Ok Ged,
many thanks again for your reply.
As far as I can see, CLAMAV works well. Only this Maldet error seems to
me strange as it appeared recently.
Until now, I did not even see that link between clamav and maldet.
I'm going to look at Maldet installation and YARA integration more
precisely a
Hello again,
On Mon, 11 Nov 2019, Philippe Lefèvre wrote:
thanks for your post Ged.
You're very welcome. :)
... it seems that neither Clamav nor Maldet installed on my Debian box
have the right rfxn.* files
I'm not familiar with these programs but I would like to understand if
clamav is
Hi all,
thanks for your post Ged.
I have a maldet 6.1.4 installed under /usr/local:
#maldet -version
===
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks
(C) 2019, Ryan MacDonald
This program may be freely redistributed under the terms of the
Hi there,
On Mon, 11 Nov 2019, Philippe Lefèvre wrote:
# grep -n is__elf /var/lib/clamav/rfxn.yara
9112: is__elf and all of ($s*)
Maybe this will help:
https://www.rfxn.com/downloads/maldetect-current.tar.gz
8<--
lap
I'm not entirely familiar with yara, but based on
https://yara.readthedocs.io/en/latest/modules/elf.html , there is no
such function as "is__elf".
Based on a whole search in the yara doc, there's only is_dll, is_32bit
and is_64bit.
Further googling shows this:
https://github.com/Yara-Rules/rules/co
Hello,
thanks for your reply :-)
here is:
=
# grep -n is__elf /var/lib/clamav/rfxn.yara
9112: is__elf and all of ($s*)
=
Le 11/11/2019 à 01:02, G.W. Haywood via clamav-users a écrit :
grep -n is__elf /var/lib/clamav/rfxn.ya
Hi there,
On Sun, 10 Nov 2019, Philippe Lefèvre wrote:
Since some time (less than a month I think) I now get this message when I
launch a directory scan.
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 8955 undefined
identifier "is_
Hello,
Since some time (less than a month I think) I now get this message when
I launch a directory scan.
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 8955
undefined identifier "is__elf"
LibClamAV Warning: cli_loadyara: failed to
