Got it :) Thank you, that makes sense now.
On Tuesday, 11 August 2020 11:14:55 UTC+10, Wesley Shields wrote: > > Well, assuming you put the rules in c:\Temp\yarfile.yar, no. If you didn't > put that file there or can't explain why it's there, then it is a positive > match you need to investigate. > > -- WXS > > On Aug 10, 2020, at 9:12 PM, Michael Fry <micha...@gmail.com <javascript:>> > wrote: > > So does that mean it is a positive for something being detected? > > On Tuesday, 11 August 2020 10:41:48 UTC+10, Wesley Shields wrote: >> >> The format is <rule name> <matching file path>. >> >> In your case, YARA matched two rules on the file c:\Temp\yarfile.yar >> >> -- WXS >> >> On Aug 10, 2020, at 8:33 PM, Michael Fry <micha...@gmail.com> wrote: >> >> Hi All, >> >> So I have recently been asked to use Yara to scan some servers for some >> IOCs and I am using the command line version. >> >> The yar file was provided to me. >> >> I am struggling to find anything anywhere that outlines interpretting the >> log file. For example, if I have the below, is this indicating a type of >> scan using a particular yar file? Or is it indicating that it has found >> something? >> >> webshell_embedded_jscript_evaluator c:\\Temp\yarfile.yar >> webshell_jscript_eval c:\\Temp\yarfile.yar >> >> Thanks >> Michael >> >> -- >> You received this message because you are subscribed to the Google Groups >> "YARA" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to yara-p...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com >> >> <https://groups.google.com/d/msgid/yara-project/fca76a39-121e-476d-a597-9f4d3ea18cado%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-p...@googlegroups.com <javascript:>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/348a4407-a2b3-4d18-853d-2f7da33827dco%40googlegroups.com > > <https://groups.google.com/d/msgid/yara-project/348a4407-a2b3-4d18-853d-2f7da33827dco%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/83df1577-8e82-4365-8f7b-7a6e524b38a0o%40googlegroups.com.
