On Friday, February 25th, 2022 at 17:39, Andrew C Aitchison
wrote:
> Did you build any tools to help with your rewrite ?
>
> If so they might be a starting point for a YARA <-> LDB convertor,
>
> which sounds like a useful project.
Sorry, no I did it by hand. I took the opportunity to alway
Laurent S. via clamav-users wrote:
Dear Kris,
I've had the same issue. In the last two years, I was regularly writing YARA
sigs in ClamAV and finding that it behaves in strange ways... Especially the
regex integration.
I specifically remember that counting regex wasn't possible and that I had
Maarten Broekman via clamav-users wrote:
There's not a lot that you can do in Yara rules that you can't do in LDB
sigs... for what it's worth, here's a logical sig that detects the same
thing as the Yara rules...
mbroekman@lothlorien:~$ grep MJB.JS.SendEmail
clamdb/javascript_sigs.ldb| sigtoo
On Fri, 25 Feb 2022, Laurent S. via clamav-users wrote:
I've had the same issue. In the last two years, I was regularly
writing YARA sigs in ClamAV and finding that it behaves in strange
ways... Especially the regex integration.
......
After too many timeouts and strange
Dear Kris,
I've had the same issue. In the last two years, I was regularly writing YARA
sigs in ClamAV and finding that it behaves in strange ways... Especially the
regex integration.
I specifically remember that counting regex wasn't possible and that I had to
write those sigs either in strin
There's not a lot that you can do in Yara rules that you can't do in LDB
sigs... for what it's worth, here's a logical sig that detects the same
thing as the Yara rules...
mbroekman@lothlorien:~$ grep MJB.JS.SendEmail clamdb/javascript_sigs.ldb|
sigtool --decode-sigs
VIRUS NAME: MJB.JS.SendEmailFu
Hi - first posting here
Brand new install of clamav and first thing I ran was "sudo freshclam" which
gave the following.
McMadmin: sudo freshclam
ClamAV update process started at Thu Feb 24 20:38:54 2022
daily database available for download (remote ve
Hi there,
On Fri, 25 Feb 2022, Joel Esler via clamav-users wrote:
Pretty sure you can write what you’re trying to look for with an ldb
signature anyway.
One can write an LDB signature which might look like this:
8<--
clamav-
Pretty sure you can write what you’re trying to look for with an ldb signature
anyway.
—
Sent from my iPhone
> On Feb 24, 2022, at 18:53, G.W. Haywood via clamav-users
> wrote:
>
> Hi there,
>
>> On Thu, 24 Feb 2022, Kris Deugau wrote:
>>
>> After chasing docs back and forth and trying
