Filename is not something YARA knows about, nor should it IMO. The filename is a property of the filesystem upon which the file resides, and has no bearing on the content of the file. If you want to use filename in your rule you have to pass it in as an external variable. Check out https://github.com/VirusTotal/yara/issues/202 for more details.
-- WXS > On Nov 12, 2018, at 7:21 AM, Michael Herren <mherre...@gmail.com> wrote: > > Hello > > Please be gentle with me. I am new to YARA and the writting of such rules. I > am planning to write a set of YARA rules each describing an IOC. A very > simple IOC is the existence of a certain file. I was search the net for a > rule which check if a file with a certain name does exist. But all examples I > found do not work on my computer. This could be based on my lack of knowledge > or the fact that such a function is not existing. > > Can anyone please help? > > Kind Regards > Michael > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
