On 2016-08-11 19:32, Axb wrote:
In that post aithor states:
"I created some YARA rules that use the external variable „filename“
to work. LOKI and THOR use the „filename“ and other external variables
by default."
hmm... now how the heck do we get to happen with ClamAv? :)
.. talking to myself...
+1
try see foxhole rules, imho it can match filenames and sizes, but i wish
it was more dokumented
also logical signatures in clamav is very simple, just wish it was more
dokumented
try compiled yara rules with clamav, not source rules, dont know if that
makes a diffrence for clamav
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
