Re: [clamav-users] Clamav error using YARA

[Philippe Lefèvre]

Hi all,
thanks for your post Ged.

I have a maldet 6.1.4 installed under /usr/local:
#maldet -version
=======================
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <p...@rfxn.com>
            (C) 2019, Ryan MacDonald <r...@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
=======================
but when I do
# grep -n is__elf /usr/local/maldetect/sigs/rfxn.yara
I get
=======================
9112:        is__elf and all of ($s*)
=======================

same when I do
# grep -n is__elf /var/lib/clamav/rfxn.yara
=======================
9112:        is__elf and all of ($s*)
=======================

I just downloaded maldet 1.6.4 and had a look into my downlowds dir, I 
can see
# grep -n is__elf ~/telechargements/maldetect-1.6.4/files/sigs/rfxn.yara
=======================
9068:private rule is__elf
9105:        is__elf and all of ($s*)
=======================

So it seems that neither Clamav nor Maldet installed on my Debian box 
have the right rfxn.* files

I'm not familiar with these programs but I would like to understand if 
clamav is delivered with an instance of rfxn files or if those files are 
installed with Maldet (part of Maldet package?) or something else.
May be something is/was broken somewhere and it would save me time 
reinstall maldet or clamav, both, copy the rfxn.* files?

Please your advise.

Thanks



Le 11/11/2019 à 14:41, G.W. Haywood via clamav-users a écrit :
Hi there,

On Mon, 11 Nov 2019, Philippe Lefèvre wrote:

# grep -n is__elf /var/lib/clamav/rfxn.yara
9112:        is__elf and all of ($s*)

Maybe this will help:

https://www.rfxn.com/downloads/maldetect-current.tar.gz

8<----------------------------------------------------------------------
laptop3:~$ >>> grep -n is__elf 
~/Downloads/maldetect-1.6.4/files/sigs/rfxn.yara
9068:private rule is__elf
9105:        is__elf and all of ($s*)
laptop3:~$ >>> 
8<----------------------------------------------------------------------



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml