I'm not entirely familiar with yara, but based on https://yara.readthedocs.io/en/latest/modules/elf.html , there is no such function as "is__elf". Based on a whole search in the yara doc, there's only is_dll, is_32bit and is_64bit. Further googling shows this: https://github.com/Yara-Rules/rules/commit/8130cda6a3cd1b470b59e29a769162600bf1efab It seems is__elf is a private function now, so you can't use it directly anymore I guess.
Franky Op Maandag, 11-11-2019 om 09:10 schreef Philippe Lefèvre: Hello, thanks for your reply :-) here is: ================================= # grep -n is__elf /var/lib/clamav/rfxn.yara 9112: is__elf and all of ($s*) ================================= Le 11/11/2019 à 01:02, G.W. Haywood via clamav-users a écrit : > grep -n is__elf /var/lib/clamav/rfxn.yara _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
