARA engine?
>
> Thanks!
> Axb
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"

Reply via email to