On Sat May 13 13:25:07 2017 From: Alain Zidouemba <azidoue...@sourcefire.com> wrote: > > Yara rules have been supported by ClamAV since 2015: > http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html > > - Alain
I'm following these instructions now. The instruction say, "just place your YARA rule files into the ClamAV virus database location." I've copied the Homland Security yara script to a file, wannaCry.yar, in my /var/lib/clamav directory. Is that it? No clamscan switch or config setting? Is there any way to confirm this rule is being used? I also downloaded and looked at the yara repo on github. There are over 400 rules in the zipfile. To use some or all of them would I just unzip into my database location? The instructions also say, "Regular expressions in both YARA rules and ClamAV logical signatures require the Perl Compatible Regular Expressions (PCRE) library." Is there a way to see if my clamAV was built with this? Thanks, Mark > > On Sat, May 13, 2017 at 1:16 PM, Alex <mysqlstud...@gmail.com> wrote: > > > Hi, > > > > So you've probably heard of the latest ransomware dubbed WannaCry. I'm > > wondering if anyone has figured out a way to integrate the yara > > signatures for these types of exploits with spamassassin? > > > > https://www.us-cert.gov/ncas/alerts/TA17-132A > > > > What is the status of development of integration of yara rules into clamav? > > > > [deleted] > > > > Thanks, > > Alex > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml