Well, assuming you put the rules in c:\Temp\yarfile.yar, no. If you didn't put that file there or can't explain why it's there, then it is a positive match you need to investigate.
-- WXS > On Aug 10, 2020, at 9:12 PM, Michael Fry <michaela...@gmail.com> wrote: > > So does that mean it is a positive for something being detected? > > On Tuesday, 11 August 2020 10:41:48 UTC+10, Wesley Shields wrote: > The format is <rule name> <matching file path>. > > In your case, YARA matched two rules on the file c:\Temp\yarfile.yar > > -- WXS > >> On Aug 10, 2020, at 8:33 PM, Michael Fry <micha...@gmail.com <>> wrote: >> >> Hi All, >> >> So I have recently been asked to use Yara to scan some servers for some IOCs >> and I am using the command line version. >> >> The yar file was provided to me. >> >> I am struggling to find anything anywhere that outlines interpretting the >> log file. For example, if I have the below, is this indicating a type of >> scan using a particular yar file? Or is it indicating that it has found >> something? >> >> webshell_embedded_jscript_evaluator c:\\Temp\yarfile.yar >> webshell_jscript_eval c:\\Temp\yarfile.yar >> >> Thanks >> Michael >> >> -- >> You received this message because you are subscribed to the Google Groups >> "YARA" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to yara-p...@googlegroups.com <>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com >> >> <https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com > <mailto:yara-project+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/348a4407-a2b3-4d18-853d-2f7da33827dco%40googlegroups.com > > <https://groups.google.com/d/msgid/yara-project/348a4407-a2b3-4d18-853d-2f7da33827dco%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/D0021161-59A1-4BDD-A7A6-F60105164DAD%40atarininja.org.
