Steve, One more question: is Sansecurity planning to distribute yara signatures when 0.99 final is released? This will help with appropriate scheduling of any parameter implementations.
Thanks, Steve On Thu, Jun 25, 2015 at 3:20 PM, Steven Morgan <smor...@sourcefire.com> wrote: > Steve, > > Thanks. We'll look into additional command line/clamd.conf options to > select or exclude signature types. This might be best done if/when Cisco > ships yara signatures, since currently users are responsible for the > content and locations of database directories regarding yara and these can > easily be managed using the --database/DatabaseDir parameters. > > We have not yet given much consideration to useful configuration and > runtime parameters for yara, so if anyone has any other ideas/use cases for > yara signatures, please add in. > > Thanks, > Steve > > On Thu, Jun 25, 2015 at 6:35 AM, Steve Basford < > steveb_cla...@sanesecurity.com> wrote: > >> Just a few more question to think about... >> >> >> 3) Clamscan --official-db-only=yes >> >> Will that only apply to ndb's or to Yara too... or do we need >> --official-yara-only=yes? >> >> 4) Clamscan --yara-signatures=no >> >> Will there be an option like the above to disable Yara sigs >> >> 5) Will there be an option to *only* use Yara sigs, >> eg. --only-yara-dbs=yes and ignore ndb's >> >> So, options in both clamd.conf and clamscan... just to give people >> flexability? >> >> Cheers, >> >> Steve >> Web : sanesecurity.com >> Blog: sanesecurity.blogspot.com >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml