Re: [clamav-users] Strange problem with custom Yara rule

#include // created 13/04/2016 19:33 > Please refer to the bug report at: > https://bugzilla.clamav.net/show_bug.cgi?id=11552 > for the patch to resolve the issue. Wow, thanks for the quick solution :) I've just tried the patch on my laptop and seems working fine, I do some tests and I will

Re: [clamav-users] Strange problem with custom Yara rule

Please refer to the bug report at: https://bugzilla.clamav.net/show_bug.cgi?id=11552 for the patch to resolve the issue. On Wed, Apr 13, 2016 at 1:32 PM, Kevin Lin wrote: > ClamAV, in order to optimize the AC algorithm execution, runs the filetype > signatures alongside

Re: [clamav-users] Strange problem with custom Yara rule

ClamAV, in order to optimize the AC algorithm execution, runs the filetype signatures alongside the malware detection signatures. ClamAV is set to immediately return after AC execution if a filetype signature detection occurs. This unfortunately causes the engine to skip PCRE signature execution.

Re: [clamav-users] Strange problem with custom Yara rule

Hi, Thanks for the example. I've opened bug https://bugzilla.clamav.net/show_bug.cgi?id=11552 to track. Thanks again, Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Strange problem with custom Yara rule

Hi, kionez-- On Apr 13, 2016, at 8:11 AM, kionez wrote: > I'm using it on my antispam server with Debian Jessie (with clamav > 0.99+dfsg-0+deb8u2 and libpcre3 8.35-3.3+deb8u4 ) and also testing on my > laptop with Arch linux (clamav 0.99.1-2 and pcre 8.38-3). I try to >

Re: [clamav-users] Strange problem with custom Yara rule

#include // created 13/04/2016 16:37 > Hi, > > The first question is: Do you have pcre installed and was it found by > ClamAV .\configure? [cut] Ops, I forgot to mention my system configuration.. sorry. I'm using it on my antispam server with Debian Jessie (with clamav 0.99+dfsg-0+deb8u2

Re: [clamav-users] Strange problem with custom Yara rule

Hi, The first question is: Do you have pcre installed and was it found by ClamAV .\configure? You should see something like: pcre: /usr near the end of the ./configure output. Steve ___ Help us build a comprehensive ClamAV

[clamav-users] Strange problem with custom Yara rule

Hi, I'm going mad with a strange behaviour of clamav with custom yara rules. I'm trying to match some nasty spam email, I decided to use yara for my custom rules but i noticed a problem: if I use only string detect clamav (either via clamscan or clamdscan) matches all the email (text + headers)