Hi there,
On Wed, 2 Mar 2022, Kris Deugau wrote:
Micah Snyder (micasnyd) via clamav-users wrote:
... some examples from my short time spent brainstorming
this a few months back.
// example logical signature
[snip]
TBH that looks almost identical to the Yara rule syntax at a quick look.
Very similar, but I don't know if you could refer to one rule from
another rule? I use that feature all the time with Yara. Very handy,
but in fact the 64 string-per-Yara-rule limit imposed by ClamAV makes
it essential.
Hard to say whether it would be better to spend time spinning up yet
another signature format, or fixing edge cases in one that's already
present and in use.
Exactly how I feel, it's hard to say. I'm torn between cutting/losses
and babies/bathwater. But if there's a plug-in Yara engine library of
some description that's anything like up to date and can be shoehorned
in easily it has to be worth a shot. Something like this
https://rustrepo.com/repo/Hugal31-yara-rust-rust-security-tools
given that Rust is where it's going?
Earler today for this thread I was looking at some history. FWIW for
the past year I've averaged about 1.25 Yara rule edits per day.
Perhaps we should take this to the dev list.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
