That is a pretty nice addition, Joel. Naturally somebody is going to ask if
there is an on-line rule testing utility anywhere so that might as well be me
:). I'm particularly interested in knowing if the linefeeds between the keyword
rule and the closing brace in the rules can be left out so the
Dennis,
We don't have an on-line rule testing utility. If I see one anywhere, I'll
let you know.
Line feeds and other white space can be compressed in yara rules.
Referencing other rules within a condition is one of the yara features that
is not supported in ClamAV 0.99 beta1. We are looking at
Thanks, Steven - there's a lot to like already. Nice job on the grammar.
dp
On 6/10/15 12:55 PM, Steven Morgan wrote:
Dennis,
We don't have an on-line rule testing utility. If I see one anywhere, I'll
let you know.
Line feeds and other white space can be compressed in yara rules.
Referencing
