#include // created 06/07/2017 14:53
Many thanks demonduck!!
[cut]
> I'll try to convert my rule into LDB!
after some RTFM i finally understand the LDB format, so I created my
first two rules to detect malware obfuscated script in wsf\hta files.
The attachment is a zip\rar archive, which co
#include // created 06/07/2017 14:41
Hi demonduck,
> Unfortunately the Regex engine (...) does not support many regex
> features supported in PCRE v6 or v7.
[cut]
I was afraid of this, I'm digging in to source code of libclamav's regex
to find the differences between original OpenBSD regex a
Hi all,
I wonder how I can use a backreference FilenameRegex in signatures
based on container metadata. I read the manual (signatures.pdf), peeked
into other rules (Sanesecurity) and some RTFM for OpenBSD regex without
success.
I would like to intercept some recurrent pattern in filenames, for
ex
#include // created 03/05/2017 09:23
> Foxhole_filename.cdb etc. use this sort of thing...
>
> Sanesecurity.Foxhole.test:CL_TYPE_ZIP:*:(?i)word\.xls$:*:*:*:*:*:*
Ooops,
before asking I read carefully the manual (signatures.pdf) and peeked in
other CDB rules, but I did not notice it.. sorry
Hi all,
I wonder how I can use a case-insensitive FilenameRegex in signatures
based on container metadata.
I.E.: if I would like to match "word", "Word" and "worD" (abd so on), my
rule will be something like:
TEST.TestFilename.001:CL_TYPE_ZIP:*:[wW][oO][rR][dD]:*:*:*:*:*:*
Is there a way to avo
#include // created 27/07/2016 18:37
Hi!
> Have you looked at MIMEDefang? You can do more or less whatever you
> want if you can write Perl scripts.
I've looked at it, but it's not so simple to integrate on my systems
(now I'm using one VPS to do every antispam\antivirus tasks for all my
ma
#include // created 27/07/2016 10:28
[cut]
> I seem to remember hitting that issue.
I wrote something similar in 13/04 [1] (and here's the patch result [2])
but this request is "different".
I want (if it is possibile, obiuvsly ;) ) to run yara on entire message,
using rules which match both
Hi all,
I'm using custom Yara rules to detect many kind of spam directed to my
customers, it's very effective and gives me many ways to intercept
localized messages (i.e.: spam in italian and french).
Lately those spammers are using base64 encoding in Subject: and body
part, making ineffective my
#include // created 13/04/2016 19:33
> Please refer to the bug report at:
> https://bugzilla.clamav.net/show_bug.cgi?id=11552
> for the patch to resolve the issue.
Wow, thanks for the quick solution :)
I've just tried the patch on my laptop and seems working fine, I do some
tests and I will
#include // created 13/04/2016 16:37
> Hi,
>
> The first question is: Do you have pcre installed and was it found by
> ClamAV .\configure?
[cut]
Ops, I forgot to mention my system configuration.. sorry.
I'm using it on my antispam server with Debian Jessie (with clamav
0.99+dfsg-0+deb8u2 a
Hi,
I'm going mad with a strange behaviour of clamav with custom yara rules.
I'm trying to match some nasty spam email, I decided to use yara for my
custom rules but i noticed a problem: if I use only string detect clamav
(either via clamscan or clamdscan) matches all the email (text +
headers) b
11 matches
Mail list logo
