Hi all,
thanks for your post Ged.
I have a maldet 6.1.4 installed under /usr/local:
#maldet -version
=======================
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <p...@rfxn.com>
(C) 2019, Ryan MacDonald <r...@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
=======================
but when I do
# grep -n is__elf /usr/local/maldetect/sigs/rfxn.yara
I get
=======================
9112: is__elf and all of ($s*)
=======================
same when I do
# grep -n is__elf /var/lib/clamav/rfxn.yara
=======================
9112: is__elf and all of ($s*)
=======================
I just downloaded maldet 1.6.4 and had a look into my downlowds dir, I
can see
# grep -n is__elf ~/telechargements/maldetect-1.6.4/files/sigs/rfxn.yara
=======================
9068:private rule is__elf
9105: is__elf and all of ($s*)
=======================
So it seems that neither Clamav nor Maldet installed on my Debian box
have the right rfxn.* files
I'm not familiar with these programs but I would like to understand if
clamav is delivered with an instance of rfxn files or if those files are
installed with Maldet (part of Maldet package?) or something else.
May be something is/was broken somewhere and it would save me time
reinstall maldet or clamav, both, copy the rfxn.* files?
Please your advise.
Thanks
Le 11/11/2019 à 14:41, G.W. Haywood via clamav-users a écrit :
Hi there,
On Mon, 11 Nov 2019, Philippe Lefèvre wrote:
# grep -n is__elf /var/lib/clamav/rfxn.yara
9112: is__elf and all of ($s*)
Maybe this will help:
https://www.rfxn.com/downloads/maldetect-current.tar.gz
8<----------------------------------------------------------------------
laptop3:~$ >>> grep -n is__elf
~/Downloads/maldetect-1.6.4/files/sigs/rfxn.yara
9068:private rule is__elf
9105: is__elf and all of ($s*)
laptop3:~$ >>>
8<----------------------------------------------------------------------
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml