It is generally not a good idea to do that, file names are a property of the filesystem and not of the file. If you really must you could use an external variable and pass it in. There is documentation on how to do that.
You can use the magic module or write your own magic identifiers in you rules to identify file types. -- WXS > On Nov 1, 2015, at 2:36 PM, [email protected] wrote: > > Can anyone tell me if there is an operator or some other way to create a Yara > rule that will allow me to check a file's extension i.e. .doc, .exe? I am > unable to find something like this in the documentation. > > Thanks > > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
