I guess you are trying to match a rule within another rule, right? If so,
you just need to use its name under "condition":
rule rule_a
{
strings:
$a = "a"
condition:
$a
}
rule rule_ab
{
strings:
$b = "b"
condition:
rule_a and $b
}
You may want to set your "a"
I have a rule that starts with:
rule Accept: This function is used to listen for incoming connections. This
function indicates that the program will listen for incoming connections on
a socket. It is mostly used by malware to communicate with their Command
and Communication server.
{
strings:
