On 11 June 2015 20:41:13 Alain Zidouemba wrote:
This has been supported since the introduction of logical signatures (ldb)
in ClamAV 0.94.
Yep, I'm already using the ldb feature but a yara rule using the feature
would make things easier to auto generate mostly, which it geat news.
__
This has been supported since the introduction of logical signatures (ldb)
in ClamAV 0.94.
- Alain
On Thu, Jun 11, 2015 at 11:00 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, June 11, 2015 3:51 pm, Steven Morgan wrote:
> >
> > We've borrowed the yacc/lex code from yara p
On 11 June 2015 16:37:09 Steven Morgan wrote:
Steve
Here is a quick demo for your question. The file names in this test are the
same as the file content:
rule basford
{
strings:
$match1 = "bbb"
$ignore1 = "n"
$ignore2 = "zbcz"
condition:
$match1 and not ($ignore1 or $ignore2)
Steve
Here is a quick demo for your question. The file names in this test are the
same as the file content:
rule basford
{
strings:
$match1 = "bbb"
$ignore1 = "n"
$ignore2 = "zbcz"
condition:
$match1 and not ($ignore1 or $ignore2)
}
smorgan@ubuntu:~/work/yara$ clamscan -d simple/b
On Thu, June 11, 2015 3:51 pm, Steven Morgan wrote:
>
> We've borrowed the yacc/lex code from yara project.
Hi,
Does that mean ClamAV will support this condition in the current beta:
$match1 and not ($ignore1 or $ignore2)
I'll wait to test once windows binary beta arrives... or find a bit
of t
Credit goes to the yara developers for the grammar :)
We've borrowed the yacc/lex code from yara project.
I think they've done a nice job with it as well!
On Thu, Jun 11, 2015 at 2:28 AM, Dennis Peterson
wrote:
> Thanks, Steven - there's a lot to like already. Nice job on the grammar.
>
> dp
>
