The format is <rule name> <matching file path>. In your case, YARA matched two rules on the file c:\Temp\yarfile.yar
-- WXS > On Aug 10, 2020, at 8:33 PM, Michael Fry <michaela...@gmail.com> wrote: > > Hi All, > > So I have recently been asked to use Yara to scan some servers for some IOCs > and I am using the command line version. > > The yar file was provided to me. > > I am struggling to find anything anywhere that outlines interpretting the log > file. For example, if I have the below, is this indicating a type of scan > using a particular yar file? Or is it indicating that it has found something? > > webshell_embedded_jscript_evaluator c:\\Temp\yarfile.yar > webshell_jscript_eval c:\\Temp\yarfile.yar > > Thanks > Michael > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com > <mailto:yara-project+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com > > <https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/F9A47C08-C594-4FE0-AF6C-1375A23CB926%40atarininja.org.
