Steve, Thanks. We'll look into additional command line/clamd.conf options to select or exclude signature types. This might be best done if/when Cisco ships yara signatures, since currently users are responsible for the content and locations of database directories regarding yara and these can easily be managed using the --database/DatabaseDir parameters.
We have not yet given much consideration to useful configuration and runtime parameters for yara, so if anyone has any other ideas/use cases for yara signatures, please add in. Thanks, Steve On Thu, Jun 25, 2015 at 6:35 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > Just a few more question to think about... > > > 3) Clamscan --official-db-only=yes > > Will that only apply to ndb's or to Yara too... or do we need > --official-yara-only=yes? > > 4) Clamscan --yara-signatures=no > > Will there be an option like the above to disable Yara sigs > > 5) Will there be an option to *only* use Yara sigs, > eg. --only-yara-dbs=yes and ignore ndb's > > So, options in both clamd.conf and clamscan... just to give people > flexability? > > Cheers, > > Steve > Web : sanesecurity.com > Blog: sanesecurity.blogspot.com > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
