On 26.06.15 15:56, Rahman, Mohammad "Babu" wrote:
Can someone please tell me if ClamAV has any virsus scanner product for
AIX? I have downloaded a binaries from open source (it says for AIX) but
it does not compile. It has many compilation error.
how can you compile binaries?
Have you tried t
...@lists.clamav.net] On Behalf Of
Steven Morgan
Sent: Thursday, June 25, 2015 2:51 PM
To: ClamAV users ML
Subject: Re: [clamav-users] clamav 0.99 beta yara
Steve,
One more question: is Sansecurity planning to distribute yara signatures when
0.99 final is released? This will help with appropriate
On Thu, June 25, 2015 10:50 pm, Steven Morgan wrote:
> Steve,
>
>
> One more question: is Sansecurity planning to distribute yara signatures
> when 0.99 final is released? This will help with appropriate scheduling of
> any parameter implementations.
Well, there's a new download script with Yara
Steve,
One more question: is Sansecurity planning to distribute yara signatures
when 0.99 final is released? This will help with appropriate scheduling of
any parameter implementations.
Thanks,
Steve
On Thu, Jun 25, 2015 at 3:20 PM, Steven Morgan
wrote:
> Steve,
>
> Thanks. We'll look into add
Steve,
Thanks. We'll look into additional command line/clamd.conf options to
select or exclude signature types. This might be best done if/when Cisco
ships yara signatures, since currently users are responsible for the
content and locations of database directories regarding yara and these can
easi
Steve,
Thanks for the pointers.
We'll look in to adding a yara suffix, although it is not done for other
sig types and it is also easy to grep the sig name within the database
directory to identify the sig type/origin.
As for whitelisting yara, that code should be already in place. I'll double
c
Just a few more question to think about...
3) Clamscan --official-db-only=yes
Will that only apply to ndb's or to Yara too... or do we need
--official-yara-only=yes?
4) Clamscan --yara-signatures=no
Will there be an option like the above to disable Yara sigs
5) Will there be an option to *on
Couple of pre-coffee questions...
1)
>From what I can tell Yara signature names will be generated based on
the yara rule name provided...
eg:
testname.yara:
rule Sanesecurity.test
{
strings:
$match1 = "test"
$ignore1 = "this1"
$ignore2 = "this2"
condition:
$match1 and not ($ignore1 or $ignore2
