So I've got quite a few rules, but it all comes down to this:
include "./rules/global.yar"
include "./rules/misc.yar"
The global.yar file contains
global rule fileSizeLimit { condition: filesize < 8MB }
Any rule defined in rules/misc.yar are matched regardless of file size,
but this is no
wxs@wxs-mbp yara %
>
> When you say regardless of file size are you sure you're above the 8MB?
> Keep in mind that 8MB is 8 * 1048576, which is 8388608.
>
> -- WXS
>
> > On Jul 28, 2017, at 7:01 AM, necrophcodr > wrote:
> >
> > So I've got quite
ails.
Note that this requires an actually large file that contains newlines.
Doing `dd if=/dev/zero bs=4M count=250 of=file.bin` and scanning that won't
yield usable results.
Den onsdag den 16. august 2017 kl. 11.43.17 UTC+2 skrev necrophcodr:
>
> Hi Wesley,
>
> Sorry for
e disregard this message.
>
> Best Regards,
> Jonas Andradas.
>
> On Wed, Aug 16, 2017 at 11:51 AM, necrophcodr > wrote:
>
>> Alright, so I've returned with a result:
>>
>> If I have `~/inc.yar` with the following content:
>>
>> ``
act YARA rules and the file you are
> scanning.
>
> -- WXS
>
> > On Aug 16, 2017, at 5:51 AM, necrophcodr > wrote:
> >
> > Alright, so I've returned with a result:
> >
> > If I have `~/inc.yar` with the following content:
> >
> >
orsdag den 17. august 2017 kl. 12.24.11 UTC+2 skrev necrophcodr:
>
> I'm afraid I cannot post the exact files. I'll create a working
> environment that replicates all the variables required, and I'll post it
> here when I've gotten this done.
>
> Den onsdag
— WXS
>
> On Thu, Aug 17, 2017 at 6:49 AM necrophcodr > wrote:
>
>> Alright, I've solved the issue:
>>
>> Albeit this is synthetic, running
>>
>> ```
>> for f in $(seq 0 100); do printf "\n\n\n\n\n\n\n\n\n\n" >> text.txt;
>
