[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] YARA support on ClamAV
From: Thomas_Trüten <thomas () trueten ! de>
Date: 2019-07-06 19:52:23
Message-ID: ab7c415e-ab8e-3267-3fc8-0d1f83059eff () trueten ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello Munaf,
I've to correct myself. Due to a bug in the yara definitions, they can
currently only be used to a limited extent or at best not to be used at
all. See ISSUE:
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203 and
workaround:
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuementment-400211109
Sorry.
T.
Am 01.07.19 um 18:04 schrieb Thomas Trüten:
>
> Hello Munaf,
>
> you can use the clamav-unofficial-sigs by extremeshok
> (https://github.com/extremeshok/clamav-unofficial-sigs). The last
> update of the plugin is already a while ago (2017), the signatures,
> including yara, still work, because the plugin is just an interface to
> the signatures.
>
> Maybe this is a help for you.
>
> Am 01.07.19 um 13:20 schrieb Munaf Ahmed (ahmedm) via clamav-users:
>>
>> Hi,
>>
>>
>>
>> Are they any plans to support YARA Modules in ClamAV ?
>>
>>
>>
>> Currently YARA Modules are not supported in CalmAV
>>
>> https://www.clamav.net/documents/using-yara-rules-in-clamav
>>
>>
>>
>> Thanks
>>
>> Munaf
>>
>>
>>
> --
> Bonan tagon,
> Thomas Trueten http://www.trueten.de
>
> PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
> Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
> Threema: FS9ZFTZF jabber: trueten@riseup.net irc: spambouncer@irc.freenode.net
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Bonan tagon,
Thomas Trueten http://www.trueten.de
PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
Threema: FS9ZFTZF jabber: trueten@riseup.net irc: spambouncer@irc.freenode.net
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello Munaf,</p>
<p>I've to correct myself. Due to a bug in the yara definitions,
they can currently only be used to a limited extent or at best not
to be used at all. See ISSUE:
<a class="moz-txt-link-freetext" \
href="https://github.com/extremeshok/clamav-unofficial-sigs/issues/203">https://github.com/extremeshok/clamav-unofficial-sigs/issues/203</a>
and workaround:
<a class="moz-txt-link-freetext" \
href="https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuementment-4 \
00211109">https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuementment-400211109</a><br>
</p>
<div class="moz-cite-prefix">Sorry. <br>
</div>
<div class="moz-cite-prefix">T.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Am 01.07.19 um 18:04 schrieb Thomas
Trüten:<br>
</div>
<blockquote type="cite"
cite="mid:2ab56988-7ad9-e918-fbe6-71e614517d9e@trueten.de">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hello Munaf,</p>
<p>you can use the clamav-unofficial-sigs by extremeshok (<a
class="moz-txt-link-freetext"
href="https://github.com/extremeshok/clamav-unofficial-sigs"
moz-do-not-send="true">https://github.com/extremeshok/clamav-unofficial-sigs</a>).
The last update of the plugin is already a while ago (2017), the
signatures, including yara, still work, because the plugin is
just an interface to the signatures.<br>
<br>
Maybe this is a help for you.<br>
<br>
</p>
<div class="moz-cite-prefix">Am 01.07.19 um 13:20 schrieb Munaf
Ahmed (ahmedm) via clamav-users:<br>
</div>
<blockquote type="cite"
cite="mid:BEF11CC4-D568-4AA4-B954-AE0756889D5E@cisco.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Are they any plans to support YARA
Modules in ClamAV ?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Currently YARA Modules are not supported
in CalmAV<o:p></o:p></p>
<p class="MsoNormal"><a
href="https://www.clamav.net/documents/using-yara-rules-in-clamav"
moz-do-not-send="true"><span \
style="color:purple">https://www.clamav.net/documents/using-yara-rules-in-clamav</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<p class="MsoNormal">Munaf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Bonan tagon,
Thomas Trueten <a class="moz-txt-link-freetext" \
href="http://www.trueten.de" moz-do-not-send="true">http://www.trueten.de</a>
PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
Threema: FS9ZFTZF jabber: <a class="moz-txt-link-abbreviated" \
href="mailto:trueten@riseup.net" moz-do-not-send="true">trueten@riseup.net</a> irc: \
<a class="moz-txt-link-abbreviated" href="mailto:spambouncer@irc.freenode.net" \
moz-do-not-send="true">spambouncer@irc.freenode.net</a> </pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">
_______________________________________________
clamav-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:clamav-users@lists.clamav.net">clamav-users@lists.clamav.net</a> <a \
class="moz-txt-link-freetext" \
href="https://lists.clamav.net/mailman/listinfo/clamav-users">https://lists.clamav.net/mailman/listinfo/clamav-users</a>
Help us build a comprehensive ClamAV guide:
<a class="moz-txt-link-freetext" \
href="https://github.com/vrtadmin/clamav-faq">https://github.com/vrtadmin/clamav-faq</a>
<a class="moz-txt-link-freetext" \
href="http://www.clamav.net/contact.html#ml">http://www.clamav.net/contact.html#ml</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Bonan tagon,
Thomas Trueten <a class="moz-txt-link-freetext" \
href="http://www.trueten.de">http://www.trueten.de</a>
PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
Threema: FS9ZFTZF jabber: <a class="moz-txt-link-abbreviated" \
href="mailto:trueten@riseup.net">trueten@riseup.net</a> irc: <a \
class="moz-txt-link-abbreviated" \
href="mailto:spambouncer@irc.freenode.net">spambouncer@irc.freenode.net</a> </pre>
</body>
</html>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic